File name:

Hyper Tweaks Master Pack.zip

Full analysis: https://app.any.run/tasks/2c58d9ef-110e-4287-a56b-5f3cec615425
Verdict: Malicious activity
Analysis date: June 30, 2023, 13:36:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

EA9764A83951A28442AC196036D2539C

SHA1:

E01AD89433CF19738ADB7126A5556DB105C48B06

SHA256:

F68108593F8AD32D28D214E22BBA4CBC2395975F9D54E63C2E7775FB885BCB3B

SSDEEP:

98304:B24OUljZMZzpr2LBNljZMZzpkS+ffNs+ff3:B2ajCZzpr2hjCZzpkSCfNsCf3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file the system directory

      • TrustedInstaller.exe (PID: 2016)
      • cmd.exe (PID: 3332)

    • UAC/LUA settings modification

      • reg.exe (PID: 3408)

    • Disables Windows Defender

      • reg.exe (PID: 3636)

    • The DLL Hijacking

      • DismHost.exe (PID: 1956)
      • DismHost.exe (PID: 2400)
      • DismHost.exe (PID: 3728)
      • DismHost.exe (PID: 868)
      • DismHost.exe (PID: 3192)

    • Loads dropped or rewritten executable

      • Dism.exe (PID: 3556)
      • DismHost.exe (PID: 1956)
      • Dism.exe (PID: 3212)
      • Dism.exe (PID: 1476)
      • Dism.exe (PID: 3512)
      • Dism.exe (PID: 2536)
      • DismHost.exe (PID: 3192)
      • TrustedInstaller.exe (PID: 2016)
      • DismHost.exe (PID: 2400)
      • DismHost.exe (PID: 3728)
      • DismHost.exe (PID: 868)

    • Application was dropped or rewritten from another process

      • DismHost.exe (PID: 1956)
      • DismHost.exe (PID: 2400)
      • DismHost.exe (PID: 3728)
      • DismHost.exe (PID: 868)
      • DismHost.exe (PID: 3192)

    • Creates or modifies Windows services

      • reg.exe (PID: 3856)
      • reg.exe (PID: 940)

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 3332)

    • Modifies hosts file to block updates

      • cmd.exe (PID: 3332)

  • SUSPICIOUS

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 2940)
      • cmd.exe (PID: 3332)

    • Using PowerShell to operate with local accounts

      • powershell.exe (PID: 2708)
      • powershell.exe (PID: 3976)
      • powershell.exe (PID: 4020)
      • powershell.exe (PID: 1092)
      • powershell.exe (PID: 2096)
      • powershell.exe (PID: 1232)
      • powershell.exe (PID: 2344)
      • powershell.exe (PID: 2584)
      • powershell.exe (PID: 1604)
      • powershell.exe (PID: 3288)
      • powershell.exe (PID: 1816)
      • powershell.exe (PID: 116)
      • powershell.exe (PID: 3128)
      • powershell.exe (PID: 3628)
      • powershell.exe (PID: 3604)
      • powershell.exe (PID: 1228)
      • powershell.exe (PID: 2736)
      • powershell.exe (PID: 3608)
      • powershell.exe (PID: 2820)
      • powershell.exe (PID: 1580)
      • powershell.exe (PID: 4060)
      • powershell.exe (PID: 4024)
      • powershell.exe (PID: 2860)
      • powershell.exe (PID: 2252)
      • powershell.exe (PID: 3916)
      • powershell.exe (PID: 3204)
      • powershell.exe (PID: 3192)
      • powershell.exe (PID: 1428)
      • powershell.exe (PID: 2680)

    • Application launched itself

      • cmd.exe (PID: 1924)
      • cmd.exe (PID: 3332)

    • Reads the Internet Settings

      • powershell.exe (PID: 2708)
      • cmd.exe (PID: 2076)
      • wscript.exe (PID: 3116)
      • powershell.exe (PID: 3976)
      • powershell.exe (PID: 4020)
      • powershell.exe (PID: 1092)
      • WMIC.exe (PID: 1228)
      • WMIC.exe (PID: 2400)
      • WMIC.exe (PID: 3132)
      • WMIC.exe (PID: 1024)
      • powershell.exe (PID: 2344)
      • WMIC.exe (PID: 2724)
      • powershell.exe (PID: 1232)
      • powershell.exe (PID: 2096)
      • powershell.exe (PID: 1604)
      • powershell.exe (PID: 2584)
      • powershell.exe (PID: 3288)
      • powershell.exe (PID: 1816)
      • powershell.exe (PID: 116)
      • powershell.exe (PID: 3128)
      • powershell.exe (PID: 3604)
      • powershell.exe (PID: 3628)
      • powershell.exe (PID: 2736)
      • powershell.exe (PID: 1228)
      • powershell.exe (PID: 3608)
      • powershell.exe (PID: 3192)
      • powershell.exe (PID: 2820)
      • powershell.exe (PID: 1580)
      • powershell.exe (PID: 3916)
      • powershell.exe (PID: 2860)
      • powershell.exe (PID: 2252)
      • powershell.exe (PID: 3204)
      • powershell.exe (PID: 1428)
      • powershell.exe (PID: 4060)
      • powershell.exe (PID: 4024)
      • powershell.exe (PID: 2680)
      • WMIC.exe (PID: 2344)

    • Powershell scripting: start process

      • cmd.exe (PID: 2940)

    • The process executes VB scripts

      • cmd.exe (PID: 2076)

    • Uses ICACLS.EXE to modify access control lists

      • cmd.exe (PID: 2076)
      • cmd.exe (PID: 1924)

    • Executing commands from a ".bat" file

      • wscript.exe (PID: 3116)
      • powershell.exe (PID: 2708)

    • Uses WEVTUTIL.EXE to cleanup log

      • cmd.exe (PID: 1924)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3332)

    • Starts CMD.EXE for commands execution

      • powershell.exe (PID: 2708)
      • cmd.exe (PID: 3332)
      • wscript.exe (PID: 3116)
      • cmd.exe (PID: 1924)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3884)
      • cmd.exe (PID: 1968)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 2628)
      • cmd.exe (PID: 3332)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 1968)
      • cmd.exe (PID: 2436)
      • cmd.exe (PID: 2628)
      • cmd.exe (PID: 1648)
      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 3384)
      • cmd.exe (PID: 2092)
      • cmd.exe (PID: 3332)
      • cmd.exe (PID: 3416)
      • cmd.exe (PID: 2540)
      • cmd.exe (PID: 1892)
      • cmd.exe (PID: 2612)
      • cmd.exe (PID: 2212)
      • cmd.exe (PID: 2520)
      • cmd.exe (PID: 4000)
      • cmd.exe (PID: 2524)

    • Creates or modifies Windows services

      • reg.exe (PID: 2520)
      • reg.exe (PID: 3692)
      • reg.exe (PID: 1924)
      • reg.exe (PID: 2772)
      • reg.exe (PID: 2788)
      • reg.exe (PID: 2728)
      • reg.exe (PID: 2168)
      • reg.exe (PID: 2736)
      • reg.exe (PID: 3492)
      • reg.exe (PID: 1628)
      • reg.exe (PID: 2624)
      • reg.exe (PID: 3096)
      • reg.exe (PID: 1300)
      • reg.exe (PID: 1580)
      • reg.exe (PID: 2252)
      • reg.exe (PID: 3628)
      • reg.exe (PID: 2892)
      • reg.exe (PID: 2820)
      • reg.exe (PID: 2004)
      • reg.exe (PID: 2000)
      • reg.exe (PID: 3144)
      • reg.exe (PID: 3164)
      • reg.exe (PID: 3000)
      • reg.exe (PID: 3928)
      • reg.exe (PID: 952)
      • reg.exe (PID: 3724)
      • reg.exe (PID: 3748)
      • reg.exe (PID: 2500)
      • reg.exe (PID: 908)
      • reg.exe (PID: 1040)
      • reg.exe (PID: 3864)
      • reg.exe (PID: 1024)
      • reg.exe (PID: 1560)
      • reg.exe (PID: 2392)
      • reg.exe (PID: 3108)
      • reg.exe (PID: 1352)
      • reg.exe (PID: 3168)
      • reg.exe (PID: 2344)
      • reg.exe (PID: 1216)
      • reg.exe (PID: 1876)
      • reg.exe (PID: 1432)
      • reg.exe (PID: 1992)
      • reg.exe (PID: 868)
      • reg.exe (PID: 2824)
      • reg.exe (PID: 3524)
      • reg.exe (PID: 3444)
      • reg.exe (PID: 3900)
      • reg.exe (PID: 2780)
      • reg.exe (PID: 672)
      • reg.exe (PID: 2944)
      • reg.exe (PID: 3600)
      • reg.exe (PID: 536)
      • reg.exe (PID: 3156)
      • reg.exe (PID: 2580)
      • reg.exe (PID: 3808)
      • reg.exe (PID: 2084)
      • reg.exe (PID: 2040)
      • reg.exe (PID: 2804)
      • reg.exe (PID: 116)
      • reg.exe (PID: 2440)
      • reg.exe (PID: 1160)
      • reg.exe (PID: 3472)
      • reg.exe (PID: 1712)
      • reg.exe (PID: 2976)
      • reg.exe (PID: 2420)
      • reg.exe (PID: 2744)

    • Uses powercfg.exe to modify the power settings

      • cmd.exe (PID: 3332)

    • Executable content was dropped or overwritten

      • Dism.exe (PID: 3556)
      • Dism.exe (PID: 3212)
      • Dism.exe (PID: 1476)
      • Dism.exe (PID: 3512)
      • Dism.exe (PID: 2536)

    • The process creates files with name similar to system file names

      • Dism.exe (PID: 3556)
      • Dism.exe (PID: 3212)
      • Dism.exe (PID: 3512)
      • Dism.exe (PID: 1476)
      • Dism.exe (PID: 2536)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 3332)
      • cmd.exe (PID: 1648)
      • cmd.exe (PID: 3384)
      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 2092)
      • cmd.exe (PID: 3416)
      • cmd.exe (PID: 2520)

    • Uses WEVTUTIL.EXE to get a list of log names

      • cmd.exe (PID: 2376)

    • Uses WMIC.EXE

      • cmd.exe (PID: 2540)
      • cmd.exe (PID: 1892)
      • cmd.exe (PID: 2612)
      • cmd.exe (PID: 2212)
      • cmd.exe (PID: 4000)

    • Process uses powershell cmdlet to discover network configuration

      • cmd.exe (PID: 3332)

    • Uses WMIC.EXE to obtain desktop monitor information

      • cmd.exe (PID: 2524)

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 3332)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 3332)

    • Creates files in the driver directory

      • cmd.exe (PID: 3332)

  • INFO

    • Manual execution by a user

      • cmd.exe (PID: 2076)
      • cmd.exe (PID: 2940)
      • wmpnscfg.exe (PID: 2288)
      • cmd.exe (PID: 3340)
      • cmd.exe (PID: 2988)
      • wmpnscfg.exe (PID: 2780)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3336)

    • Checks supported languages

      • TrustedInstaller.exe (PID: 2016)
      • DismHost.exe (PID: 1956)
      • wmpnscfg.exe (PID: 2288)
      • DismHost.exe (PID: 2400)
      • DismHost.exe (PID: 3728)
      • DismHost.exe (PID: 868)
      • wmpnscfg.exe (PID: 2780)
      • DismHost.exe (PID: 3192)

    • Reads the computer name

      • TrustedInstaller.exe (PID: 2016)
      • DismHost.exe (PID: 1956)
      • wmpnscfg.exe (PID: 2288)
      • DismHost.exe (PID: 2400)
      • DismHost.exe (PID: 868)
      • DismHost.exe (PID: 3728)
      • wmpnscfg.exe (PID: 2780)
      • DismHost.exe (PID: 3192)

    • The process checks LSA protection

      • netsh.exe (PID: 1168)
      • TrustedInstaller.exe (PID: 2016)
      • netsh.exe (PID: 1232)
      • netsh.exe (PID: 3016)
      • netsh.exe (PID: 3340)
      • netsh.exe (PID: 1228)
      • netsh.exe (PID: 2380)
      • netsh.exe (PID: 3056)
      • netsh.exe (PID: 2056)
      • netsh.exe (PID: 3200)
      • Dism.exe (PID: 3556)
      • DismHost.exe (PID: 1956)
      • Dism.exe (PID: 3212)
      • DismHost.exe (PID: 2400)
      • Dism.exe (PID: 1476)
      • wmpnscfg.exe (PID: 2288)
      • DismHost.exe (PID: 3728)
      • Dism.exe (PID: 3512)
      • Dism.exe (PID: 2536)
      • DismHost.exe (PID: 868)
      • wmpnscfg.exe (PID: 2780)
      • DismHost.exe (PID: 3192)
      • netsh.exe (PID: 4060)
      • WMIC.exe (PID: 1228)
      • netsh.exe (PID: 924)
      • netsh.exe (PID: 3308)
      • netsh.exe (PID: 3116)
      • netsh.exe (PID: 1480)
      • netsh.exe (PID: 2612)
      • netsh.exe (PID: 2576)
      • netsh.exe (PID: 4024)
      • netsh.exe (PID: 780)
      • netsh.exe (PID: 2624)
      • netsh.exe (PID: 3352)
      • netsh.exe (PID: 3972)
      • netsh.exe (PID: 2248)
      • netsh.exe (PID: 2256)
      • netsh.exe (PID: 3328)
      • netsh.exe (PID: 3200)
      • netsh.exe (PID: 1756)
      • netsh.exe (PID: 3792)
      • netsh.exe (PID: 3596)
      • WMIC.exe (PID: 2400)
      • WMIC.exe (PID: 3132)
      • netsh.exe (PID: 3468)
      • netsh.exe (PID: 1352)
      • WMIC.exe (PID: 1024)
      • WMIC.exe (PID: 2724)
      • WMIC.exe (PID: 2344)
      • taskkill.exe (PID: 3552)
      • taskkill.exe (PID: 3876)

    • Reads the machine GUID from the registry

      • TrustedInstaller.exe (PID: 2016)
      • DismHost.exe (PID: 1956)
      • wmpnscfg.exe (PID: 2288)
      • DismHost.exe (PID: 2400)
      • DismHost.exe (PID: 3728)
      • DismHost.exe (PID: 868)
      • wmpnscfg.exe (PID: 2780)
      • DismHost.exe (PID: 3192)

    • Create files in a temporary directory

      • Dism.exe (PID: 3556)
      • Dism.exe (PID: 3212)
      • Dism.exe (PID: 1476)
      • Dism.exe (PID: 3512)
      • Dism.exe (PID: 2536)

    • Creates files in the program directory

      • cmd.exe (PID: 3332)

    • Reads mouse settings

      • reg.exe (PID: 1948)
      • reg.exe (PID: 952)
      • reg.exe (PID: 2716)
      • reg.exe (PID: 2428)
      • reg.exe (PID: 2924)
      • reg.exe (PID: 4076)
      • reg.exe (PID: 3700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Hyper Tweaks Master Pack/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2023:06:30 03:12:00
ZipCompression: Deflated
ZipBitFlag: 0x0808
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
1 513
Monitored processes
1 460
Malicious processes
18
Suspicious processes
5

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start winrar.exe cmd.exe no specs cacls.exe no specs wscript.exe no specs cmd.exe cacls.exe no specs cmd.exe no specs bcdedit.exe no specs wevtutil.exe no specs cmd.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs wevtutil.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe no specs cmd.exe sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs netsh.exe no specs cmd.exe no specs find.exe no specs cmd.exe no specs netsh.exe no specs findstr.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs netsh.exe no specs cmd.exe no specs findstr.exe no specs netsh.exe no specs findstr.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs rundll32.exe no specs netsh.exe no specs powershell.exe no specs reg.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powercfg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs dism.exe dismhost.exe wmpnscfg.exe no specs dism.exe dismhost.exe dism.exe dismhost.exe dism.exe dismhost.exe dism.exe wmpnscfg.exe no specs dismhost.exe trustedinstaller.exe no specs cmd.exe no specs reg.exe no specs findstr.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs reg.exe no specs findstr.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs cmd.exe no specs reg.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs netsh.exe no specs reg.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs wmic.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs wmic.exe no specs findstr.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs reg.exe no specs find.exe no specs cmd.exe no specs powercfg.exe no specs powercfg.exe no specs cmd.exe no specs find.exe no specs find.exe no specs cmd.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs bcdedit.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs schtasks.exe no specs schtasks.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs taskkill.exe no specs attrib.exe no specs reg.exe no specs taskkill.exe no specs reg.exe no specs fsutil.exe no specs choice.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116wevtutil.exe cl "Microsoft-Windows-Diagnostics-Performance/Diagnostic"C:\Windows\System32\wevtutil.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Eventing Command Line Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\wevtutil.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\gdi32.dll
116REG ADD "HKCU\SOFTWARE\Sysinternals\Process Explorer" /v "ShowCpuFractions" /t REG_DWORD /d "1" /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
116POWERSHELL Disable-NetAdapterPowerManagement -Name "*" -ErrorAction SilentlyContinueC:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
1
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
116REG ADD "HKLM\System\CurrentControlSet\Services\Volmgrx" /v "Start" /t REG_DWORD /d "4" /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
120findstr /L "VEN_"C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
120REG ADD "HKLM\System\CurrentControlSet\Services\UEFI" /v "Start" /t REG_DWORD /d "4" /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\reg.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
120REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Power" /v "DisableWriteCombining" /t REG_DWORD /d "1" /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
124REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ngen.exe\PerfOptions" /v "CpuPriorityClass" /t REG_DWORD /d "1" /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
124BCDEDIT /set allowedinmemorysettings 0x0 C:\Windows\System32\bcdedit.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Boot Configuration Data Editor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\bcdedit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
124REG ADD "HKLM\Software\Policies\Microsoft\Windows\System" /v "DisableHHDEP" /t REG_DWORD /d "1" /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
Total events
170 687
Read events
167 822
Write events
2 229
Delete events
636

Modification events

(PID) Process:(3336) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(3336) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
165
Suspicious files
65
Text files
63
Unknown types
0

Dropped files

PID
Process
Filename
Type
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\Clean files HYPER TWEAKS\Clean\Device Clean up\Device Clean up READ ME.txttext
MD5:6D35A8D49EA3A5BE7F46DE658C88D1C0
SHA256:0FE8C329FE702F988011CD471986F2C8F84F97EE6352C993F1E398B4959D33C9
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\Clean files HYPER TWEAKS\Clean\Device Clean up\DeviceCleanup.exeexecutable
MD5:F4E269A1089796E13AA541D3DD7569E2
SHA256:A15C92096837FEEC1D17EFF8D86585450BF41E2ED6AD09D79B525735A3C9F876
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\COOLING CPU TWEAKS\Cooling Tweaks GPU\Msi Afterburner\Fan Curve tweak.PNGimage
MD5:9E5702A85421569C7EFC4CD006077FCE
SHA256:47FE69DEC043C73FA71AB096445420CB08DC1A8BDD5F3ABD0C564B7AFFAD5A55
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\Clean files HYPER TWEAKS\Clean\13 Disk Cleanup (Clean Up System Files).lnkbinary
MD5:052EBE462113C605DC34896953098C6D
SHA256:9531896EEB920DD6382A79AECF2F86F6975EF5C06617617A5A1E8D039DBBF1D8
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\Clean files HYPER TWEAKS\Clean bat\Delete Log Files.battext
MD5:1A77A87536950F7B5BCE7A7A81A00486
SHA256:E1EF04BCFF94FD02A606A6AB267027D4E799F9510B3F8CEC32ED8DD32B5A6A88
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\Controller overclock\Tutorial.txttext
MD5:200010478540898461C6E80FC0EEFEC8
SHA256:3D7B1C4B4079511ABEC8EA7B22C90CA971AE533AE2FCEFE62700725509D4067E
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\Clean files HYPER TWEAKS\Clean\DeviceCleanup.initext
MD5:FFBF201CBC7423B9C6879516ADD1A09A
SHA256:17FE9B56CB79BFC615A72CAD7FAF87FCC12AD39BCB83BDF63681F61311E91704
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\FilterKeys MASTER TWEAKS\KEYBOARD TWEAKS\Settings.pngimage
MD5:A29C1859D0A4E735EFDC3430F71E1FE3
SHA256:D2D21A10F6B0BE4301C9BA418D6A4CC73A2410F0938EB2D9D5639243E5953E7B
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\FilterKeys MASTER TWEAKS\KEYBOARD TWEAKS\FilterKeysSetter.exeexecutable
MD5:154BE5241FCFD60A6D87D955DF5EFA6D
SHA256:08594A3E6DDF07D21F1F8392574ECEF0C80E2D8B18CFEA9F791EAF5977DF0CCB
3336WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3336.19689\Hyper Tweaks Master Pack\HYPER TWEAKS MASTER PACK\FilterKeys MASTER TWEAKS\KEYBOARD TWEAKS\READ.txttext
MD5:52A2E1F82D16124D04713E1FF5B5852A
SHA256:CB24FB44821DB41979143440D081DC45E2C2ACEE72C8C186CBC41FFB8EA283DA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
12
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2756
svchost.exe
239.255.255.250:1900
whitelisted
1076
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
Process
Message
Dism.exe
PID=3556 Instantiating the Provider Store. - CDISMImageSession::get_ProviderStore
Dism.exe
PID=3556 Initializing a provider store for the LOCAL session type. - CDISMProviderStore::Final_OnConnect
Dism.exe
PID=3556 Attempting to initialize the logger from the Image Session. - CDISMProviderStore::Final_OnConnect
Dism.exe
PID=3556 Provider has not previously been encountered. Attempting to initialize the provider. - CDISMProviderStore::Internal_GetProvider
Dism.exe
PID=3556 Loading Provider from location C:\Windows\System32\Dism\LogProvider.dll - CDISMProviderStore::Internal_GetProvider
Dism.exe
PID=3556 Connecting to the provider located at C:\Windows\System32\Dism\LogProvider.dll. - CDISMProviderStore::Internal_LoadProvider
Dism.exe
PID=3556 Getting Provider OSServices - CDISMProviderStore::GetProvider
Dism.exe
PID=3556 The requested provider was not found in the Provider Store. - CDISMProviderStore::Internal_GetProvider(hr:0x80004005)
Dism.exe
PID=3556 Failed to get an OSServices provider. Must be running in local store. Falling back to checking alongside the log provider for wdscore.dll. - CDISMLogger::FindWdsCore(hr:0x80004005)
DismHost.exe
PID=1956 Encountered a loaded provider DISMLogger. - CDISMProviderStore::Internal_DisconnectProvider
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Hyper Tweaks Master Pack.zip