Analysis
-
max time kernel
2700s -
max time network
2699s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
20-09-2023 16:32
General
-
Target
MBSetup (2).exe
-
Size
2.5MB
-
MD5
1e885823577394ea61ea89438ffe2954
-
SHA1
e53e96f7374790bdad8a614949b398b055c3a27b
-
SHA256
7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c
-
SHA512
73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627
-
SSDEEP
49152:Lw3ye9SPQ1sjDAVj+JeRanStQyfvE0Z3R0nxiIq2ddAsuysSiSF:4yeoCVj+c6KtQRq2ADSiSF
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
Downloads MZ/PE file
-
Drops file in Drivers directory 25 IoCs
-
Modifies AppInit DLL entries 2 TTPs
-
Modifies Installed Components in the registry 2 TTPs 5 IoCs
-
Modifies RDP port number used by Windows 1 TTPs
-
Possible privilege escalation attempt 64 IoCs
-
Sets service image path in registry 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Modifies file permissions 1 TTPs 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory 20 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 58 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 26 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 24 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: LoadsDriver 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\MBSetup (2).exe"C:\Users\Admin\AppData\Local\Temp\MBSetup (2).exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Checks BIOS information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa868f9758,0x7ffa868f9768,0x7ffa868f97783⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:23⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5100 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5572 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5880 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5816 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1840 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5600 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5192 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6948 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7144 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5452 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5148 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3500 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7084 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7088 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7236 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7320 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7544 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8040 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6272 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6264 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8160 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7500 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2724 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8620 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7000 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8504 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8484 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8196 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8304 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6628 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9048 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8940 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8948 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9192 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6296 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8424 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8120 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8908 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=8896 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9412 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8748 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9660 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7932 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9672 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8612 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8720 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8952 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=7000 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8512 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9728 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=3672 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6328 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10208 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10140 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6756 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2448 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9792 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2600 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9480 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9464 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Users\Admin\Downloads\Bonzify.exe"C:\Users\Admin\Downloads\Bonzify.exe"3⤵
- Drops file in Windows directory
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"4⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im AgentSvr.exe5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\takeown.exetakeown /r /d y /f C:\Windows\MsAgent5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\MsAgent /c /t /grant "everyone":(f)5⤵
- Possible privilege escalation attempt
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q4⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"5⤵
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver5⤵
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.19041.1_none_5170c1bc799e651e\AddInProcess.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.19041.1_none_5170c1bc799e651e\AddInProcess.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.19041.1_none_5170c1bc799e651e\AddInProcess.exe" /grant "everyone":(f)5⤵
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q4⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"5⤵
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver5⤵
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.19041.1_none_724c73dbde296e25\AddInUtil.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.19041.1_none_724c73dbde296e25\AddInUtil.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.19041.1_none_724c73dbde296e25\AddInUtil.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.19041.1_none_746453fd22521ba2\c2wtshost.exe"4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.19041.1_none_746453fd22521ba2\c2wtshost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.19041.1_none_746453fd22521ba2\c2wtshost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.19041.1_none_ac711518659a66a5\ComSvcConfig.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.19041.1_none_ac711518659a66a5\ComSvcConfig.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.19041.1_none_ac711518659a66a5\ComSvcConfig.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.19041.1_none_27a74d404373e881\DataSvcUtil.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.19041.1_none_27a74d404373e881\DataSvcUtil.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.19041.1_none_27a74d404373e881\DataSvcUtil.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.19041.1_none_26b5e44019fe7ae2\dfsvc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.19041.1_none_26b5e44019fe7ae2\dfsvc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.19041.1_none_26b5e44019fe7ae2\dfsvc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.19041.1_none_25aa820b9acb3357\EdmGen.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.19041.1_none_25aa820b9acb3357\EdmGen.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.19041.1_none_25aa820b9acb3357\EdmGen.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.19041.1_none_db0db48be3885975\VMImport.exe"4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.19041.1_none_db0db48be3885975\VMImport.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.19041.1_none_db0db48be3885975\VMImport.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.19041.1_none_3fc8ddfd98ad3137\IEExec.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.19041.1_none_3fc8ddfd98ad3137\IEExec.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.19041.1_none_3fc8ddfd98ad3137\IEExec.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.19041.1_none_7dc923aebe8d0c7f\InspectVhdDialog6.2.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.19041.1_none_7dc923aebe8d0c7f\InspectVhdDialog6.2.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.19041.1_none_7dc923aebe8d0c7f\InspectVhdDialog6.2.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.19041.1_none_7dca23f8be8c25d6\InspectVhdDialog6.3.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.19041.1_none_7dca23f8be8c25d6\InspectVhdDialog6.3.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.19041.1_none_7dca23f8be8c25d6\InspectVhdDialog6.3.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.19041.1_none_cc14df174755d4a1\InspectVhdDialog.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.19041.1_none_cc14df174755d4a1\InspectVhdDialog.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.19041.1_none_cc14df174755d4a1\InspectVhdDialog.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.19041.1_none_68bc95ae68779efe\jsc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.19041.1_none_68bc95ae68779efe\jsc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.19041.1_none_68bc95ae68779efe\jsc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\WmsDashboard.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\WmsDashboard.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\WmsDashboard.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_679d42cd97347ace\PresentationFontCache.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_679d42cd97347ace\PresentationFontCache.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_679d42cd97347ace\PresentationFontCache.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.19041.1_none_0bb55a3e8d066c16\ServiceModelReg.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.19041.1_none_0bb55a3e8d066c16\ServiceModelReg.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.19041.1_none_0bb55a3e8d066c16\ServiceModelReg.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19041.1_none_d342644de571beb4\SMSvcHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19041.1_none_d342644de571beb4\SMSvcHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19041.1_none_d342644de571beb4\SMSvcHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19200.110_none_30a09d63c4775424\SMSvcHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19200.110_none_30a09d63c4775424\SMSvcHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19200.110_none_30a09d63c4775424\SMSvcHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.19041.1_none_c9c647e748814b31\WsatConfig.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.19041.1_none_c9c647e748814b31\WsatConfig.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.19041.1_none_c9c647e748814b31\WsatConfig.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\0be59c4736e5d70107a200001815341f.appcmd.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\0be59c4736e5d70107a200001815341f.appcmd.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\0be59c4736e5d70107a200001815341f.appcmd.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\1ea4214236e5d7010e9700001815341f.hvsiproxyapp.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\1ea4214236e5d7010e9700001815341f.hvsiproxyapp.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\1ea4214236e5d7010e9700001815341f.hvsiproxyapp.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\36f22f4236e5d701239700001815341f.nfsclnt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\36f22f4236e5d701239700001815341f.nfsclnt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\36f22f4236e5d701239700001815341f.nfsclnt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\7deea44536e5d7012c9b00001815341f.InetMgr6.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\7deea44536e5d7012c9b00001815341f.InetMgr6.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\7deea44536e5d7012c9b00001815341f.InetMgr6.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\8e36994536e5d701189b00001815341f.iisreset.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\8e36994536e5d701189b00001815341f.iisreset.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\8e36994536e5d701189b00001815341f.iisreset.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\9714214736e5d7015ba100001815341f.adamsync.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\9714214736e5d7015ba100001815341f.adamsync.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\9714214736e5d7015ba100001815341f.adamsync.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\a267614236e5d701639700001815341f.UwfServicingSvc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\a267614236e5d701639700001815341f.UwfServicingSvc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\a267614236e5d701639700001815341f.UwfServicingSvc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\a30f994536e5d701169b00001815341f.aspnetca.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\a30f994536e5d701169b00001815341f.aspnetca.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\a30f994536e5d701169b00001815341f.aspnetca.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\a60e034236e5d701ed9600001815341f.ShellLauncherConfig.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\a60e034236e5d701ed9600001815341f.ShellLauncherConfig.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\a60e034236e5d701ed9600001815341f.ShellLauncherConfig.exe" /grant "everyone":(f)5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\aa9a364536e5d701869a00001815341f.inetinfo.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\aa9a364536e5d701869a00001815341f.inetinfo.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\aa9a364536e5d701869a00001815341f.inetinfo.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\ace9914536e5d7010a9b00001815341f.WMSvc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\ace9914536e5d7010a9b00001815341f.WMSvc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\ace9914536e5d7010a9b00001815341f.WMSvc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\ad40614236e5d701629700001815341f.UwfServicingShell.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\ad40614236e5d701629700001815341f.UwfServicingShell.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\ad40614236e5d701629700001815341f.UwfServicingShell.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701ea9600001815341f.eshell.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701ea9600001815341f.eshell.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701ea9600001815341f.eshell.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701eb9600001815341f.CustomShellHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701eb9600001815341f.CustomShellHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701eb9600001815341f.CustomShellHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\caae464736e5d7017ea100001815341f.InetMgr6.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\caae464736e5d7017ea100001815341f.InetMgr6.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\caae464736e5d7017ea100001815341f.InetMgr6.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\d0f48d4536e5d701029b00001815341f.InetMgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\d0f48d4536e5d701029b00001815341f.InetMgr.exe"5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\d0f48d4536e5d701029b00001815341f.InetMgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\e374984536e5d701109b00001815341f.iisrstas.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\e374984536e5d701109b00001815341f.iisrstas.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\e374984536e5d701109b00001815341f.iisrstas.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\ea94772a36e5d701947000001815341f.tlsbln.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\ea94772a36e5d701947000001815341f.tlsbln.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\ea94772a36e5d701947000001815341f.tlsbln.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\f2329d4736e5d7010ba200001815341f.iissetup.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\f2329d4736e5d7010ba200001815341f.iissetup.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\f2329d4736e5d7010ba200001815341f.iissetup.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashPlayerApp.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashPlayerApp.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashPlayerApp.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashUtil_ActiveX.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashUtil_ActiveX.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashUtil_ActiveX.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashPlayerApp.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashPlayerApp.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashPlayerApp.exe" /grant "everyone":(f)5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashUtil_ActiveX.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashUtil_ActiveX.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashUtil_ActiveX.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15805.0_none_8e3bba60c5867c39\aspnet_regbrowsers.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15805.0_none_8e3bba60c5867c39\aspnet_regbrowsers.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15805.0_none_8e3bba60c5867c39\aspnet_regbrowsers.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_9d9ad2580504a573\aspnet_compiler.exe"4⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_d4adcbe768a8354a\aspnet_regsql.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_d4adcbe768a8354a\aspnet_regsql.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_d4adcbe768a8354a\aspnet_regsql.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.19041.1_none_1673c4173fbf2169\tar.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.19041.1_none_1673c4173fbf2169\tar.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.19041.1_none_1673c4173fbf2169\tar.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_f0aa60ae9c531752\CasPol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_f0aa60ae9c531752\CasPol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_f0aa60ae9c531752\CasPol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.19041.1_none_3eb167e4f0e920b5\curl.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.19041.1_none_3eb167e4f0e920b5\curl.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.19041.1_none_3eb167e4f0e920b5\curl.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_b53d8fdcd7716c78\eventvwr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_b53d8fdcd7716c78\eventvwr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_b53d8fdcd7716c78\eventvwr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15805.0_none_004b4e08cd94c339\InstallUtil.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15805.0_none_004b4e08cd94c339\InstallUtil.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15805.0_none_004b4e08cd94c339\InstallUtil.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15805.0_none_2ca7c9aa83eb3f88\jsc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15805.0_none_2ca7c9aa83eb3f88\jsc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15805.0_none_2ca7c9aa83eb3f88\jsc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\f\GameBarPresenceWriter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\f\GameBarPresenceWriter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\f\GameBarPresenceWriter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\GameBarPresenceWriter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\GameBarPresenceWriter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\GameBarPresenceWriter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\r\GameBarPresenceWriter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\r\GameBarPresenceWriter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\r\GameBarPresenceWriter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_c26c8624c595ae48\GameBarPresenceWriter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_c26c8624c595ae48\GameBarPresenceWriter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_c26c8624c595ae48\GameBarPresenceWriter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.1_none_4247919c34819e8e\pcaui.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.1_none_4247919c34819e8e\pcaui.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.1_none_4247919c34819e8e\pcaui.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\f\pcaui.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\f\pcaui.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\f\pcaui.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\pcaui.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\pcaui.exe"5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\pcaui.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\r\pcaui.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\r\pcaui.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\r\pcaui.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.1_none_9556bb9420781f39\sdbinst.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.1_none_9556bb9420781f39\sdbinst.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.1_none_9556bb9420781f39\sdbinst.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\f\sdbinst.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\f\sdbinst.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\f\sdbinst.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\r\sdbinst.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\r\sdbinst.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\r\sdbinst.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\sdbinst.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\sdbinst.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\sdbinst.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.1_none_c55149b3997ff9cd\SystemUWPLauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.1_none_c55149b3997ff9cd\SystemUWPLauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.1_none_c55149b3997ff9cd\SystemUWPLauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\f\SystemUWPLauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\f\SystemUWPLauncher.exe"5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\f\SystemUWPLauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\r\SystemUWPLauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\r\SystemUWPLauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\r\SystemUWPLauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\SystemUWPLauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\SystemUWPLauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\SystemUWPLauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.19041.1_none_a37f8905d149f29b\PackagedCWALauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.19041.1_none_a37f8905d149f29b\PackagedCWALauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.19041.1_none_a37f8905d149f29b\PackagedCWALauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_9b3749021eb80b64\psr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_9b3749021eb80b64\psr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_9b3749021eb80b64\psr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\ByteCodeGenerator.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\ByteCodeGenerator.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\ByteCodeGenerator.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\f\ByteCodeGenerator.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\f\ByteCodeGenerator.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\f\ByteCodeGenerator.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\r\ByteCodeGenerator.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\r\ByteCodeGenerator.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\r\ByteCodeGenerator.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1_none_a068a30a6853aaec\ByteCodeGenerator.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1_none_a068a30a6853aaec\ByteCodeGenerator.exe"5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1_none_a068a30a6853aaec\ByteCodeGenerator.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\agentactivationruntimestarter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\agentactivationruntimestarter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\agentactivationruntimestarter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\f\agentactivationruntimestarter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\f\agentactivationruntimestarter.exe"5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\f\agentactivationruntimestarter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\r\agentactivationruntimestarter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\r\agentactivationruntimestarter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\r\agentactivationruntimestarter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\agentactivationruntimestarter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\agentactivationruntimestarter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\agentactivationruntimestarter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_1894dc7dd8fa15c1\cacls.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_1894dc7dd8fa15c1\cacls.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_1894dc7dd8fa15c1\cacls.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\LaunchTM.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\LaunchTM.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\LaunchTM.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\Taskmgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\Taskmgr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\Taskmgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\LaunchTM.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\LaunchTM.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\LaunchTM.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\LaunchTM.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\LaunchTM.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\LaunchTM.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\Taskmgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\Taskmgr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\Taskmgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\Taskmgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\Taskmgr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\Taskmgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\LaunchTM.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\LaunchTM.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\LaunchTM.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\Taskmgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\Taskmgr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\Taskmgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\appidtel.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\appidtel.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\appidtel.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\f\appidtel.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\f\appidtel.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\f\appidtel.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\r\appidtel.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\r\appidtel.exe"5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\r\appidtel.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1_none_ef1691668a233417\appidtel.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1_none_ef1691668a233417\appidtel.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1_none_ef1691668a233417\appidtel.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\f\mavinject.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\f\mavinject.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\f\mavinject.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\mavinject.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\mavinject.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\mavinject.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\r\mavinject.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\r\mavinject.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\r\mavinject.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.264_none_9b70177c85a8df54\mavinject.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.264_none_9b70177c85a8df54\mavinject.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.264_none_9b70177c85a8df54\mavinject.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\AtBroker.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\AtBroker.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\AtBroker.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\f\AtBroker.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\f\AtBroker.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\f\AtBroker.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\r\AtBroker.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\r\AtBroker.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\r\AtBroker.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8fe667a6f213806a\AtBroker.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8fe667a6f213806a\AtBroker.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8fe667a6f213806a\AtBroker.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.19041.1_none_72d3d2875ff2c886\attrib.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.19041.1_none_72d3d2875ff2c886\attrib.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.19041.1_none_72d3d2875ff2c886\attrib.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.19041.1_none_0d475c3f57a2ce2b\at.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.19041.1_none_0d475c3f57a2ce2b\at.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.19041.1_none_0d475c3f57a2ce2b\at.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\f\SpatialAudioLicenseSrv.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\f\SpatialAudioLicenseSrv.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\f\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\r\SpatialAudioLicenseSrv.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\r\SpatialAudioLicenseSrv.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\r\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\SpatialAudioLicenseSrv.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\SpatialAudioLicenseSrv.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_36e57bfcb85e0850\SpatialAudioLicenseSrv.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_36e57bfcb85e0850\SpatialAudioLicenseSrv.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_36e57bfcb85e0850\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_866e293cdb38481a\SndVol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_866e293cdb38481a\SndVol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_866e293cdb38481a\SndVol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\f\SndVol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\f\SndVol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\f\SndVol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\r\SndVol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\r\SndVol.exe"5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\r\SndVol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\SndVol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\SndVol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\SndVol.exe" /grant "everyone":(f)5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_d908336e5b82be3e\chkntfs.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_d908336e5b82be3e\chkntfs.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_d908336e5b82be3e\chkntfs.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\autochk.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\autochk.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\autochk.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\f\autochk.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\f\autochk.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\f\autochk.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\r\autochk.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\r\autochk.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\r\autochk.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_a239a51f957f6b65\autochk.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_a239a51f957f6b65\autochk.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_a239a51f957f6b65\autochk.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\autofmt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\autofmt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\autofmt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\f\autofmt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\f\autofmt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\f\autofmt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\r\autofmt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\r\autofmt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\r\autofmt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1_none_a639f4b392ec604e\autofmt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1_none_a639f4b392ec604e\autofmt.exe"5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1_none_a639f4b392ec604e\autofmt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.1_none_313898283cd914f7\backgroundTaskHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.1_none_313898283cd914f7\backgroundTaskHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.1_none_313898283cd914f7\backgroundTaskHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\backgroundTaskHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\backgroundTaskHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\backgroundTaskHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\f\backgroundTaskHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\f\backgroundTaskHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\f\backgroundTaskHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\r\backgroundTaskHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\r\backgroundTaskHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\r\backgroundTaskHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\f\memtest.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\f\memtest.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\f\memtest.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\memtest.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\memtest.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\memtest.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\r\memtest.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\r\memtest.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\r\memtest.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_0d5748d7e02a5474\bitsadmin.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_0d5748d7e02a5474\bitsadmin.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_0d5748d7e02a5474\bitsadmin.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bootconfig_31bf3856ad364e35_10.0.19041.1_none_cc5c34dfee065cea\bootcfg.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bootconfig_31bf3856ad364e35_10.0.19041.1_none_cc5c34dfee065cea\bootcfg.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bootconfig_31bf3856ad364e35_10.0.19041.1_none_cc5c34dfee065cea\bootcfg.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\bthudtask.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\bthudtask.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\bthudtask.exe" /grant "everyone":(f)5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\fsquirt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\fsquirt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\fsquirt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\bthudtask.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\bthudtask.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\bthudtask.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\fsquirt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\fsquirt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\fsquirt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.19041.1_none_aa4f3617632d6024\comrepl.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.19041.1_none_aa4f3617632d6024\comrepl.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.19041.1_none_aa4f3617632d6024\comrepl.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.19041.1_none_ed965939376efbbf\MigRegDB.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.19041.1_none_ed965939376efbbf\MigRegDB.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.19041.1_none_ed965939376efbbf\MigRegDB.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.19041.1_none_6a03b910ee7a4073\calc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.19041.1_none_6a03b910ee7a4073\calc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.19041.1_none_6a03b910ee7a4073\calc.exe" /grant "everyone":(f)5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.19041.1_none_28564b59eb268cda\certreq.exe"4⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8924 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7788 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8916 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8728 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10260 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:83⤵
-
C:\Users\Admin\Downloads\Bonzify (1).exe"C:\Users\Admin\Downloads\Bonzify (1).exe"3⤵
- Drops file in Windows directory
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"4⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im AgentSvr.exe5⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\takeown.exetakeown /r /d y /f C:\Windows\MsAgent5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\MsAgent /c /t /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.19041.1_none_5170c1bc799e651e\AddInProcess.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.19041.1_none_5170c1bc799e651e\AddInProcess.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.19041.1_none_5170c1bc799e651e\AddInProcess.exe" /grant "everyone":(f)5⤵
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q4⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"5⤵
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver5⤵
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o5⤵
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q4⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"5⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"5⤵
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver5⤵
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.19041.1_none_724c73dbde296e25\AddInUtil.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.19041.1_none_724c73dbde296e25\AddInUtil.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.19041.1_none_724c73dbde296e25\AddInUtil.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.19041.1_none_746453fd22521ba2\c2wtshost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.19041.1_none_746453fd22521ba2\c2wtshost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.19041.1_none_746453fd22521ba2\c2wtshost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.19041.1_none_ac711518659a66a5\ComSvcConfig.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.19041.1_none_ac711518659a66a5\ComSvcConfig.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.19041.1_none_ac711518659a66a5\ComSvcConfig.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.19041.1_none_27a74d404373e881\DataSvcUtil.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.19041.1_none_27a74d404373e881\DataSvcUtil.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.19041.1_none_27a74d404373e881\DataSvcUtil.exe" /grant "everyone":(f)5⤵
- Modifies registry class
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.19041.1_none_26b5e44019fe7ae2\dfsvc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.19041.1_none_26b5e44019fe7ae2\dfsvc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.19041.1_none_26b5e44019fe7ae2\dfsvc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.19041.1_none_25aa820b9acb3357\EdmGen.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.19041.1_none_25aa820b9acb3357\EdmGen.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.19041.1_none_25aa820b9acb3357\EdmGen.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.19041.1_none_8d387dde0a6c6d14\VMCreate.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.19041.1_none_db0db48be3885975\VMImport.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.19041.1_none_db0db48be3885975\VMImport.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.19041.1_none_db0db48be3885975\VMImport.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.19041.1_none_3fc8ddfd98ad3137\IEExec.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.19041.1_none_3fc8ddfd98ad3137\IEExec.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.19041.1_none_3fc8ddfd98ad3137\IEExec.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.19041.1_none_7dc923aebe8d0c7f\InspectVhdDialog6.2.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.19041.1_none_7dc923aebe8d0c7f\InspectVhdDialog6.2.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.19041.1_none_7dc923aebe8d0c7f\InspectVhdDialog6.2.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.19041.1_none_7dca23f8be8c25d6\InspectVhdDialog6.3.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.19041.1_none_7dca23f8be8c25d6\InspectVhdDialog6.3.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.19041.1_none_7dca23f8be8c25d6\InspectVhdDialog6.3.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.19041.1_none_cc14df174755d4a1\InspectVhdDialog.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.19041.1_none_cc14df174755d4a1\InspectVhdDialog.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.19041.1_none_cc14df174755d4a1\InspectVhdDialog.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.19041.1_none_68bc95ae68779efe\jsc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.19041.1_none_68bc95ae68779efe\jsc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.19041.1_none_68bc95ae68779efe\jsc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\WmsDashboard.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\WmsDashboard.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.19041.1_none_061d84508b376f80\WmsDashboard.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_679d42cd97347ace\PresentationFontCache.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_679d42cd97347ace\PresentationFontCache.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.19041.1_none_679d42cd97347ace\PresentationFontCache.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.19041.1_none_0bb55a3e8d066c16\ServiceModelReg.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.19041.1_none_0bb55a3e8d066c16\ServiceModelReg.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.19041.1_none_0bb55a3e8d066c16\ServiceModelReg.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19041.1_none_d342644de571beb4\SMSvcHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19041.1_none_d342644de571beb4\SMSvcHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19041.1_none_d342644de571beb4\SMSvcHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19200.110_none_30a09d63c4775424\SMSvcHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19200.110_none_30a09d63c4775424\SMSvcHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.19200.110_none_30a09d63c4775424\SMSvcHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.19041.1_none_c9c647e748814b31\WsatConfig.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.19041.1_none_c9c647e748814b31\WsatConfig.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.19041.1_none_c9c647e748814b31\WsatConfig.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\0be59c4736e5d70107a200001815341f.appcmd.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\0be59c4736e5d70107a200001815341f.appcmd.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\0be59c4736e5d70107a200001815341f.appcmd.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\1ea4214236e5d7010e9700001815341f.hvsiproxyapp.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\1ea4214236e5d7010e9700001815341f.hvsiproxyapp.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\1ea4214236e5d7010e9700001815341f.hvsiproxyapp.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\36f22f4236e5d701239700001815341f.nfsclnt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\36f22f4236e5d701239700001815341f.nfsclnt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\36f22f4236e5d701239700001815341f.nfsclnt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\7deea44536e5d7012c9b00001815341f.InetMgr6.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\7deea44536e5d7012c9b00001815341f.InetMgr6.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\7deea44536e5d7012c9b00001815341f.InetMgr6.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\8e36994536e5d701189b00001815341f.iisreset.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\8e36994536e5d701189b00001815341f.iisreset.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\8e36994536e5d701189b00001815341f.iisreset.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\9714214736e5d7015ba100001815341f.adamsync.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\9714214736e5d7015ba100001815341f.adamsync.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\9714214736e5d7015ba100001815341f.adamsync.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\a267614236e5d701639700001815341f.UwfServicingSvc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\a267614236e5d701639700001815341f.UwfServicingSvc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\a267614236e5d701639700001815341f.UwfServicingSvc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\a30f994536e5d701169b00001815341f.aspnetca.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\a30f994536e5d701169b00001815341f.aspnetca.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\a30f994536e5d701169b00001815341f.aspnetca.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\a60e034236e5d701ed9600001815341f.ShellLauncherConfig.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\a60e034236e5d701ed9600001815341f.ShellLauncherConfig.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\a60e034236e5d701ed9600001815341f.ShellLauncherConfig.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\aa9a364536e5d701869a00001815341f.inetinfo.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\aa9a364536e5d701869a00001815341f.inetinfo.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\aa9a364536e5d701869a00001815341f.inetinfo.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\ace9914536e5d7010a9b00001815341f.WMSvc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\ace9914536e5d7010a9b00001815341f.WMSvc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\ace9914536e5d7010a9b00001815341f.WMSvc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\ad40614236e5d701629700001815341f.UwfServicingShell.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\ad40614236e5d701629700001815341f.UwfServicingShell.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\ad40614236e5d701629700001815341f.UwfServicingShell.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701ea9600001815341f.eshell.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701ea9600001815341f.eshell.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701ea9600001815341f.eshell.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701eb9600001815341f.CustomShellHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701eb9600001815341f.CustomShellHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\b6c0024236e5d701eb9600001815341f.CustomShellHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\caae464736e5d7017ea100001815341f.InetMgr6.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\caae464736e5d7017ea100001815341f.InetMgr6.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\caae464736e5d7017ea100001815341f.InetMgr6.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\d0f48d4536e5d701029b00001815341f.InetMgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\d0f48d4536e5d701029b00001815341f.InetMgr.exe"5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\d0f48d4536e5d701029b00001815341f.InetMgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\e374984536e5d701109b00001815341f.iisrstas.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\e374984536e5d701109b00001815341f.iisrstas.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\e374984536e5d701109b00001815341f.iisrstas.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\ea94772a36e5d701947000001815341f.tlsbln.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\ea94772a36e5d701947000001815341f.tlsbln.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\ea94772a36e5d701947000001815341f.tlsbln.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\f2329d4736e5d7010ba200001815341f.iissetup.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\f2329d4736e5d7010ba200001815341f.iissetup.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\Temp\PendingDeletes\f2329d4736e5d7010ba200001815341f.iissetup.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashPlayerApp.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashPlayerApp.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashPlayerApp.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashUtil_ActiveX.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashUtil_ActiveX.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.1_none_ebe59bdc3d4ddc3f\FlashUtil_ActiveX.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashPlayerApp.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashPlayerApp.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashPlayerApp.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashUtil_ActiveX.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashUtil_ActiveX.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_adobe-flash-for-windows_31bf3856ad364e35_10.0.19041.82_none_2dad4b68cbfd8794\FlashUtil_ActiveX.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_9d9ad2580504a573\aspnet_compiler.exe"4⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_9d9ad2580504a573\aspnet_compiler.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_9d9ad2580504a573\aspnet_compiler.exe"5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15805.0_none_8e3bba60c5867c39\aspnet_regbrowsers.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15805.0_none_8e3bba60c5867c39\aspnet_regbrowsers.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15805.0_none_8e3bba60c5867c39\aspnet_regbrowsers.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_d4adcbe768a8354a\aspnet_regsql.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_d4adcbe768a8354a\aspnet_regsql.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15805.0_none_d4adcbe768a8354a\aspnet_regsql.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.19041.1_none_1673c4173fbf2169\tar.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.19041.1_none_1673c4173fbf2169\tar.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.19041.1_none_1673c4173fbf2169\tar.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_f0aa60ae9c531752\CasPol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_f0aa60ae9c531752\CasPol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15805.0_none_f0aa60ae9c531752\CasPol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.19041.1_none_3eb167e4f0e920b5\curl.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.19041.1_none_3eb167e4f0e920b5\curl.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.19041.1_none_3eb167e4f0e920b5\curl.exe" /grant "everyone":(f)5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_b53d8fdcd7716c78\eventvwr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_b53d8fdcd7716c78\eventvwr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.19041.1_none_b53d8fdcd7716c78\eventvwr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15805.0_none_004b4e08cd94c339\InstallUtil.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15805.0_none_004b4e08cd94c339\InstallUtil.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15805.0_none_004b4e08cd94c339\InstallUtil.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15805.0_none_2ca7c9aa83eb3f88\jsc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15805.0_none_2ca7c9aa83eb3f88\jsc.exe"5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15805.0_none_2ca7c9aa83eb3f88\jsc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\f\GameBarPresenceWriter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\f\GameBarPresenceWriter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\f\GameBarPresenceWriter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\GameBarPresenceWriter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\GameBarPresenceWriter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\GameBarPresenceWriter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\r\GameBarPresenceWriter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\r\GameBarPresenceWriter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1202_none_813ba58adb6e7f68\r\GameBarPresenceWriter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_c26c8624c595ae48\GameBarPresenceWriter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_c26c8624c595ae48\GameBarPresenceWriter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.19041.1_none_c26c8624c595ae48\GameBarPresenceWriter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.1_none_4247919c34819e8e\pcaui.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.1_none_4247919c34819e8e\pcaui.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.1_none_4247919c34819e8e\pcaui.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\f\pcaui.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\f\pcaui.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\f\pcaui.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\pcaui.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\pcaui.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\pcaui.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\r\pcaui.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\r\pcaui.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.19041.928_none_6a67731cf3e151f2\r\pcaui.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.1_none_9556bb9420781f39\sdbinst.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.1_none_9556bb9420781f39\sdbinst.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.1_none_9556bb9420781f39\sdbinst.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\f\sdbinst.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\f\sdbinst.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\f\sdbinst.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\r\sdbinst.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\r\sdbinst.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\r\sdbinst.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\sdbinst.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\sdbinst.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.19041.928_none_bd769d14dfd7d29d\sdbinst.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.1_none_c55149b3997ff9cd\SystemUWPLauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.1_none_c55149b3997ff9cd\SystemUWPLauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.1_none_c55149b3997ff9cd\SystemUWPLauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\f\SystemUWPLauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\f\SystemUWPLauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\f\SystemUWPLauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\r\SystemUWPLauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\r\SystemUWPLauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\r\SystemUWPLauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\SystemUWPLauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\SystemUWPLauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.19041.746_none_ed5986fc58f1b817\SystemUWPLauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.19041.1_none_a37f8905d149f29b\PackagedCWALauncher.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.19041.1_none_a37f8905d149f29b\PackagedCWALauncher.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.19041.1_none_a37f8905d149f29b\PackagedCWALauncher.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_9b3749021eb80b64\psr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_9b3749021eb80b64\psr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.19041.1_none_9b3749021eb80b64\psr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\ByteCodeGenerator.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\ByteCodeGenerator.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\ByteCodeGenerator.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\f\ByteCodeGenerator.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\f\ByteCodeGenerator.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\f\ByteCodeGenerator.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\r\ByteCodeGenerator.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\r\ByteCodeGenerator.exe"5⤵
- Possible privilege escalation attempt
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1081_none_5f557b607e14f541\r\ByteCodeGenerator.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1_none_a068a30a6853aaec\ByteCodeGenerator.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1_none_a068a30a6853aaec\ByteCodeGenerator.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.19041.1_none_a068a30a6853aaec\ByteCodeGenerator.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\agentactivationruntimestarter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\agentactivationruntimestarter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\agentactivationruntimestarter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\f\agentactivationruntimestarter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\f\agentactivationruntimestarter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\f\agentactivationruntimestarter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\r\agentactivationruntimestarter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\r\agentactivationruntimestarter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_e20a2c618eea3856\r\agentactivationruntimestarter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\agentactivationruntimestarter.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\agentactivationruntimestarter.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.264_none_4b25f9be389a3a63\agentactivationruntimestarter.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_1894dc7dd8fa15c1\cacls.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_1894dc7dd8fa15c1\cacls.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.19041.1_none_1894dc7dd8fa15c1\cacls.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\LaunchTM.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\LaunchTM.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\LaunchTM.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\Taskmgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\Taskmgr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\f\Taskmgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\LaunchTM.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\LaunchTM.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\LaunchTM.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\LaunchTM.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\LaunchTM.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\LaunchTM.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\Taskmgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\Taskmgr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\r\Taskmgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\Taskmgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\Taskmgr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1202_none_2dfbb21bd5166adc\Taskmgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\LaunchTM.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\LaunchTM.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\LaunchTM.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\Taskmgr.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\Taskmgr.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.19041.1_none_6f2c92b5bf3d99bc\Taskmgr.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\appidtel.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\appidtel.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\appidtel.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\f\appidtel.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\f\appidtel.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\f\appidtel.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\r\appidtel.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\r\appidtel.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1081_none_ae0369bc9fe47e6c\r\appidtel.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1_none_ef1691668a233417\appidtel.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1_none_ef1691668a233417\appidtel.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.19041.1_none_ef1691668a233417\appidtel.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\f\mavinject.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\f\mavinject.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\f\mavinject.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\mavinject.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\mavinject.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\mavinject.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\r\mavinject.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\r\mavinject.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.1202_none_324ea383dbfddeb9\r\mavinject.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.264_none_9b70177c85a8df54\mavinject.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.264_none_9b70177c85a8df54\mavinject.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.19041.264_none_9b70177c85a8df54\mavinject.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\AtBroker.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\AtBroker.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\AtBroker.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\f\AtBroker.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\f\AtBroker.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\f\AtBroker.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\r\AtBroker.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\r\AtBroker.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1023_none_4ecd10b107da65f7\r\AtBroker.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8fe667a6f213806a\AtBroker.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8fe667a6f213806a\AtBroker.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.19041.1_none_8fe667a6f213806a\AtBroker.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.19041.1_none_72d3d2875ff2c886\attrib.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.19041.1_none_72d3d2875ff2c886\attrib.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.19041.1_none_72d3d2875ff2c886\attrib.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.19041.1_none_0d475c3f57a2ce2b\at.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.19041.1_none_0d475c3f57a2ce2b\at.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.19041.1_none_0d475c3f57a2ce2b\at.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\f\SpatialAudioLicenseSrv.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\f\SpatialAudioLicenseSrv.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\f\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\r\SpatialAudioLicenseSrv.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\r\SpatialAudioLicenseSrv.exe"5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\r\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\SpatialAudioLicenseSrv.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\SpatialAudioLicenseSrv.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1266_none_f5ba41fece31d7fe\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_36e57bfcb85e0850\SpatialAudioLicenseSrv.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_36e57bfcb85e0850\SpatialAudioLicenseSrv.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.19041.1_none_36e57bfcb85e0850\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_866e293cdb38481a\SndVol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_866e293cdb38481a\SndVol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.1_none_866e293cdb38481a\SndVol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\f\SndVol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\f\SndVol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\f\SndVol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\r\SndVol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\r\SndVol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\r\SndVol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\SndVol.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\SndVol.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.19041.964_none_ae5ec9e59abc05e6\SndVol.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_d908336e5b82be3e\chkntfs.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_d908336e5b82be3e\chkntfs.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.19041.1_none_d908336e5b82be3e\chkntfs.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\autochk.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\autochk.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\autochk.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\f\autochk.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\f\autochk.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\f\autochk.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\r\autochk.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\r\autochk.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1266_none_610e6b21ab533b13\r\autochk.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_a239a51f957f6b65\autochk.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_a239a51f957f6b65\autochk.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.19041.1_none_a239a51f957f6b65\autochk.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\autofmt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\autofmt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\autofmt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\f\autofmt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\f\autofmt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\f\autofmt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\r\autofmt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\r\autofmt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1266_none_650ebab5a8c02ffc\r\autofmt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1_none_a639f4b392ec604e\autofmt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1_none_a639f4b392ec604e\autofmt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-autofmt_31bf3856ad364e35_10.0.19041.1_none_a639f4b392ec604e\autofmt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.1_none_313898283cd914f7\backgroundTaskHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.1_none_313898283cd914f7\backgroundTaskHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.1_none_313898283cd914f7\backgroundTaskHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\backgroundTaskHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\backgroundTaskHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\backgroundTaskHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\f\backgroundTaskHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\f\backgroundTaskHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\f\backgroundTaskHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\r\backgroundTaskHost.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\r\backgroundTaskHost.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.19041.546_none_5940d1a4fc4ad8f3\r\backgroundTaskHost.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\f\memtest.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\f\memtest.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\f\memtest.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\memtest.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\memtest.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\memtest.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\r\memtest.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\r\memtest.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1202_none_574a25a5ee347454\r\memtest.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.19041.1_none_987b063fd85ba334\memtest.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_0d5748d7e02a5474\bitsadmin.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_0d5748d7e02a5474\bitsadmin.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.19041.1_none_0d5748d7e02a5474\bitsadmin.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bootconfig_31bf3856ad364e35_10.0.19041.1_none_cc5c34dfee065cea\bootcfg.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bootconfig_31bf3856ad364e35_10.0.19041.1_none_cc5c34dfee065cea\bootcfg.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bootconfig_31bf3856ad364e35_10.0.19041.1_none_cc5c34dfee065cea\bootcfg.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\bthudtask.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\bthudtask.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\bthudtask.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\fsquirt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\fsquirt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.1_none_255ef7c1a8ec5bf0\fsquirt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\bthudtask.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\bthudtask.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\bthudtask.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\fsquirt.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\fsquirt.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.19041.746_none_4d67350a685e1a3a\fsquirt.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.19041.1_none_aa4f3617632d6024\comrepl.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.19041.1_none_aa4f3617632d6024\comrepl.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.19041.1_none_aa4f3617632d6024\comrepl.exe" /grant "everyone":(f)5⤵
- Modifies file permissions
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.19041.1_none_ed965939376efbbf\MigRegDB.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.19041.1_none_ed965939376efbbf\MigRegDB.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.19041.1_none_ed965939376efbbf\MigRegDB.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.19041.1_none_6a03b910ee7a4073\calc.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.19041.1_none_6a03b910ee7a4073\calc.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.19041.1_none_6a03b910ee7a4073\calc.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.19041.1_none_28564b59eb268cda\certreq.exe"4⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.19041.1_none_28564b59eb268cda\certreq.exe"5⤵
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.19041.1_none_28564b59eb268cda\certreq.exe" /grant "everyone":(f)5⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.19041.1_none_75cabfc3071adb42\certutil.exe"4⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=8056 --field-trial-handle=1892,i,17790469153478926011,5712985924099428755,131072 /prefetch:13⤵
-
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"1⤵
- Drops file in Drivers directory
- Enumerates connected drives
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Checks BIOS information in registry
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-1.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-2.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-4.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-6.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-7.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-8.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-9.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-10.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-11.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-12.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-13.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-14.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-15.exeig.exe reseed2⤵
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-16.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-17.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-18.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-19.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-20.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-21.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-22.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-23.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-24.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-25.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-26.exeig.exe reseed2⤵
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-27.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-28.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-29.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-30.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-31.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-32.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-33.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-34.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-35.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-36.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-37.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-38.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-39.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-40.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-41.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-42.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-43.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-44.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-45.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-46.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-47.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-48.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-49.exeig.exe reseed2⤵
- Executes dropped EXE
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none2⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x498 0x45c1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\7b0b679ffbab4139ac42f8543bc3bc7f /t 0 /p 46001⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\msagent\AgentSvr.exeC:\Windows\msagent\AgentSvr.exe -Embedding1⤵
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_9d9ad2580504a573\aspnet_compiler.exe" /grant "everyone":(f)1⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15805.0_none_9d9ad2580504a573\aspnet_compiler.exe"1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
4Defense Evasion
File and Directory Permissions Modification
1Modify Registry
5Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dllFilesize
1.7MB
MD5461faf68ccc02b0223fd273b630f21fe
SHA1363b8beaa74f0f454c2d544ace9e71a84bc2b4cf
SHA256cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1
SHA5124b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dllFilesize
5.0MB
MD51eff53d95ecaf6bbfffe80d866d8e1dd
SHA1d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f
SHA2566dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac
SHA512c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dllFilesize
5.8MB
MD51ed53171d00f440f29a12f9beb84dac4
SHA14d9a1e3579b0999f1ab2fa818b588411e9ee920c
SHA256e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e
SHA51217161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dllFilesize
4.8MB
MD5a22f4dd3f75413faba618de10315540d
SHA1450a9abff68ffb922abaa0ba193ea4ffc983e92b
SHA25631d628b6c6c58d76dbd8071e155c9bfef575444d3ce7fa83c2a0c3a16e67e7ea
SHA512b34bec558e556dc8602717fc8b2601f18d02217551bcb1b3d7df7f9574f7ddf46a29dcfe043119f353e1e258fdc1e9a6db6d38ce8e5f3eda9fdb92216a31ccd6
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dllFilesize
4.4MB
MD549a840f316fe0e63dbbf8789eac84557
SHA1aa8eeb9f12b345f42eb04353201b53543cc7b952
SHA25656b3c7e59854dc2f7a33b88f42b98d164686cc92335cf5b77e8fd60cbb84c64c
SHA512ba1b9ce3910b94764f755f5ee2ae0ef6f2dee4cbea97dc261b0ebb7f510f8bcf40b6fecedd3115e35255268bddaea1eddea1952bdaff227eae2f50b40977bd71
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dllFilesize
6.4MB
MD5b2216df400c3ef59f9406831ba7956b5
SHA11e26588190fc8a608e773239d498ceb79a92fca3
SHA2561e429ee1da8a0fe6569673b7052c5f49c193aaa8f3152451f645539a431b792d
SHA5123aa3c9ed3bcaa0f2b7c4de36f7a83e35e8abf63c972c8e5377915bed41a803ae516cf8ef14e9c455043dd1ae46e4aec1820fa3572e65d0c87a99eac1d43d1f40
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dllFilesize
4.0MB
MD5efe6216931bca54ccf05a0bcb9f83fb9
SHA1007d0a3c4d850cd9b2886b24daf91c988d702bdd
SHA256eaf71519b965b9530e84be08bd3649fdb8feeeabb8dd2455be95755a336a44d6
SHA5127c59071b6ae8d0a2d6eedcb58f6a1337aa340275bf30baa121f515241aba822f6f7bbbc53b626f5f44c424af70aef3afc582a1a8a34d0b0adef115d0e8f684f4
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dllFilesize
4.4MB
MD57cf80cf9c1b9eced61792c17af5db7a8
SHA138ccd9e00badc2f3efc904e55a654be3c8f683bf
SHA2568c838fcd980d39c61a3e1b7dd93565a05041fbeea2ac3c759f10dbe82bf2a973
SHA512ca7c774b2dab671959f81056982b7e228e4c371a78afaa4e92dbebf2b519227e36e25ec60b4633383dd2d47dc9490ff9ac6740b80687cd8cd69a29a0e3d0ffcb
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exeFilesize
1.8MB
MD514cd82fe89752e3723a9b42aaa68763a
SHA1ea407d8d7064581406eb1b14e0f01cee61afb252
SHA25660e6029bdf3a2d88772bd4ec3aea6b688505e7dfcb76ce371d6942e9de95ce04
SHA51216114ff38a2e2cc59a9bbf420304fda8e558022f385748a5f48c02f037cbe815221a1cb4f0ac1deeb408ebf66ee3e25c059b157c7cc5cb169dbac75a73694fdc
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.datFilesize
74B
MD5818e0933720a11e666e366b73a3ed673
SHA114ed38e4cfaedb10d8002c3179775ee8967f0189
SHA25679c35a67497d687fea5f3d6733e0a55130d0e8b91b4da230d7bf1a7c8a6fc061
SHA5126d292e436e4ba09daefd9aa01ee7a32d9ad384e9a3f48c6556851f3f4e5dd2f26fc3dfad35bae918f49cfdb4a4d738e81fa098cd041e9a0b345e710105334ac8
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dllFilesize
528KB
MD5936021397e23fc913c55992ce9468913
SHA1d65af889a379f2982b1ebf29d83d2783b9aa0ded
SHA256ce7bdd309701942d97bd8cd3c2455a8d37d93b4d9ce4c14986703daf46fab7fb
SHA5124fb968bee32b5f2b5a5d1629ec2855dc0150ec6b753e83a457ec704350b1f219b5e1349a75ec41f94757d1ef2de9a020933f8e42566bf6123543b7709ecc3d74
-
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\version.datFilesize
47B
MD5702e16134861f0a53ff7ba313a5aed59
SHA1604c2e923058520e1c91d870fbe0f83644e0d42e
SHA2567b44e34bfb0e744fac5fd6e7dc4f99c19400d17a60d320059c08713319698820
SHA512fc5cbfa0a29b3ea5484c272b4b72462c8e056b0cf02b7d00b30c02a0250817f1b29c1eb124490a6f0763b96f14f3123e89f4e9a809dcafffd066928a373b4354
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nmFilesize
336KB
MD594c40df27363af21af7cfc966e6f7fd7
SHA114832f0f66d602c1d18c562ae0a819438b47aff5
SHA256626fa1c35fa6d8e82309d7f5a4af41488f56cb1afa1705a1dcfba467a9683912
SHA512f561d485202c5b4e8f3692c0bb8876df6cc3c2f6dcc6387cc0513cd9bdb6947cef77a18df782c758dc981c216423406e0c735a2b349954d4e849c9787bd89a64
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.srFilesize
16.4MB
MD50785cabe06ab7d45df58357acaa4b0d8
SHA1d5ec88ccddcf04625679bef5f0f101140ce27080
SHA256c8937e9e707da6c6ad3ac5fe21996cda003c5bed9c6c5abf857df3eb39f49cbb
SHA512f259b8b6d18ed93c1a579f2ead822d63d2e32310c829740288e90159e5a0980abe05ac61282a641ddcc5df9f53668d0c3d252df60a41be51620cfb4d978f179f
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.binFilesize
661B
MD58fd13803b1e5f14b4d241facc601a170
SHA17321eec794bc766d84d75bd0370a9f2e4d7abdf6
SHA256925d771b2643715b62ef720801dfa96047fff1ee70eabb244bed802234673717
SHA512f5b3514258487f8576fe32a795eefcffef049c7d002a6abdca17383bba838c7a218be23ec6803dcefed615f40afc2ba4b15bf65c9a74c4f6bb891d15d02bfc22
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdbFilesize
10KB
MD5a51c7bf3b782aeb7d410d9eea081e3cd
SHA16407d52481ae58fe3eaac0c6297d19f15db7c358
SHA256530b3b5d09a8c6f5fdd76c0b292d2ef57ed8a439d0176bc431b2ceec0bfcb3d0
SHA512cfaf0cc481c2e3fc185dd4923848fe175351d0465fe76528f0dee8f5bfbd0e8fe50f46de39d98a30c136f32ad341ddb7ab4a6875ed899d4435ba462b670e9001
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.datFilesize
924B
MD5f41041b917051b17165a317925f46c79
SHA185cb25cd13572da4b252c9cbb4610d03eb02ea2c
SHA256e8e9f4d6e8c0937ff817053e57d6d0906e4d70ff588ebe28ac4792e3af280a1b
SHA512133f3326227085fe6128e10623bc2b4beb4603e38e9766daf29e5cdaec55edb4d875224587a5b5439d18dcb48500b8ece8b777ebf1b47aff091e804cec241466
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.datFilesize
39KB
MD510f23e7c8c791b91c86cd966d67b7bc7
SHA13f596093b2bc33f7a2554818f8e41adbbd101961
SHA256008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA5122d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txtFilesize
23KB
MD5aef4eca7ee01bb1a146751c4d0510d2d
SHA15cf2273da41147126e5e1eabd3182f19304eea25
SHA2569e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.datFilesize
514B
MD59b979d91a112c75b841e07eff892f0aa
SHA11cf96fef681a584392816b7c21bf59d0afde111d
SHA256a18b440ba6798cf44352d503cc3c69b57e0bbb1ceaad5cbe3890399c7db59717
SHA512d1ccf7ae5de037c7d3a0063ec82766d6b06ab80b43021913142d1032a9b7d5f6e6c03a2970cc4082ab2b521424f2066d3690fb6c165adab99f11672f6d4b69e2
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdbFilesize
24B
MD5546d9e30eadad8b22f5b3ffa875144bf
SHA13b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA2566089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA5123478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdbFilesize
24B
MD52f7423ca7c6a0f1339980f3c8c7de9f8
SHA1102c77faa28885354cfe6725d987bc23bc7108ba
SHA256850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdbFilesize
8.6MB
MD566b994f9998ffd2b69aab92be8a98b74
SHA19ee35b80b72d82d1d67d84f4b11cca3ff6e16ff8
SHA256e1b81bf268515f851f854e8cae161f63d88374bb7ad9bf762aae5a76ce0b6b5b
SHA51204123b4139a989bf10754666e51d8dbff9e4efb76d38090eb9fd5bfc5c3b973d76a9da0e713481199d2d5ef7084ab580679c79eda069578da112eeb7893e72e1
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdbFilesize
1.0MB
MD55f9edc9cf5a49da84cf1c58354a11414
SHA119188e5a333cac88cd5c910eed9cfc3a9e529817
SHA2566dd4a65f79ba857bb611a5f021d9437636f71b054fcdfb432aba228e9dcb12fe
SHA512c551970a23e718285a533cea719acf2f990e73eb50d5484674ae070888cc70865dd2eb3389970d2bdbe8055531bf66ce7e862395da8b5b206675cd6cd5036eeb
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdbFilesize
176KB
MD5d67ca8d71fa7eebe82def5a956d5e08a
SHA1d5d71294901c18783f9a7d0da0b013241455bd62
SHA256033b5274d255b9766f0c5a5d8373d62922a693d4e227ee5c2703663028d2b8a4
SHA5120dd01a187eba41316c877715f342f2df079192d0cadccef906c6319b1cf1d589679cfadce74570d8b426d6f6279717ad950715f3921046595c9c643903c6e676
-
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdbFilesize
44.7MB
MD5483100509268d3c7f8faeb545351b989
SHA1c997a69d4e13fc87c02e59a6a43812fddd268c44
SHA25641da047736cd518b5e7cc3d5aa5519635ccd0bcc19aaa24ede7169bd9d514a5a
SHA512667d3d3eb1876a062f71abddce0f6007ff26fb215d064da9d7d7339b5e2baf713921322a087fdd7a6e203a41c5ca1b0157d9291f421281ad488e9bbc2602666f
-
C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dllFilesize
4.8MB
MD5a22f4dd3f75413faba618de10315540d
SHA1450a9abff68ffb922abaa0ba193ea4ffc983e92b
SHA25631d628b6c6c58d76dbd8071e155c9bfef575444d3ce7fa83c2a0c3a16e67e7ea
SHA512b34bec558e556dc8602717fc8b2601f18d02217551bcb1b3d7df7f9574f7ddf46a29dcfe043119f353e1e258fdc1e9a6db6d38ce8e5f3eda9fdb92216a31ccd6
-
C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dllFilesize
4.4MB
MD549a840f316fe0e63dbbf8789eac84557
SHA1aa8eeb9f12b345f42eb04353201b53543cc7b952
SHA25656b3c7e59854dc2f7a33b88f42b98d164686cc92335cf5b77e8fd60cbb84c64c
SHA512ba1b9ce3910b94764f755f5ee2ae0ef6f2dee4cbea97dc261b0ebb7f510f8bcf40b6fecedd3115e35255268bddaea1eddea1952bdaff227eae2f50b40977bd71
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exeFilesize
8.7MB
MD58bef3a6b497bbcf342ecab2c77de8eca
SHA1539e60105055106614821e7e073f777d07805e68
SHA256273c0ccc5bca9382b62c8478f56a8f33e83a745dda8a9553b4a560171b3772dd
SHA5122cc83be7bb01ad1fcd49db5fc69b6a51e8c486f45da5f7ba0bf322134a8a3d0fa3402a7c05b0e866da27f7234f7574be7cb46dca559aa4e3899879d501b2d046
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exeFilesize
8.7MB
MD58bef3a6b497bbcf342ecab2c77de8eca
SHA1539e60105055106614821e7e073f777d07805e68
SHA256273c0ccc5bca9382b62c8478f56a8f33e83a745dda8a9553b4a560171b3772dd
SHA5122cc83be7bb01ad1fcd49db5fc69b6a51e8c486f45da5f7ba0bf322134a8a3d0fa3402a7c05b0e866da27f7234f7574be7cb46dca559aa4e3899879d501b2d046
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exeFilesize
8.9MB
MD52d5f7e54f0678f45e8d07b4ab1f32a2e
SHA18db3e26e974b1098f8c9a7c7be8a770394d243cb
SHA25643676ff9573b8d29fb3f46c0e4381009eba37dec0ecb053aaec424e60a4eef29
SHA512ef7009d8269a29e1ce5e542ef9305dbe702b9778b13ba483b0efea01b19b013c899d3528154047f4fa13b2393972b0c091d2eab02eea0b252fc80d152d1d608c
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exeFilesize
8.9MB
MD52d5f7e54f0678f45e8d07b4ab1f32a2e
SHA18db3e26e974b1098f8c9a7c7be8a770394d243cb
SHA25643676ff9573b8d29fb3f46c0e4381009eba37dec0ecb053aaec424e60a4eef29
SHA512ef7009d8269a29e1ce5e542ef9305dbe702b9778b13ba483b0efea01b19b013c899d3528154047f4fa13b2393972b0c091d2eab02eea0b252fc80d152d1d608c
-
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exeFilesize
8.9MB
MD52d5f7e54f0678f45e8d07b4ab1f32a2e
SHA18db3e26e974b1098f8c9a7c7be8a770394d243cb
SHA25643676ff9573b8d29fb3f46c0e4381009eba37dec0ecb053aaec424e60a4eef29
SHA512ef7009d8269a29e1ce5e542ef9305dbe702b9778b13ba483b0efea01b19b013c899d3528154047f4fa13b2393972b0c091d2eab02eea0b252fc80d152d1d608c
-
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.catFilesize
10KB
MD560608328775d6acf03eaab38407e5b7c
SHA19f63644893517286753f63ad6d01bc8bfacf79b1
SHA2563ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA5129f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7
-
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.infFilesize
2KB
MD5c481ad4dd1d91860335787aa61177932
SHA181633414c5bf5832a8584fb0740bc09596b9b66d
SHA256793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830
-
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.sysFilesize
20KB
MD59e77c51e14fa9a323ee1635dc74ecc07
SHA1a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186
-
C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dllFilesize
4.0MB
MD5efe6216931bca54ccf05a0bcb9f83fb9
SHA1007d0a3c4d850cd9b2886b24daf91c988d702bdd
SHA256eaf71519b965b9530e84be08bd3649fdb8feeeabb8dd2455be95755a336a44d6
SHA5127c59071b6ae8d0a2d6eedcb58f6a1337aa340275bf30baa121f515241aba822f6f7bbbc53b626f5f44c424af70aef3afc582a1a8a34d0b0adef115d0e8f684f4
-
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.jsonFilesize
592B
MD5484d0206a4cf67b648438a897f37dd70
SHA17f2c33d34a9456c9b0e0d3cf6143a71a01f0fffa
SHA2563577d6b0bf3bb6c9557cefbcd2b5c0240ca4c323b10eb729d5a802468209793f
SHA5122ab1f6a8af3dbdb744fe1281af5891f7dac5a0f9dd46e16cec51ca644f702ee5ec1f9c9c5537efe3e55efc7e8b135e57bd3fbc7dcd6ae63776048be00d6db9d5
-
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.jsonFilesize
592B
MD5484d0206a4cf67b648438a897f37dd70
SHA17f2c33d34a9456c9b0e0d3cf6143a71a01f0fffa
SHA2563577d6b0bf3bb6c9557cefbcd2b5c0240ca4c323b10eb729d5a802468209793f
SHA5122ab1f6a8af3dbdb744fe1281af5891f7dac5a0f9dd46e16cec51ca644f702ee5ec1f9c9c5537efe3e55efc7e8b135e57bd3fbc7dcd6ae63776048be00d6db9d5
-
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.jsonFilesize
654B
MD5cdd1c83e70f455b0a3a5498f41a32933
SHA184aae7fb2ddab72c966bb7e49e3a732ac621fe69
SHA256ff1d2d18e95b0188468a0951823301b1e193c4104b1ba1267d62f745ecab1dd3
SHA51252c909c5089c680b876438d3cd7953affacd41f4248a097125b575f2a22b7e7b9bd24c739f457738c57d9c363ce52803b8baadb6316500d1f4901ae0ce7986d1
-
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bakFilesize
592B
MD5484d0206a4cf67b648438a897f37dd70
SHA17f2c33d34a9456c9b0e0d3cf6143a71a01f0fffa
SHA2563577d6b0bf3bb6c9557cefbcd2b5c0240ca4c323b10eb729d5a802468209793f
SHA5122ab1f6a8af3dbdb744fe1281af5891f7dac5a0f9dd46e16cec51ca644f702ee5ec1f9c9c5537efe3e55efc7e8b135e57bd3fbc7dcd6ae63776048be00d6db9d5
-
C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dllFilesize
4.4MB
MD57cf80cf9c1b9eced61792c17af5db7a8
SHA138ccd9e00badc2f3efc904e55a654be3c8f683bf
SHA2568c838fcd980d39c61a3e1b7dd93565a05041fbeea2ac3c759f10dbe82bf2a973
SHA512ca7c774b2dab671959f81056982b7e228e4c371a78afaa4e92dbebf2b519227e36e25ec60b4633383dd2d47dc9490ff9ac6740b80687cd8cd69a29a0e3d0ffcb
-
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.datFilesize
8B
MD5744835d3f789503e0e56814f21c47f34
SHA1220c0f8e94d6002f754febdcd19c96e9b3fea3ef
SHA256fbfe76f223c948958377a707aa41126a449639e43b0de63ba787d2f8912bf5fb
SHA512748822599275931f5394fe2db05ca7e51f9220fc7f104ea372198a6370469b680ef273adef7e09bb04be458e80f440e8c57067cee7afb62ccdd1f54576354f01
-
C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exeFilesize
3.8MB
MD563d54fe94ae4e44835d726056fb83f43
SHA1f2284e079ae50d7a5362876d7c16192d6cecdfac
SHA2568f2c2bf8c3b33876fb028be01f8215c9cb07e59abb4d20f5cdb21f380fcea406
SHA51258f8f28c3e861e3aa235128a2b7d9f4e2faf5d87f510906b4e192a3ac5762aedb35b23141a53f4f01e2b5316c61b00e4cd46433eee5badd29f70f029eea52b09
-
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exeFilesize
23.0MB
MD56365dc2ddbeb5842be33bdab30bf1421
SHA15f2767a411b9acf51b27dff68fff3a6598371a55
SHA256a6216185a12b14f73854b3443263726226614bf5b47283f9a3f3109308469d19
SHA512d6a8006784e19b49f2a4aa4342ca5ae14d844cc1ee7031fc466dc7498675ad625ac1e0556239322289a7a2bbb3d597f470336eed36313446ca574890a4506859
-
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dllFilesize
2.7MB
MD5b7e5071b317550d93258f7e1e13e7b6f
SHA12d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA5129c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54
-
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dllFilesize
2.7MB
MD5b7e5071b317550d93258f7e1e13e7b6f
SHA12d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA5129c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54
-
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dllFilesize
114KB
MD516663d125398773a90d0a53333b7cf5e
SHA1f92928ae3c9292588547ceaca1cb1d372bfd7936
SHA25638e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc
SHA512091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df
-
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dllFilesize
114KB
MD516663d125398773a90d0a53333b7cf5e
SHA1f92928ae3c9292588547ceaca1cb1d372bfd7936
SHA25638e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc
SHA512091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.catFilesize
10KB
MD583c630f8c1f291b522f2b83fdd2acdc4
SHA1a56949b27a80a6a205c0aa7945fcb879feadeb2d
SHA2566dabd76a6688902db5bd63342c1a88dfbd8fee71855ce556b5d26df7420fb20d
SHA512be56c4da3889f8600f2f7f73fc6ea6a3277195b8ddf626699c4eaeae9f399bbe6d86ce0d9b6fbb5963ac4bdac3acef8e7427f027d9c87aec5750527842d59e3e
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.infFilesize
2KB
MD50ff3f3ba83e1dc78aa42e205e1a01867
SHA10a557f31af77bfccccd9530227d593efb4809fd2
SHA2569c5dad17bd0878115a88a4c94405fbd9048294462eea474f265ddddedc90771e
SHA51280543530d28722b926d3aeda4a0c61fc5bea1812e38a3a1b7b84a5a1803c078bc54c32eff23b96766fd5e27301818f105d86235cdddbaa0dc51ac347ed3d7dfd
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sysFilesize
233KB
MD51dc6d344ee9b6b024ba23278891db9a5
SHA1519b792d11daa2bf9d127f69cdd603a236576e04
SHA256823e1c7321e177b006c1f3fd1ec8b99607a12d2c3c321f3a6cbbcf7030b6c240
SHA512fb96c4ede03c3aa729d2ea5a72c5f14029f6d69a79b6e0d5449e371bf3acdbbd1cb2079e8bbac3a3140a257c71018bc7a2a31a45ad5c8b65382e67cc3431ab6a
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.infFilesize
2KB
MD5358bb9bf66f2e514310dc22e4e3a4dc5
SHA187bfc1398e6756273eee909a0dfb4ef18b38d17c
SHA256ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17
SHA512301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sysFilesize
195KB
MD5d738a028dcfb7d1cf97e9fb11e306db7
SHA177f4d6a79e1f2754a2e93095158d0edfb9a6a5eb
SHA2568f38d2a0a8e306de910bb621cab4276520aed84645de942538d0a9c792dd0074
SHA512c753a13767c8460823851a144a2a9162168a1099664ba601d0a929d539ee15d78123ffd86cb6225f0d7e6f52f40b2c444705da8bcc1292bb6c9757732b82ad94
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.catFilesize
11KB
MD53be83dc1528c749dd2649ef1c5e5ee14
SHA15dac1b7fd1abd193c3f32dbe567d0448f8a3a2e7
SHA25609ee49b623f120d09e3ee825fb13633af9f915f6b6c33b9d6dae75fb93e4f98e
SHA51201bcc8aafe7fb618b9dae83ae477a31dfa07fd62c6c876037ed8ecaabce9fcd5b0cc27e5f938374031752f82021d1020158f6184645eb7624c7a730b8c92dd5c
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.infFilesize
3KB
MD5e5bb98e4d7adf79cf7355aeb4a12d3c4
SHA1c2996909b98b95863d54c6a2f7843e5c05015596
SHA2561f2ec66c3947802dd97abead84d71bacebf84e4a2e871852cf5291958d45a189
SHA512f65ec684a21481c66f4571fec4f5cd17fb629fbc4b5fda88bfe00ada30573f3c74313311f5e8a164709824b8033a60fa2ae0f1643d0ee3ba8ae4fd558709aa7f
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sysFilesize
217KB
MD5e7431acb551d8271bd63387f05d2a8a3
SHA1baeec0e03df81dcb32bf0cdae0f0cc8aae237047
SHA2566f8e1892f8b94d56208d3b0947ae26ec1485b0aa02908ece75b38d04818fc905
SHA5128ef8f795309be7f9a2a9377a99e90620de2e377bdf631e3174cbe6f61489d0380dbf0e4a1dcef08026142628cb6ead37fcaabe25a39b8eb730e01fac89e21aca
-
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sysFilesize
177KB
MD52152a9aba3407e2cfcaa84e4c20423a2
SHA1825e79fe98922ac978aee92e243aec0ab44ddd91
SHA256a7d456c7679717500c4a8968a9ea205107dd6e72c81ba1435777af2bd3bd95d3
SHA51232c1d5f1ba553848213353a2f39b9971c7ac6818390b1a00d6b23335be8f542665d4ed60202e7ca04a1976141881515833665782cdfa8f69fcb3ef0abfd4f37a
-
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.datFilesize
9B
MD5b2ebbf312e51e94c1f2e1db0e1d94a66
SHA173cabdd280d671cb23dc8ee8eadfaec235d1390f
SHA2564805dab34c1460283a5a87e3b0d504ab758c10875b261ac1ffdf46d6d1062f1a
SHA5128e7c2de734eab1c690164da2d110b033db6330bfb6b3464d17c291c9058571817059debff01c716a2d3358a11f82efbe10236cd34e33316296c002de0c1c1a01
-
C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.datFilesize
6B
MD574c6677020fc6b6c867aab117078bf5f
SHA18c46db37dc0b39eb963d4144539c8b591e122400
SHA256cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708
SHA5123f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0
-
C:\Program Files\Malwarebytes\Anti-Malware\version.datFilesize
47B
MD5702e16134861f0a53ff7ba313a5aed59
SHA1604c2e923058520e1c91d870fbe0f83644e0d42e
SHA2567b44e34bfb0e744fac5fd6e7dc4f99c19400d17a60d320059c08713319698820
SHA512fc5cbfa0a29b3ea5484c272b4b72462c8e056b0cf02b7d00b30c02a0250817f1b29c1eb124490a6f0763b96f14f3123e89f4e9a809dcafffd066928a373b4354
-
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.jsonFilesize
47KB
MD56e033323e3d38ed7e2a0729f1632298e
SHA1adef344427a2bf184c530b40db34c16544cee053
SHA256186fa5504d2da00718e09f98380d9a91183f1c3b08e3309918a81a59761d3ad7
SHA5128ed9ec19e8a0a5334b0454fc4b113f0ad75db89bdc506e04e06e7c803bed52716523fdacf33c011fab818cde934b27cc4c60565ab603e0c85e3776dbd80969c9
-
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.jsonFilesize
64KB
MD591f033cfe84582fb0872654d602a571a
SHA1a762d709389ccc3860a6d6ee421942772233eb25
SHA256cecaa901d8551644c01769ddabf37ffd6b0c5c367856b165f788c0932c048720
SHA5120f02b39605707a2073fb418fa759b502f61c61911634ad95b1770924cb6b8a99ad6f85ae3a930f2b359ca4e303d57aebf301fe8addd5d061e3e6516f472bcba3
-
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.jsonFilesize
64KB
MD53c86b542b4e858816a76ea029131c693
SHA19f644b634022912c4964c1880d0a5454ff548ce0
SHA256ac8a8a0d9c9bc1cc1c7a89594623e51dd39e5278802fb8070a346360e2417787
SHA512affe2bcccae411546ca163e2b0a0410ed90f9deeb1d108bd41b2fc8f3720b047923217186029927a554111aef1f625ef157c2237559e418787388f35aa0d938a
-
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.jsonFilesize
87KB
MD5cd4aed78e00e78bf05384762d433128e
SHA1e037a3e7b79bdb7eaec71ddacebf4a7959a70112
SHA256e0824df702988205e20cb00c846b6d7bc7aea8b22134c3fda0ecab574cc305b3
SHA512a3e775f10b944857dc604f3785779ed4d36b1412c592ee07ea52d30eb2d4ae5867508e3c8ee5af98c20de0cfb54cb826ba3c87a723bc93e735368584f5ac1a18
-
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.jsonFilesize
607B
MD5bbda1f91a7494cff26955737a4ff795c
SHA10e30a52fc9f25418bff77936cae15e5d26a38118
SHA2569ffe5aca0442b4fd873029981c452f0e490de79fd2ac4105510e7c2660de0eff
SHA51242d075168197c0653cd5dcefddde8934393173b8d618a946f94b2dcb49adbd7cc53d685fe9609448b01218b9c5adea3daa3a9065c0d473df883e9ffa4cc348e9
-
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.jsonFilesize
608B
MD5f8d06947e1537566422283a63a1af36f
SHA1f220dbf894630fcb78a4c6efcfd06606ff2fd31d
SHA256d2369083de00dd6fcc95fb3b0817aedf2276792b0c0c73b471ddd28bb7a45c5a
SHA512fdb623f2dafc14242e9b2d895d1c9b3945df51e5f4ce9c976c87e8698c830f378ce88f4070e0856fc38a4671ca3cb0d6d7fd18bdf375cd135e0798a920f4c9be
-
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.jsonFilesize
847B
MD54a90ac908f36d5d52a93abe504879c8a
SHA1b78ad68f6cb1304efe9654dede75a7ec502d0173
SHA256eca4a659a812b37ad9734c0eefb59c71060b419eaffdf2f4c8641f3900b6ede3
SHA512813f4214ab09153fcaa3fe12dd0c8db742f998566fc9a01dda9d5842344c4c4b69c0f0a84b74b287882829f3b65bcefbf97477655f161177a2f16b002d8ae972
-
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.jsonFilesize
846B
MD5f5c1c1ea6a980bd3ed28d6c3cb964b25
SHA140e71aa0c9dae112bbf90ce76e0dbe71effc8775
SHA2565a9abec011ebdf6443d1b4a5045b51d711785a3922e758bdec7d985702d7f1f9
SHA512644686e4051fe009e8997d48265edba2ba4c48b1021514c273c4b1b4f4ceedd3ca3111be4e33a376deabd61168d87d4e633d4f553b0b68d45de4a5dfc6fec424
-
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.jsonFilesize
791B
MD5be22ccf894121348754b48cab6f22b0a
SHA14b8a3ae67838c19355e0b771adf0e7d8ab3d8a87
SHA2560ad42cb2017c401e37a5158ecf6e6b489a365a015169532ec8aae5b66db64312
SHA51274a894824d972dc6ff919944820893b5dca5f0a7199b793ef8dfb8929df7af8cbc8c90414c55bea3449389273d7dda727807f58e668f53b23cd3dac37c6edaf3
-
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.jsonFilesize
1KB
MD5a3596b584f211c08b8c6acedb13cf724
SHA1868abd8df0de69891026acc4bca6c24411899707
SHA25656f906b34b05c2daaa098775da3c784109c9d25aadfc3c520062c9f25f9292bd
SHA51291bcff618bc998d3845fc2395ba714b79b38ce2a6008da9d1cb70afd2f6e4b789b8e555184fe3be4c673705d031e857550f805ea01d228d093ccedd5110f5ed5
-
C:\ProgramData\Malwarebytes\MBAMService\config\IrisData.jsonFilesize
107B
MD5987d4c1d7fd53dc358ba4a7ef45f7a4e
SHA10c43d188cb59390f8b819feee1244935918435c2
SHA256f626a47ad968c0ce1d841164874f01cab7b7f9f2554af5111dc0d94c0b3199de
SHA5123549e101d3b2da7898f9b536280159a2e850ab8c451c961d47569e046daa1ce7f8c40ed056fb543952f33e4971e69897942fb642a7c0d83e382fe35928e01d74
-
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.jsonFilesize
14KB
MD56942ddf1911a2a1a8673cec487feb161
SHA14621f7c4cd610726c5d25bb07a3dd7768737045b
SHA2568f6584d71aa6762d34b434944698dd61c1fdf908d6a7064afeabd340e0a97074
SHA5126e29154dafd30cafbb0b208892563d809efc7fcd693649e60dcf1f128152a99e76768072ee8b87e2ef2c4a639d6422668b43eb3eb3b35699b639d33d6a0ecfa8
-
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.jsonFilesize
14KB
MD520da058870bfc71012faef7296c64dcc
SHA1530d8318129bbe2fab6e30dff6871eec953f8c69
SHA256c6a4d2249df56283665a78121e8d3f5462cf8a554e7f44095d73e86fcf25e15c
SHA512b7d8a76cb9c9a429a4c5246067010c89f7e427a433581f0d5a1a10212e00837710f174bc51ff7210e166374673f7e01435404ead965c0f59118971d91d8fa3e6
-
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.jsonFilesize
14KB
MD52d3eb974b6afdb17e2d16a4185598ade
SHA17c94a80a794eb1da0e1db50bb157e99ae8b4597f
SHA2562685252af5e732e83301b15afd815f29c012201ee524931b0cda1bf95e2807c4
SHA512ee1cbe096f6495509824bbbd5a58e6ad2e10a1429a882aca342b4dcf63f4217d81e09de535a849079efb4667524703089f7ef43521bc95df00121f2a4181bd23
-
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.jsonFilesize
14KB
MD5e4c6756711875b68c7dd9b33dbcd6c34
SHA1f253d6bee3dd980752573fd8d30785c8a1ab626a
SHA2568af47b33dae468a9e8bff543b02917fc96e2757e8bb0668f568338dc0eec8825
SHA51296dc49f8bc75a0082e5e3d4919f82d7b4690d93d19530af689725753e7da066ea32fd01959c396fda9853d897187fd6309254f4dae4f8dbbc3fc4c25d75fa64a
-
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.jsonFilesize
14KB
MD5211e930abfd9db2345d6fca098ffa338
SHA1dfa691dae7bf1f5a05824f3adf9e295fc6bb545b
SHA256cdf7bfd8f7dda0404cd186e31f8c597c29f2af4c1903d5d6aa8e462b352d9d14
SHA512a944b2c9aa84cb0e84f4ef5a3882da4a6b05618951a5e30f47721e1cdfa301974365c2a8b91d442270c312a11afd21df84e8dd0d6d6872565703c03f28f2aa38
-
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.jsonFilesize
1KB
MD52e62e5a4df55bcd71d4a3a23eb083a36
SHA1907513cc1f3fdd7af80f6329f67df4b0b0a76483
SHA25697aa94c92cd451b18f9c3aa71c7216909c9e517e9c65ab24103175311b3679e0
SHA51277fcf3941711197fe7aa0d89f7f98f75c99fa2d20b632851c28b2231f0384148f5a91b3f4b929efc7e469421b6f7155abb83868642a3d214268359f1d78b6f68
-
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.jsonFilesize
12KB
MD5f7df1b9ae8dc936a581085adcc700fb2
SHA12d9828cbb118a257da52430bb49de06cfbb8fedc
SHA256aff19ad3c83329a1140da2cbc00ac45f035616a5808bb80354067ec849683673
SHA512e69be1ae690f8b7f7da2827d3d16b1defdf054fa617b9b743d29ff220fc0dccfebe534d238ffc74fcd1785485e6bdc1841364218319c271b89f1ee91071d0067
-
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.jsonFilesize
12KB
MD5f7c4949c50fba47fb3254cb5d8c070c2
SHA156dadf57925da3054d9fdbdb4043e9361381e7d5
SHA25675693b7885e29358f9d072f7f1fd2180c063cd71b22d6d661ca19354768bd1a2
SHA5123b0b3b46e89fa324062ca2d88848f4842732e61cbba9ec5775c24d2e89eefe9c66ba57b2e797b47c958a02dd3d9cf9c1605ae2e990052df83cc0cf5a0c0d4fad
-
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.jsonFilesize
12KB
MD5ab9e13ae4e48d5f7155f05e846307b49
SHA168e0286849c5379024b8a012aac4342761cbfea6
SHA256797be66c7eb81ecd7aacb778b0d7c3dfff0a1581dfd646a3abe2f5358a7d5cf0
SHA512b3980de10d00931a139b2d8321766a174b57415d43fef319448a95ebfc63f36441e55dfd566b0624972fb2634206bb2e99b0487fa70e8117f1587b6e8642ded8
-
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.jsonFilesize
12KB
MD5d37ef45741e614f4d29b4b32afa4eed1
SHA1464ba35992b1d4ab18e802ddf512460cca21fe72
SHA256070f496c3cec348800e481ca6531891c1d1cb1abba92dc43d4a4522965d7b98d
SHA512f5c032d16c4e83ea9d1c70d09f2b14251bfdbf08f5bfcc7af38be84642c04d121fd8b65346c959ac05416dad7bfb2d28a793be149183d4476dc305ca5570632a
-
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.jsonFilesize
12KB
MD5a6aa96ed37a54b552af34b4931a1779e
SHA17e5c6ef0d3decf9785d332284de48dd0fcc0b9db
SHA2562a383e83e2e704588a778e460b4416af16e43f3bc3e55832303ce81fbdf485a6
SHA512c5fd782c0239cf2b7bab18edb1ebb2946bd19ec8333fed68452d41ca3228f10c0a485c42c83167b0c9ccf3be156ad261d14bcec7326200acc28d08e80cbc97a2
-
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.jsonFilesize
1KB
MD576946ded3336b8487eec595e3f9497c6
SHA100f31e7947810d710dac06e2633f6c85564301a7
SHA256701a69803b6ec5005f37d6d559af7f3db6bd9bc586b5b311266d4e8e5e59cbb1
SHA512884b6b5d72d57267b099674640a203ecd17fdd6b3da58a2502f1f13e5fcf4d72448aaee5b45ad7566fd8e881c7b5ed66759f519ae35b9e09dfca3bfecfe407cc
-
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.jsonFilesize
2KB
MD50c51fbd065a78ba1f48d2016daf403d1
SHA1b193a458a1b32d4e88030cb1f2a77c03d9fe41b1
SHA25605b4fc24ab7f7124419dc52600898d4f2c83b4fd7aed1285c314fa5dfbeb467d
SHA5122bd02e35d1d2916eeeb9951d3803bc8e533e3baabc8e86487b4d63fe5291b49780c6cb11df0816bc59644f92bb71494518594f939aba5cfa2ebf08409b0a5533
-
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.jsonFilesize
903B
MD5964fe27c03ecd05692f8c19e8826da7e
SHA1ecb0d7e1b4865f9040b5b2ce878f1c8e15165618
SHA256e8f88c25a8918e9a1304495261ede2a0d92c136f4c11d9a75a98fddcca3cb5d7
SHA5126679844164a089ef52a5b69aedbfcd9bc2b8aa51492fed45711103de2513b4f41826403aaf2f27f5b562c70acbe2842f0d8de25b166c75e5bbf7250a7081280e
-
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.jsonFilesize
1KB
MD57d71d983091a4d8fe70804413f1026de
SHA13ad5ec218402d4265f5ae894dbaf61bab7a82849
SHA2567f4fb67ddf542e5174ceb2fb908bc20fd35200ead472c9dc3d07016dd975b27a
SHA51279af18e3dacf475f6e066f525df95c1e9d226e70c2d613562e26a9f672a9c45ab1b1026cdfb381719e1dd70c3cfd24a3471cc9a6d2d4df32fb095afc6f683bdc
-
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.jsonFilesize
1KB
MD51dd326e99b9010cdf403c39a50a62fb4
SHA1633e9d953e14a98ea0f1b8e1cb9c19f93bf4a484
SHA256a0b546c0effbaa36960f81b74ffb070a496d347110393298c6e9922f7c836c7b
SHA512e0409c1ceb50acabf229e9fe89664f5f9937b7f60cc7377703bf1ea72dbb87e0352852c2e358f8f83e2be97c94f33df3022da60cc30080dc9349762ee79e853b
-
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.jsonFilesize
4KB
MD572b9221ce8f19b472095ea57e6291304
SHA19e5cb0586150d1e3d977127b06a2694f68ae60b9
SHA2566b62d3c3ff4f250031f2bbfbf2cdd44c3af0bc49a0ce2747d48923cd2e527516
SHA51291fe2c5b19b447ebba0bd90cef37924e65a4a069d1240d71dfadcb1aa10dcd73e49efd76af217225eb38c2a61b6482be6ac9bed959125979bcf12adde409a514
-
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.jsonFilesize
7KB
MD584b0b83d5c7a454147886a3b85e889a9
SHA1f7ef7ea8ae6c2a162623883bebf954e335fafc19
SHA2563aaad3048a0b1d997c3c8acf73b110c8ce79796f423b85bb5593c14196743442
SHA512d005e8beba5a008ecc5aba80daa6740f25538825008cb2e46a72b803fb13bcdc716f885712294f8ef57e15484c737acc19a9e6687f29b25c4511c8b5c666394d
-
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.jsonFilesize
7KB
MD5ed48bd937f777ea81c616b0b9b5bc3df
SHA1dbc48b40fbea8da120dc14348f83845eb65c46a5
SHA256845c2ff9a30ab64c5af93012775873f98530d0804c62969a9619b768edd55bfe
SHA512880019fcc3a8b6c8236fae8692af4e7537d6934bf8f06d7253a6f3c19f550863014828f3a4503b890d1658cf519264c3067bb13357bef7abe0724438b0a364a6
-
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.jsonFilesize
7KB
MD5448f42f3e084a2052c66b92cc719e6b2
SHA1de85ce5f0ce0526005225469c289ceaaaf711c5a
SHA256faa8fe5b12965287b1dd167dca2e7f58ec9babae40e867440219130c24c32a38
SHA512709da4a529c6e161f38fb40d41d3958fba21d3ff46f11793ea1b15fa6c43f723835d6913ce695f57eb9e3a330ba188bcdb9b04934f08ee0ea2b04bfd7a302304
-
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.jsonFilesize
7KB
MD5d59d0beac946f026636be47a8928773f
SHA19ab53f6ff6a46ded7a0d6d8385972502a1c27c66
SHA256b411c9d6f58b3548b65f54e01fad80a75f765c14a1053d1d0fecc728970b1f46
SHA5127a429fadd64885850e881fdb55918b9e2bb7e3b51297b4cdbd7add54955a72d6829d00d11a90fc08246c5869bef5f3a0108ac796fc351aff04e414bc1a57c603
-
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json.bakFilesize
4KB
MD572b9221ce8f19b472095ea57e6291304
SHA19e5cb0586150d1e3d977127b06a2694f68ae60b9
SHA2566b62d3c3ff4f250031f2bbfbf2cdd44c3af0bc49a0ce2747d48923cd2e527516
SHA51291fe2c5b19b447ebba0bd90cef37924e65a4a069d1240d71dfadcb1aa10dcd73e49efd76af217225eb38c2a61b6482be6ac9bed959125979bcf12adde409a514
-
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.jsonFilesize
10KB
MD5d2d87d0a89bbe8a189735d19fb7161ea
SHA1a70bec1e1f677733ceee0f2e3c3dcfab72cefa80
SHA2564e2efb214c83097c667ad671f02863fef97ac64ac5ea0b1a7bfe4ed9b0fa57f2
SHA51213de357b1badfb4e1a95c319c4485398906a345b7f17c2d6915cfa33bac098e2d99dc1fb06b1d17398b27a3c9d3830863c442130d25cb2eae5003971dc3fe461
-
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.jsonFilesize
10KB
MD59bbb3efdd7aa052d47ab9af52789ebe3
SHA128d5f0390749914d174143cf5012ce96c4b827f0
SHA256a58d13e3c9b9632f08a746a0f272dd52a595b299f4e611a2a247baf951f04132
SHA5123a29785917e166effacb3a41458f0fff373546f15a35390063b5c7760d8e452bd5f3959505fa6bdc05f7abd523cb9e4c7700cacfa884c69cf5b50d57b02fdf37
-
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.jsonFilesize
1KB
MD55e704eb09a9bbdf715ab9dbeaabc5922
SHA16f8ed658bb5110679fd1ee7c525b1a69e68b4284
SHA256e45aa4bbf0d35616aa786c746bf51de1a3e84d7d745a895c20dcd7d634eadfbb
SHA512235b2592e8916f5ff7adb88e20801f28340c871d3c8e22c9a12578f7f31115d7eddedc9ff714eecdebe1c1e55e4248f526605b116e2f78ead72983683dc201a4
-
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.jsonFilesize
1KB
MD55377d218bdf4cc19b8b1177c52c23400
SHA151146aa8f344557166707b98846ec014e9d004d3
SHA256ec0ccbe4cad2fd31d7429b0ed232c8c2ccaced564b61e6a30ac9ef371bb028d9
SHA512d2727d770920efff08258ac5987b1b07351b9b14b7adee4f59fc88e4a3c308a69d75edd3fbdab572de2203a5e13a1555a027099d8189e0b0550850c2587a9d8d
-
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.jsonFilesize
1KB
MD5aca77eed409363bbd9b5a1399814feca
SHA18bbc747adb5fc5d118d6efc4ef330d68cae7e237
SHA256c46cbc436ce9b76471ba5d09e73d423601f8d74abb394872157c32ea5b057b46
SHA512c342c5f55d4b74358864877175aa74156d46c299ebcb4f5f17625f2a53abbbcd9a1f116ef75455d2da1791c42b9f5d112dea74618b6e7936aa0cee668035e51d
-
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.jsonFilesize
1KB
MD5845c6d8a681c9b15620cb23f996b9104
SHA109e1852790499b9ce82e0a1103dd2d8d7cb1f5fb
SHA2565d9f0770d329eb16019c1e18d3a371d8ed5d6a5d342d5060f812c68d57e12812
SHA512deba4787ff4e36b5665e82ec4f3e99213ed85d2aca0c2bf1d9360afecf343cb217f5d7589abee5d6a0f4ef7a4f6bc4d1e12c37d7236b13c659803f330c27b12c
-
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.jsonFilesize
1KB
MD529510317a10cf433c56876639553c199
SHA1ea9269798bb894c3935a39db3f656b33376f9be2
SHA2561c48a20528b90226c59c2cf8a4054a8b519765e768a13154a0b88f8e37f6376d
SHA512915c6a333323f8a0a6c961c8a7e44f1377cd9b9907370779f0d530f1d036f218f6badf277f58f9ec1bac035dfa7cf95bfd933f13fdd4ff982e2cec8eaa627686
-
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bakFilesize
1KB
MD502ab2af478d89af5027e9e08eefae204
SHA10b439bc3a2d8d80e41e689f18a794130464d6f1f
SHA256822a98d46d85f9af90d40eac2e0abe3afd8b05ee2bb23c29a4fb4c3be2c852d1
SHA512edb64f827894adbff93f073be573aee509ca720b8f2db1915a3bc93662813041b5454836b5cbe2b28cb53845978e663ea9ad87896661ee4759232e8b4f585489
-
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bakFilesize
1KB
MD5c27016aca794f28cdbe7745dbed54ad8
SHA1615d228d84f6549289c08e087ab46b096d80bc01
SHA256fbf9e3101f66c8e1b67692b7279c72fdcf387030bc3efa6fd9f9511d7f4081bd
SHA512ed33b5b01e986a3eb7dc81fe2b2980992b1a09b097d2d3bfb2b3ced8145b8deaeaa14cbbc290cfa59d6c0382c593bf216eacfda7abe40577432b616c2821fee8
-
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.jsonFilesize
1KB
MD5a3a678ed379f9a22d237eb89bee57292
SHA15c2163a79f2c599dd2f1d14172393127db85f267
SHA2565ebba216899746716496dfda30da866327a2729faabe4a42dd63386a70526972
SHA512bf984d7cf183e0ebe2c4a138777d986f403238a1567ef02d88c1c791753b10307b6cd0e2603474e296d16fc77f22a4bc59fb66bda6f216fd8c3da7fce5c64354
-
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.jsonFilesize
1KB
MD527508e59931a8a08f88b24490ffb4bd9
SHA1fc73b26de91fe047d33e2a8d4b0b8ae6cda66d35
SHA2567039267a4d57dca6eb026720ad5c23ed55203a2aaae34144bdd88ff3fcb94da0
SHA512122bcde49b57a716308a31df2ebc19bd886e28a742ddb6430395e9cf5cf1b005b105a4e638fc177a2b057560f693128c6facd956eb1a44cab39a65cf2914109e
-
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.jsonFilesize
1KB
MD508d3cadf4077a681f8ef01c3c8443c6a
SHA19bf09a47c5a1294bbc0bdaf020d8ff28461c2361
SHA25681e2fdea1e573f9a23916e49c9cb3000cd1e926e041fda245357a361901785be
SHA512c1135ba5eed34a9ddfe57062b316155d13ea0a48cfddd12dfc88c5ef66c8e6f0c9ee67a4056d9f99fc70cb6389a5c1b4dc60d4e43fa3fbd52457189e55befb77
-
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.jsonFilesize
1KB
MD5775e441810393de02f4d8f021997d3b9
SHA174ae8f6983a5ea3b0dcced230e7a145e1887c30c
SHA2563ee5906dbf288de36dd0838bcd223a4ac11684452931fbfd56a3610541c869f3
SHA512541cad597e3a103ce48013979fb246b9d19c918c0f7f39d908a15b3119994112c1323a50d685112f195398fc663400431d63c8962ef41f4e6abc021c20a47973
-
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.jsonFilesize
1KB
MD5d16331c32a100ab6c5b773635c27ad3d
SHA1b04697301159510362fac03b2cc2f7a92d0b1cee
SHA256eedce6e5e6a62d4b91b1b7d7e9e7c8b1bcc97d231026594f79862939bbfbd824
SHA51219f9f2bdec9ee158a0c8fd567cc58bb1bb8cf04874d8d451d9d3c7167d390275a3720918c5932114d55c7f51189b0acef2667cfda94eb5a6ea645b6218d4f835
-
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.jsonFilesize
1KB
MD55c402d15bece3a7490101993c81ec2ba
SHA14c4a38558cbcc44764ab3d73b8c6a636fc2a1577
SHA25682c056513208a534a1ea87a85e936eed6e839adb0ed9feb890aef05c94c030b8
SHA51249bc130016d3a183ac45391823a14f0e8bc3aa65ed8abcf7b12171dc7989f1deae63e86699a69aad66f283dbe53c707aee9fe49bf0db5693fcf51315780b96b5
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dllFilesize
5.0MB
MD51eff53d95ecaf6bbfffe80d866d8e1dd
SHA1d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f
SHA2566dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac
SHA512c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dllFilesize
5.8MB
MD51ed53171d00f440f29a12f9beb84dac4
SHA14d9a1e3579b0999f1ab2fa818b588411e9ee920c
SHA256e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e
SHA51217161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nmFilesize
336KB
MD594c40df27363af21af7cfc966e6f7fd7
SHA114832f0f66d602c1d18c562ae0a819438b47aff5
SHA256626fa1c35fa6d8e82309d7f5a4af41488f56cb1afa1705a1dcfba467a9683912
SHA512f561d485202c5b4e8f3692c0bb8876df6cc3c2f6dcc6387cc0513cd9bdb6947cef77a18df782c758dc981c216423406e0c735a2b349954d4e849c9787bd89a64
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.srFilesize
16.4MB
MD50785cabe06ab7d45df58357acaa4b0d8
SHA1d5ec88ccddcf04625679bef5f0f101140ce27080
SHA256c8937e9e707da6c6ad3ac5fe21996cda003c5bed9c6c5abf857df3eb39f49cbb
SHA512f259b8b6d18ed93c1a579f2ead822d63d2e32310c829740288e90159e5a0980abe05ac61282a641ddcc5df9f53668d0c3d252df60a41be51620cfb4d978f179f
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dllFilesize
6.4MB
MD5b2216df400c3ef59f9406831ba7956b5
SHA11e26588190fc8a608e773239d498ceb79a92fca3
SHA2561e429ee1da8a0fe6569673b7052c5f49c193aaa8f3152451f645539a431b792d
SHA5123aa3c9ed3bcaa0f2b7c4de36f7a83e35e8abf63c972c8e5377915bed41a803ae516cf8ef14e9c455043dd1ae46e4aec1820fa3572e65d0c87a99eac1d43d1f40
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.binFilesize
661B
MD58fd13803b1e5f14b4d241facc601a170
SHA17321eec794bc766d84d75bd0370a9f2e4d7abdf6
SHA256925d771b2643715b62ef720801dfa96047fff1ee70eabb244bed802234673717
SHA512f5b3514258487f8576fe32a795eefcffef049c7d002a6abdca17383bba838c7a218be23ec6803dcefed615f40afc2ba4b15bf65c9a74c4f6bb891d15d02bfc22
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdbFilesize
10KB
MD5a51c7bf3b782aeb7d410d9eea081e3cd
SHA16407d52481ae58fe3eaac0c6297d19f15db7c358
SHA256530b3b5d09a8c6f5fdd76c0b292d2ef57ed8a439d0176bc431b2ceec0bfcb3d0
SHA512cfaf0cc481c2e3fc185dd4923848fe175351d0465fe76528f0dee8f5bfbd0e8fe50f46de39d98a30c136f32ad341ddb7ab4a6875ed899d4435ba462b670e9001
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.datFilesize
924B
MD5f41041b917051b17165a317925f46c79
SHA185cb25cd13572da4b252c9cbb4610d03eb02ea2c
SHA256e8e9f4d6e8c0937ff817053e57d6d0906e4d70ff588ebe28ac4792e3af280a1b
SHA512133f3326227085fe6128e10623bc2b4beb4603e38e9766daf29e5cdaec55edb4d875224587a5b5439d18dcb48500b8ece8b777ebf1b47aff091e804cec241466
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.datFilesize
39KB
MD510f23e7c8c791b91c86cd966d67b7bc7
SHA13f596093b2bc33f7a2554818f8e41adbbd101961
SHA256008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA5122d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txtFilesize
23KB
MD5aef4eca7ee01bb1a146751c4d0510d2d
SHA15cf2273da41147126e5e1eabd3182f19304eea25
SHA2569e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exeFilesize
1.8MB
MD514cd82fe89752e3723a9b42aaa68763a
SHA1ea407d8d7064581406eb1b14e0f01cee61afb252
SHA25660e6029bdf3a2d88772bd4ec3aea6b688505e7dfcb76ce371d6942e9de95ce04
SHA51216114ff38a2e2cc59a9bbf420304fda8e558022f385748a5f48c02f037cbe815221a1cb4f0ac1deeb408ebf66ee3e25c059b157c7cc5cb169dbac75a73694fdc
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.datFilesize
514B
MD59b979d91a112c75b841e07eff892f0aa
SHA11cf96fef681a584392816b7c21bf59d0afde111d
SHA256a18b440ba6798cf44352d503cc3c69b57e0bbb1ceaad5cbe3890399c7db59717
SHA512d1ccf7ae5de037c7d3a0063ec82766d6b06ab80b43021913142d1032a9b7d5f6e6c03a2970cc4082ab2b521424f2066d3690fb6c165adab99f11672f6d4b69e2
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdbFilesize
24B
MD5546d9e30eadad8b22f5b3ffa875144bf
SHA13b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA2566089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA5123478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdbFilesize
24B
MD52f7423ca7c6a0f1339980f3c8c7de9f8
SHA1102c77faa28885354cfe6725d987bc23bc7108ba
SHA256850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdbFilesize
8.6MB
MD566b994f9998ffd2b69aab92be8a98b74
SHA19ee35b80b72d82d1d67d84f4b11cca3ff6e16ff8
SHA256e1b81bf268515f851f854e8cae161f63d88374bb7ad9bf762aae5a76ce0b6b5b
SHA51204123b4139a989bf10754666e51d8dbff9e4efb76d38090eb9fd5bfc5c3b973d76a9da0e713481199d2d5ef7084ab580679c79eda069578da112eeb7893e72e1
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dllFilesize
528KB
MD5936021397e23fc913c55992ce9468913
SHA1d65af889a379f2982b1ebf29d83d2783b9aa0ded
SHA256ce7bdd309701942d97bd8cd3c2455a8d37d93b4d9ce4c14986703daf46fab7fb
SHA5124fb968bee32b5f2b5a5d1629ec2855dc0150ec6b753e83a457ec704350b1f219b5e1349a75ec41f94757d1ef2de9a020933f8e42566bf6123543b7709ecc3d74
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdbFilesize
1.0MB
MD55f9edc9cf5a49da84cf1c58354a11414
SHA119188e5a333cac88cd5c910eed9cfc3a9e529817
SHA2566dd4a65f79ba857bb611a5f021d9437636f71b054fcdfb432aba228e9dcb12fe
SHA512c551970a23e718285a533cea719acf2f990e73eb50d5484674ae070888cc70865dd2eb3389970d2bdbe8055531bf66ce7e862395da8b5b206675cd6cd5036eeb
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdbFilesize
176KB
MD5d67ca8d71fa7eebe82def5a956d5e08a
SHA1d5d71294901c18783f9a7d0da0b013241455bd62
SHA256033b5274d255b9766f0c5a5d8373d62922a693d4e227ee5c2703663028d2b8a4
SHA5120dd01a187eba41316c877715f342f2df079192d0cadccef906c6319b1cf1d589679cfadce74570d8b426d6f6279717ad950715f3921046595c9c643903c6e676
-
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdbFilesize
44.7MB
MD5483100509268d3c7f8faeb545351b989
SHA1c997a69d4e13fc87c02e59a6a43812fddd268c44
SHA25641da047736cd518b5e7cc3d5aa5519635ccd0bcc19aaa24ede7169bd9d514a5a
SHA512667d3d3eb1876a062f71abddce0f6007ff26fb215d064da9d7d7339b5e2baf713921322a087fdd7a6e203a41c5ca1b0157d9291f421281ad488e9bbc2602666f
-
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.datFilesize
74B
MD5818e0933720a11e666e366b73a3ed673
SHA114ed38e4cfaedb10d8002c3179775ee8967f0189
SHA25679c35a67497d687fea5f3d6733e0a55130d0e8b91b4da230d7bf1a7c8a6fc061
SHA5126d292e436e4ba09daefd9aa01ee7a32d9ad384e9a3f48c6556851f3f4e5dd2f26fc3dfad35bae918f49cfdb4a4d738e81fa098cd041e9a0b345e710105334ac8
-
C:\ProgramData\Malwarebytes\MBAMService\version.datFilesize
25B
MD5f28e1c0e19220fdb4b00c076e54e4268
SHA13e45f8cf39ca156cebe36b7fefb181a5d157376a
SHA25627110b71079e357091532dcc3007a549a15419602fdeb610b734b6267a7601d6
SHA51202b5c866a8c9e8f76f620bb3590a80a9b68ad8f5db1e7828952c686613fd5de6ddc0f5f7019b3b076aa799f5f7aaaece86b8d83523e51641fe103d0415345d1a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008Filesize
20KB
MD5923a543cc619ea568f91b723d9fb1ef0
SHA16f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000aFilesize
299KB
MD59ae8ef5089cade0bd896dcfc633ce0b6
SHA1dc6633bbbaa92d608c7aa19fddfec53942a1f7c0
SHA2564c40c72416189b7e1b2bfe2c481f4ecf7ffdd4373256cf546d1323ae317b8957
SHA5122d79f13a22b39237e4fdcc6ae431c1858e1909ce3f55ed0b5a1bda1b1dcadf87ab8b3efef6daa73901b0682296dffd360305cf0bb99e205071fed4ef5d9f61ae
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000bFilesize
109KB
MD574a57375258c6b453c53ca44be0e0547
SHA1de09358cb8d67021cc2cac2c803f5cfb14ef976a
SHA256b270da7a1464531aced3727c0a1ea169b95d3d7b89343b05ad5d9fd84139bf6c
SHA512937d80d09163badbd6f0a894eed89a132efc5f8fa8c0cf5ff414d085305cf4c5c642cbd519074f18d1855ff9748e02d32a69a6af5bb4e04fc58e7b0a49723f1d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000dFilesize
72KB
MD5aabe4cbbff35f2c2d5aceffce0f181a8
SHA1d7712727ba3aeac0a659df0b3b788edb8eb44597
SHA256625741af909987181e10cb499d19db246626b10a45f10d705f1bad48a1504492
SHA512dcdc988cc99532bd57ee2e6ffd913c75a00499c83b9570f2b5ff005bd2c5c7029ce5943b985bf8ef2635cde426fe280044f1d0cc2572279264b0851a186dc78f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000fFilesize
40KB
MD5d574939016c1b0511053c934958d9a25
SHA11ebb35cd6af10fce71dcd4778c9bbcd9822ef999
SHA256ad0ad0fb63aff674e004faa8c826d6523a79532133fc07eb9a2ee5a1d367ec66
SHA51248758079cd42e05da63126f5119d15a4f79520095d062b67490b637df8fc12d567eaa2ec9c083d747093fbefedc651fbb3a2bc4f2fbbab9b5a09379626a40ceb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001bFilesize
64KB
MD541cd8c156c0605065475c545f11eadfb
SHA19d4ec2f36e65ce5c43a093a915e9372f51e2e8b7
SHA2560f54c2bfa475d6ccfb1d1746debd4b9ea320a08eb75068e373c6ca3545dd2ed2
SHA51238cae3ecf9438b3248c6927b12ffef5200480397eccb3da27712d7ad9c93e22f2df0c01422f262d166c12be4cbbd924b4565c8cac4ebb4179a235cd021849b83
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001dFilesize
16KB
MD55a3c61efcb808dde949fb15ed4450fb3
SHA1bcffcca09a9cb405ff9ecc80c0f7007820fcd023
SHA25660984560f83890b211350a310b53df47e1d30c931683f53adb57e2f44c8e1d59
SHA512f19bafb575d3c08c98dcbfea7d81a3e86824401c1150ee620e7702f7b75d383d7cfb9f7273ddd9d55f471028cb1c789049d23b8a3e4b40ebe2568882bfe9b623
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001eFilesize
47KB
MD5cf5eab1f32700b8b7537a883efbcf651
SHA1658e857d7729752dd76755f1838a4dda10395549
SHA2564b9873c486bb13f3671e44f11b1e37a21414e3584465daf90d9a3fe3ec34b887
SHA5122509bb93975e659e9e932c13edf7676e57c98c9cbb88649fea35b9a0af2f855bb91204f426f749a4a231d90b79f93faf315557076fa3867f7fdceabdfd44c984
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003eFilesize
32KB
MD56978b2578334fcf7032018bb230d0bd4
SHA1600c64dfba742919a4306f3bee99d69b2aae5232
SHA25667cff4127b8d1a2789d66abccd781a0c4b53efa37e9fe348a97f473014ccd70e
SHA512d8f575a2f58fd8f539b49af278af3045a304d0fbe08a35ee794ad15571bc356e0aed521e9a268243e857aa2c1f4e2a1009628e501d1e87d988cef021ca474120
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055Filesize
28KB
MD5af276193ee53b540818328e51180a5ea
SHA1ee54b602a88553bbe162bc160225fcde869e1a59
SHA256f5a9fdf71b437455d5a91b9ffc6784fe3cb8135a96939aecb39f2c0aa9c22dde
SHA5120c271d7cdd9545fa043f63eaa2ea6a2c734cceb96af07265c2b4749c9c6b395ec2b857a0f313401ae028f5bebda91850ac7f591e430e067516d47f04e28420ce
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056Filesize
56KB
MD5e845906614b5f7a2e2b4e872266f6299
SHA10a01c1199d3c7a9f1e4b7deb059e34b04ad21c66
SHA25630ecdfd3387d75b0df75c4f2686f336b0963864093c458aeb9d69f99bc71a1f7
SHA5127a23977a4441391744625be03c130a97963a884ea5c57b1f6a7a52e2a2670c2977fbbf4223d3ea1161d0603f23ffb558e3c69b1310daca37e52ae7e55a0355dc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057Filesize
60KB
MD57d403a1ca53484516b1a13d694bbdcaa
SHA11131969ed1aee4403b1dba257d4ddb91b874829b
SHA256f30b5f7edfd2e8ae07edf51518bc2deb93528b1f5da922d014fafb3c744adbea
SHA51215e7894ec8cad6f988a81a957c3f63ef5d19036d24681742ccfce953258b9b8d89bea098a6e70164cd12887f63755cfd8510b95f7ff3ee79d166ea91f13fbd64
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063Filesize
122KB
MD5f3e7e8ad337f355bcc114e46145e0b99
SHA14f11f4b1e515af97695381cc0f405527c08cd983
SHA256072cf1e2c67e97eb0ad211e51d38f37ffdb9b6ab9b1edae1d5690ccc5f6aabbf
SHA512951025e27fb274aafcd96b83e89a734d2ab4c976e641d41746978164184c1a6fe97764b8c1a1af0bbf484e3f457878372239827d277c1937249bb5c6c8319971
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000064Filesize
16KB
MD549295de6ccd23cf80b6418a2d209868f
SHA142a955b4560bb22cb9b5b39577f7a691ea345018
SHA256d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
SHA5122954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065Filesize
230KB
MD53d6a0401da4114425fe2865129221258
SHA1b02046e04a3f1ea12f2fa4b1cb63d11d2f50649a
SHA256a4cd5d50e11ac72fd84942fe41533c637c4eb7e734a83ac118b6081d9dc17625
SHA51280ee43de2e709fc2a36cc3ef37c79da3a7dc8e8a10437a26c26d0c0fa1268d6a61801551c22b20bf09e7d6b77397dbb730b47b20eab3ec818e31c3a8743e327d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068Filesize
81KB
MD5705e86b4266f1431cfa2d0921dc42b97
SHA10c2e9b170057b10106e340580b000946ff1c84f7
SHA256dcc86d3936b5970c7701def8d250628580e4c0b534a1a79fa37eecd7e4a405f1
SHA5127ba8e6c85c022d6f794ad2f7f2574de8877a69ea764631dd9dce6d5ce29a3d848f49ba2b350a7c5b99f23258af7f6d6159991227af7854635fb94d9b852eae0a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082Filesize
27KB
MD5158a0cc3b8390b268676b3fc3644dbe3
SHA1bf06cf6e7d96d7808b0c245be28d79c6b963a5e0
SHA256544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48
SHA512d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000085Filesize
72KB
MD54f6377a1b1a0a36a0e6c383b4543bfe6
SHA141f49256395e5abf6722bbf5497f899534d72e7c
SHA2561094bc1e0648a5b112504c5f2b6650adcc2209762384f479c6eaa1cb961528a9
SHA5128ad5f95c7dd72652b72b8e9ab3c5482c44a69f76275c5b1e4e2c025b850c6e83530942ad851f8b62488692798b8063e8534b0a000032aad148a2d35651914dd1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000086Filesize
257KB
MD52653469f30fb1e7d2b0efb44826c6be3
SHA17387367a0016bfa2b098d74a9280b55bd806ac82
SHA256d74dab7adf6debd635e23c9fe40e5096e590768f99c4ef8cf08522ce44623a11
SHA512c4c0f2bd3efee8481f66dd973742cd3848db881f9419b581e495caaef2886da7c7f2920a0a7123236fc59ad4eeaceab731e81137427ccea2cbdb5c77327b3dff
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087Filesize
40KB
MD556e6be029d77f578e709c24b614846c9
SHA1489c375c9f3497c386174d83cad05129e537ba2f
SHA25625f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba
SHA512efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000089Filesize
32KB
MD5fb184db0e78b251fa819092313793f67
SHA1e7142d6e96b1c03e8a8a2264c31aa903ca2d6e39
SHA256f9d406fd23f8532aaef66a1991be892e61099dae8e8049fd2cd05eb34af93e82
SHA5127276170a782f26c451f75a2ef687b72c0f1cae6ac2a86f71bb49fbf0c5120651b7fb4609de01d3050612654ecb3aa26ec9b02408fc051cb7247add8cebd4ecf6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2778a0817a104971_0Filesize
38KB
MD5182f41159dc160ff16e40faa9c2994f3
SHA1c03e73de82794ee6cf9b11cc86894672958aad13
SHA2561628005e3165145954699d471b877086dfa68302d314a707f435bc4888da10b6
SHA5125bef531d4670efdf37aa5536d6382e56303538aa1d2f7ec70a008cceba71e74e8ffbf0f0d4343cc67689e80bc131666ed373191c0b73a88fb732cf1af9483c44
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\818ae5a0c8110c98_0Filesize
31KB
MD5f007e378b52b46525187c1ea7278d207
SHA1019af76bd5a893df6a2ae5b27db8c9eb0dd28338
SHA256e77b0aa68f958ed235add53460fa2fdc8dd360e1edf7db307b31aa27693a745f
SHA512ea6293de6f207713960237a6f408477ff7b74865748419fe36f13c90b42b9bff53132bda5fb90b7bf2cd89dbaf92a329c537b4252272a90143a583e3555bd71a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a294f00bd998b712_0Filesize
277B
MD555311838d240b355b1d2293c313baa64
SHA18cd8076f9a72dd8b1056e8d18622b66f74a38a42
SHA25657e3d3eec9605c2ce51931c116efa36a8ca676067a0cdb9306d3a193e92db54a
SHA512ffd8e7c0adaded881a451494bb0b95b1ca7ec26a7183c6496937e3ac7cd548b879ecce8190e4424bd264c74a1d9cbaa6ac7b6ea304fc519f62400adab82597e7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b40fe6fbf2499973_0Filesize
47KB
MD508bb100a8397c8de68e21bd44d57023c
SHA115a893885b566047f53e634367e9e3fa9b63b561
SHA256aa065dd30c425e26195284415b9dbe258055ea7db91076aab44bf70bd5b7d5fc
SHA51245a85622ae5419fd6f25cc369e28fc6c596d2397243a02c61ef68a193d74d81a8dc42264714975f46aa09463a99a7aaf2f4baa1d51dfd104010b746c86ce4a82
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec3c284744763bfc_0Filesize
5KB
MD5822bb8ebb732ecfe4b6eb1cec33d7b4b
SHA15b2cf54da4a83f0a815b80a7c6ee072b1e7192a0
SHA256d30c2e320209999d92a8f1632832cef84a5f88f6530f2a893327cced92e1109a
SHA5127efbe103cf5abc5d15c2fd19c7168e6251847540102904e5457fa9cd3ee39466e813d1bda50adc8b6a81a74aca959c32552a0a956a21a4f2824d190b0e02ecbf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fc20463f1eec3346_0Filesize
290B
MD5a26579779fbd98f358dad70a8db8a3ab
SHA126d8eee6e4dffc0d510a25fbfdf05b9acae4ae11
SHA2563a3daaca4caad2eb89df6a4cb110a9cbfa94efffaba3f8265736bc7531c1ef17
SHA5123b7420e8fa737fdf1604d937e51af6f480302ca394571d19f66f3f93a0e4e59deaa0a9a5854c8707269a1319fe3d4597063830eb95b890ab2831863f9a719898
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD5f748c9cac65f3a5de2363d4d0765d8f1
SHA178109cc6d45a2bb3142fa1a6e0d5ab9f1b7f4e29
SHA25642ac126798d1ee6d7f75e0e7206ac770ae3321ba1928ab45f32dd1cf72e30a69
SHA512eedca8d9ba3bfc9bdde2987a35a53ed5e10f7089adf317a91363e02e8136cd72b7fa3f5268f7cc953a4db245e042f097ffcd9f6bc6ae12ef3a9b0ae212259b72
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD5b6eb710dd9b9d637a4981ff5bfbce25d
SHA1871bf9367b937d9e2bce791159e6b3673afebb76
SHA2566b89afe97f07eedbfa1ca88933a9911a9a605bc4b4e116309756eaf741c3a162
SHA51280946c630f8306954fdb9443a73025fe39cc621bfb046927f974f98c7304c4aa571afd91deb8bcab14906195866f400e4425e8ebd11bd39b5b7bf243d0506012
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5d99712f0c54de77da4ea203639f5c756
SHA173ba1ae90efec75736cb4bf0fbe51741cd12662b
SHA256c6d210f87f01e645f4eda2ea735963caa787bba9249875183a6c6a551260cedf
SHA51278ee00ef45bfbe2378d6b82c1eefdb001204c1e458e9f79542552871742fd219669204a2b6c720938a1689126551f0e77f1f345620522f19800b6e447b967693
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD5d076b6e55be778d7d96ba335f5edcc0f
SHA17fab1902938f7d38fdcffe6fa301eb1c5e85af6b
SHA256f3e51277bbde7a0a0cf2380ceeeb2479c869545b26de7f8cbaaf730c97cc71b9
SHA5121b4dafd38dd68e1bb16596b9a581a52616007b26bd95389f4f27f3e6a32fd506e5e9ef3b62504c4ab41f9f7334fae936d2b891e8624772f9a02c2f97d863d6dd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD54a55ae9b53c7e01567c4692881a9f3cf
SHA1b2cb8b7ff5be38af7752967177946e223b5b2b1a
SHA256cafe659b229db19964f613661989201bfc4d7f610a9ed408395e9bee77eea689
SHA5122279aa95e160996af569088b770f3d10f2652c882b7ed6799dc9f625fa2140260d4151ad265e88ed74341daadad4a0adfa83e9cf36fa790c22467cdc65ea4451
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD552a99a1d913a86e84ffbab909dd67e73
SHA1c053e2768a81425dbf5cd9c09ac98026eaf54cbc
SHA2567b3a80c939c055b285aa02d317b6e18a41eec1e71b048520941677e7ea598b1c
SHA5121a07ff519001e901381faffdc1c0193bed74d7b5209bcd7b1b811d391fa2c737b8404badbd6921cf8f7ca7de22a85f15e85d73974a00a7058a405f0c12f6fce5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD5262a76fd4a650607b5a989f8485d2cb9
SHA18fe32c1a9491c7c2ca394e6cac5c1833b55254e3
SHA25626abdde79399512b39a74e68d8959bfe6e830d99f76ff71afa51b735261aa37e
SHA51297bbfb5dbb6004eec85471c310dc29ecbc2ad7a15af5efd1958a2a3943503f7eb7f1f9e89830d7bd4201f21aea47505aa15de2b11ea646fece0a096c18707e68
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD57f39cfe3cb5a40e1ed22d94d0746a714
SHA1b5739a0a70216cbb9cecd4b66658e71774fc20c5
SHA256cc590f09eba03e94dfaa831ceba48f02aa3711e5c02532322905658ac2737655
SHA512d9342f35564007bb6b80e4d06e5955f8159448b8fec741fe3d8d8d629ebd0b2b7b74a189486732560d245d75f4a942392eaeb7df2c0e5493118b650b7b0eeb72
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD53f6a0256f2291a26ed155edc70a191be
SHA1212c2be02f4b5b2677aba5d5d361efcd221b23f1
SHA25689f6088de8c301c2f728b1b32f21def6fd480617f6c8f9110298b0b551d6849b
SHA5124d88899bbec7ee30b7167ef8b71cabab468606866675ec404217d8821841d707f6368609a79340589fc5f8a3a5da25bdcc4d1012e7de8c722c823a08e34cd968
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD540d5a52dd694a5251a65f7b0c44b626d
SHA1c35b4836d40890e5e49576328aba7587a6e32249
SHA256ba0121d2e15cc9d94be8d5c7af62b4bca22c1f2cd584cba739c6698b735e6022
SHA512dcf2e82ced15c9ebcd3c790a10fc1f352740c6f70edd2f0724c88dfded90ae3268b652858a33246c2a3f1504e74b53607305295324be4db4f2fb892cb8ec832c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD585284a999a9d5412264f49f101bed825
SHA139228639fc1a666c72c727615b06edce146d81ce
SHA2568dcda2259476cea15d0cc0013aea69b29817ca8c46bcb4d00aebe1685f9dcc87
SHA512b323a468259c14ce4c82b54802153544c22a4cb9a72c3632ade478bd1a797651d3126bd84acbc0a857d175a6365396da2f2d89503ae4245c41970cbd4ce8f1b2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD589976c38a8d1f8c6d514e508620ce339
SHA184a8671cbc04d5269a630b22444cdf109254d873
SHA256e52274e268bbf129bae4e4998769a2e4f30c17641fafaf2c812c488de26ecc67
SHA512e80d84dbb995a24733c68b57d59b17faf7f52583cb96fc170d9baf62ea7aeff0b4ab942f5c62576c189932027adaa3bb486b26380a3f4d869579d928ecddbde0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD57605ed13625faaa5bee05e1dac0de562
SHA1cdbcbb7d269f47a1984c3921fcd3b695034ba461
SHA2569eb00c3505cc369613e43a76cd6c1bca697c2ea94850a532ecd8e881a3138d89
SHA5129618fe8fecc4d26c7010e3ebd436370d989dc5c775193956aff1635d60e2df78c40c2b8a505c3be3cab603696d4af6999b5021ce43ccbfe89909736d7d497579
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD558c85b28264b14f01101f6491944cbc4
SHA14cfba8ccb4b20893763590b9540a1cac62ce0a7b
SHA2562a97fffeae23549c999086ebf1fa4bba844cfe51ca1c0b9c42827dd2f5d64161
SHA512c4a809b25118e76e1c9cd2f5c8d2c431e723c29489a3b0fac66d9c691f689de6e1afa3a22e474582726964771d4a91a22819b97c704ef99d8fb1281662b250cb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD5a866cbe7aa4a8c20ff76322230e16953
SHA15ce38f3201b338a79b8bdc6e672cab8e5295c312
SHA2568b8aeeb15188ab247d5ebac51b0d3ed329bc683e86f079e538d0c22a71cd2094
SHA512610b8fef739c8d6e90cbe5f15edfa23ee482de98d10c659c0c25fcef2b2d53cef917a3c25cfdd8cbfa4e23a2a5c6d3dd05490e7206edb1650d1a51f3419b9795
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD5f4a26ff4c6ec8e5ee30b81c270530a91
SHA161828479d77fc6be01cf6699ee39c16855550f97
SHA2562ecbf7b167647b05e4056e5dd15398ad738a86a7688e791db68f141283180ef7
SHA5123e8dea55bd6e3f05cbf07315570445527266802efac57dbf89e53daee13ec712021fef7a9f61b34223b390857083cc7a63a63211e74a0bddff675575f870426e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD55955f645d8e3d513bde2ef87adf2cb3f
SHA1a66faec9177856204cf08ae26d9f219e75561721
SHA256a627e55b28f4bc5ea316b82b98f2d9aa5638059ec04237d2006db63ecb33c831
SHA512a9324eff63108911b0e57e90c5f0200e6bb78661ba8e629fe3adb406be0b61d6b56982d14a90828e60a262d185b071011a290b51b785d6f9e9825c7e9005369b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
6KB
MD50b0d9c3645e7d9feefa0becd92b0ba7f
SHA1c3dbafef08d4e61a077009c6fdbdf08b6423214f
SHA256f1d1a48c5e84686ceb823f837816d6cfae6336674d733705b48867c1b9320036
SHA512343c6537ac855e9e6f8dee08271f21dd4abbe8e2b25b90efe8edad59d27c9037867ed2dfac8fdbe7415d5bc422373c5755e5e653a8b9b8fcda4eb4cb01fff7a2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
21KB
MD58b00bab96b0a36cb02101c4be32ca55b
SHA151c19b3de1433d8ac9a8f54573ef7b4160901f31
SHA2560d33eea06e1c19480b222dbbd1736b5ea25f07048f6f95b35981ba9903f0035a
SHA512aa8935895cf45f89a6ec45989e87f043946276d34fbb9ac5cfd8002d8410153a8761862548f95b8e194a51c76f3e4c27b6a840b308a229aaf6d3faae4758c871
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
21KB
MD561ed5310516c0fdc9454fabbcf83034e
SHA15483e26e7f64433497578f481c93ace36ef4c674
SHA2568640e81ec09ef7fec24fc38a11f18bfe90224a77fdd7332234825c3d525540d6
SHA512452734d5b25bbb62bf6f67f3a07c1a2b58d131a613ad10db433c61b7a863184ca13f26517ed2c4f06d559c101e1069d8ec3262112ec7dd99996d4cb37370a153
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
7KB
MD514db932ef8bc5b98734d90c4abaa7b43
SHA19a46839e6e65712019d3af1d8f90ac366337b58c
SHA25665ba5cd9c1be909848f36535164a1addcaa4d3c97f78012fe5ad24cfead7497d
SHA5125239877c661732f5100706780d44c0749af5ea02f52b072ce47635e07050001c41a9b95fbf6d342ac1241c9bcdeb1c0bebbbfb72a81129feb42a538efa5c4e96
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
19KB
MD5dd7a99b2d828dd3f28fdd083fddf811c
SHA14d5c113f08fd7e9079d8288724f017ae047a30d7
SHA256079676d765f0f02d4b6e2710d33665cc1f79177bb6bf77b5dc71f0f82d5a00a1
SHA5123f76dca73e445869c29b79f838a3561f8f176b92758c8eedcd65d702f745c3699c88314f6e80ced852d26271356df6e94ee8a5c737a3404764313116924bd242
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
17KB
MD5a595452d7838eceaac72121881dcd470
SHA10205daf596d25a17d82238bae5dfeacf3f630d62
SHA256ed326e3debea9edd0d69bd4bfff726b37329447b8c7dd088b74356d875ab01cc
SHA512700f1f084ed33f94792146a5cb624b028ffb8df5720375c685d30df7cfeb6c62e30ae6a80aece1cb38fca3a5ae9eecd28b8131854c7a9669786e64891ace6686
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
20KB
MD52969f775332dc5e15349ac02050eefc1
SHA1ec9f57aec96423068a46680d7fb118d8c73812b0
SHA256eed4cb708cb19d91536478698de92aafa16fe9187126071d65e01200d24ebcf1
SHA5126a37f12c2d66b7e897b1e79885061dccc48f18b75cb51bf067acee5cbdadd737e0361ed486d274ab4310f177f7a79c0fe2ee1f68f564a28cfe5eab9946f85438
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
7KB
MD5b6b070368f207f7d5985fa97eceeb420
SHA12f9fdce5876fdc430f1460d7de017dfc6dd9f694
SHA256a077f2d5d21b0bd277ab94ebc228b0620a6b1932149d05de7eef44e2f0bd79b8
SHA512e1f27fcde001104fe8a6aa48502f114455895f656264f53240691ab4ecd3a12beaf16ef22943f274d723dddf087e9e701e4c7e382065529869a96d3e5dfb47ad
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD52fa5b15b9f159698bf21fd4300547d88
SHA1a7368c28fcb8e558657dd98e4151c904dba724b0
SHA2563139db4fe409c49f5c815f9e0d9e54a1dfed86c5f3e28cf15264e2096f67fec9
SHA512fa834f812c294991a4ed2e4a90cd8582f6b9f12056ce51465e5b17cdf51eebb479c4b90cd4839b157316d71456dd9808bfd5b4bfbaafd5782f51769a4d28e11e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
706B
MD5e24760a8633137d640efeb8057f4eb31
SHA15180e17ba54d3b8a9c44aa15c995413723dd5666
SHA2562f70cf47173bc3f6dacbc8b3bfaefd57c098b560d9ea0d29ca6d8d2e050a20ea
SHA51289482ec850e56839310d970c9e8693b2ac5a49aa3658d60cf0d9e166007086b757bffcef05600e11c05f2690f9298237f0688ffce8a22bbfcde7229aef400b37
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD59953cb4e0a58d6077dd4842338096e0a
SHA1178226dc7bf034b729b8a6f1bd282d70a740c04a
SHA256bdfdade8c1087e0cee7060b57915c36475687feaef38942a9c841478ef0fa5d2
SHA512791d2e113cc91b2f6d6bf0d6552ea53d5f4df3a282f4f8ebb6ec855b20c86ced8b45d79c570012a99863b9be75daee0673623a0b54c09a8481bd5046927edbb3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5454d6e405f8c25acd7bc510e5748aafc
SHA189b0350aa009b6727eb4313c3ae31765e8762f24
SHA256abd21c2463e77e529e9d61e26ed9d946b00bce11bba5232231905259501552ec
SHA512d00763f31e1676b24e7eb8a179300ddc1e6940280315f45d97130971bc4d06b8c475510777327d7f1317bd7a2961dbf4ba6711de2def87812131e9cfefb636aa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
7KB
MD5f70415c6152f85f25eb754032e1c1d83
SHA1e1c133c61174d55fe8c7c073f344e86c2dceb8d8
SHA2561848667846c7f789493ff1c5ed21acb7ac7db06101884d443406277078f5adfc
SHA512ce86486db51ab0c41737bf913d85dbdf6f1d13a3cfe67d5840844d4a87ba54a3b0e7e20f809630b3bd469fce0589ca8967242fdd5723b5533086dbfaf0305561
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
3KB
MD53a7f0ae4dadb5813129e8351f95aca57
SHA1d5314b051f0ed3979e55d47f777bc0bc2510063a
SHA256cf4f71d973023b33aed276efd0ddc2eb40c8e238a529216ffa30c85bdd5ee667
SHA512528b5f8c786bff0adbb2b2cb949cc7253c9ac0a2a48b735aa80d64a4258b60e17cdc149bc2a745fa762f98829d0d3467fa208477e71ac32365df6013982d8237
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD56591b466e95fc03f739e956c8b7d0483
SHA156bea8870dab25a89ea78ff29a8373c4c8a42e75
SHA256310201416ff0d0ad2006a57c1ebd94533b6995ac2c2e4136022254bb139b2ff4
SHA5128e634a25d8b531b14d2a10755a33567f870fc9689766c5e52a5226fcb30b84d26d6fba28270afbcfec9b8c32566aa1ebac898c29cec2ebbd9d988a55d70b33ae
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
6KB
MD577e6da393ce984c390a07a9428cf00af
SHA142801f27a3e999a8f6b8fccd456165660cd25398
SHA256102598059d37d9831af66337e629b1512a15c5d6853f6fa9c2a7afc1bb8cb3ac
SHA51272991f7ccb8af88a9a0275d3fd804aff78227cff7f35ff8fe543de54bb5aacaf3c89a51952b29d5ceee686c82ab8d6565b01bde8144d5f92a8d1a5e23fb1aeac
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
6KB
MD5bcccc4a3c549a54eef1e1db2ded4bafe
SHA1198057974da23139e5994998a5b82b6c8d00e21d
SHA256baa74f01981be3869253b07085f585f461b2c29106cb2ada9ef25f9f19f90707
SHA512e0c9b678336f79804320614f2d9289412d10c0877b8610b4050a566d940af08487243de33c03be55b1dd7ff3e4b83e234dc02e816f53cc66417027eb3db58f78
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
6KB
MD51f82f1f02a18ca9a0ff623f412b1c617
SHA1ddba976d97cda81e626ec5139e0e11b963b2bb74
SHA256c75aa8ea157aa3c3b7fba59dbe4d270319712f6fea3ab05fb710dab0131111e0
SHA512b3dc27e0b1553ab04104926c8f3e48a8ddf6c26d3a7cf856c3ec0ce20430eb89f7ff81e77ff22f5ee67d23001bf560cd5edf7149e2efec4a2fdfb76acba6e1e8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
7KB
MD5ccc4dd5f74e0f6d4339e9161aad9940b
SHA1ee9480d1779e27af35fc56bdd814f50a661fd787
SHA256dd44b75867762284e5a6a815adf280ec670b710bd3b96b066c78f4e37fe83827
SHA51271a04eb55604e21ade909b592e8d1209410305cb68291c6ee717bdbc148eae2f655a99a101751b855ee9f0146af540cd5038b5b20c6d284d1572a501914a4d94
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
7KB
MD5f3207a9bd0134b7a242929fe4fcdec98
SHA1fe288d80dd4a6fc5448ab0f5f110dcc9e8a872af
SHA256d92ee7125ef368f206f0472b35abf40d8762433ed796524b9db594606a6a6d80
SHA512887798729ee72af5af833d2d0df4648873293a9758b7b833fe3fb1f4e41bbe1d5cdc85c4a16103821b6c73618544844d0704fff2c41e033e457940fced025749
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
7KB
MD511f05b006c7e47822cdae0e3b72c0f15
SHA1af648056756d6b0252b910d8caf5366a1de98381
SHA256a7da48c91bfc3fcfdcf5a8f4c491b8376189b372b39826f7c4722d1b9bce70db
SHA5127c2e25f87d7f263d738b766b6c11e738f8312bed80a9b9e83585e678d92e95594c7af065e30ab33911c91c38c741d49a6d5b044aaf86fa4e2405054fd1d47701
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5aa59eebfca2e53c29f523b3f584b27a5
SHA1c5d45e827744e95b7d53fdd423ec7d784ddd5dea
SHA2565e10b44ac513c94b130684b8113568b50e3bf019786719f53fbe264ece7ea0c8
SHA5120fda72e12bebbd461ae64e6c558c105702de863c808e74eaf85101cbbef36a34cd198a4ba5036b1fac1414485e5340de30da7c125d71bc40c355db53737046a4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
5KB
MD5ec6645c44c13f016d0d28553c80338db
SHA1421b609b3f4e08b95c154a3ea8b3e771c7068c67
SHA256fcce49007ea717cd65d8474e8e7c5dd97c839bbcb12684cfbb155f741c06b401
SHA5123be19775c1985d9b6ee0411a8755a75c043c25c766c666b28613ff62bfdd34de01a3ac4f88103590b140b98af09aaa0180cb2c13829d97169f0f3d95ff9ccf1f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
6KB
MD5ac59236b4680393fd5b36c6964df318c
SHA1c75c6a7dbe3b90358e6299c78f06194a49bd1a3c
SHA2569379675711938d30c9b7cbcf6b09ceb18f760b7d127ba41c4773894728c7f975
SHA51273e85b5f54b01d6b6a8923bbfd0726b6c106fe0852cb043ab561231241cc5bfb734a2a7f621ef17a136c4a2e52d68c940ad1fdb0943fbdafc396438db47064e5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
6KB
MD5bbdf2f486708275a8a9f26d1e6c0d0f6
SHA1db3378d16fb38c5baf7720482ad734c87d805925
SHA256f90309735f3f0002fff798777c5d539676489fb1ef5368ff209c94157e11b0a9
SHA512cd49d80039aca4fe29fd5d915e8dbb49906c4c206fc143918766b6352c16617cbd94ed83d6e65b263b563e4c42832ed509032fa2c104609276029d655b341a09
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
6KB
MD5ee7dc8b26e69561e259df5773683eb4c
SHA168fc1ee1131c157aa442295d2229528bdb200e6e
SHA256c0345e497a56b2eebe127b190f93b577116fef0f9a7f6a3f33747ecc366c810b
SHA5128b05df94696ddea423b032181785575a2e8e46726cd9210fa359835d1bdc24d8bcb2dcf0730c637bbe225d744dcace580134d0531c9abdc168c2b32e1bff11e7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
7KB
MD58d64f5b81511fec0ce2bc595be0df8b7
SHA1caa22306e2ee967022402a6dd36ee72b7fdac885
SHA256788371ee38c004669c2f1cdb562da9a129e546c1fc77af7528a258d5d0413d18
SHA5124af44b9c939e2e50340f8e330beb4d531947b854139a7f40303d852abae04e66f3fb0657972fd4c020163c13b8d639f58b9a674d9316f5c78f88339639a45ae7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
4KB
MD5775fcf887e1abb52fca7d3de2e419a8d
SHA1d73207c33743ad63bd74d303e4d17183a8c71c8c
SHA256a9fc5daae8349cc10b9c10d5a4f6db14952cbf057d25df6346d0418d8e600b4c
SHA512d61640932cc5300c1fd144b8584e95d4c62ea13b696fc6e65ca07210ece6a8c827f722af3e7544d40f90f3c4fe9ea6619375e6a32d0ecfa65ce38652b0be865a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
7KB
MD5d3d30cf5185186891c36adfcb3e0c3a9
SHA192b94185eb530cb332463bbe27c45b1bc4a56afe
SHA256ba43f900be45c46e9710c64ae53219a64affa3aaad8d06594030ece0de960259
SHA5129a62bfc99ad4e122dd99ef642b5946cd207dc9af8bb5c964ce3bfdb5e4cb9d72d188367b6deddff5d15f604ba20e50923aa81adfa88c64d3f41ff53f4a779192
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
5KB
MD5d9c2d49bc38e88fe728647d6653d2bbf
SHA12ef8881a103db7d3f75d598ca526454677043b58
SHA25608623dd1efbf03bf3aafd44f6ebe104714091efa0e1b2e1462cfc93cc20d5094
SHA51219c6ee064c996e880056d2c87e821462ab3b97d156245db116bb9bc087de6bef07aa2e7a28cba6f6aedadcc8205e0f20850767b8b1c111e2886707f448f6370f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
7KB
MD5fe7dfb297757cabcb74040d08433074d
SHA141f027c90c909e4a56aca903e3cb1b706985ee8c
SHA25684139b8c0569fb543a1bbc2a0200796e70c2c6b034c7ab151b9ef2eeaf13859d
SHA5126fdcbc379e3d5e9ce2233e38dd98163384e2c0f5b4fa6d316ca7376de3a204940b3c71c084972b0fd9a7027332e0fa3914a7406ce869abcc076f92bb8129d984
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
6KB
MD5ff8f50914f32a4e8f15b158229401ac5
SHA1e41d0ccac05aadb5afcef71680e73779f0e69616
SHA256d609d40056d19c70d110a9cfa287f26b95eda7fd7d96cae37b8378912e875949
SHA512bfcf7e88c82123437c09cb54c9d0931b741d2dd501016c53ec04c41542609a464761b832ec1b391dc065ffc55aa2ed3e6e1c51b02da6514f86d692556577c311
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
2KB
MD5b477d925f134c9ae4545d74ec27bac43
SHA15096bf4dd06fb10105a3c941e54d589e6e1011e3
SHA256ae5846d18a44b01321072de95d67ee19065d710c707be0e15f6d6860c23f1783
SHA512a779bff2561888745b9f0f3764ca785a81c2809f0dfc25b77b435475d943a2fffad401622190dd12bce7b1ee35feb96778a6e059068f1082d0bb62b0fe586546
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5a933158ecacec22bccd1a7dd83706a5a
SHA1e7f896505f80dea9b942553179e31db793310adc
SHA256255221c57fd6fef022220a4a43fe04b14f31508c4f67a8e9ec8d212add38258f
SHA51271dc90983f29da304b184888e1d446fdb47d2dbb5559fe701244da7f1e389983668102759057673dfacfa3c1a86f88e4ed7cf69fd510184f4fc11a79c1fb36a8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD595990aac3bf4decba319498605bdceab
SHA1adc001f6280394b833731c34fa1860b26bbe9aa1
SHA25675754c48c673adf642f06e81bdd9e58efb3871a9a66a8be98cd62e4324236282
SHA5126dcb354179d5c09db1e590a034dbfe55e98b772677c9995bb48474e991271b8e327702514d343a6f95adab5c94bd67ce5d976a0c9f8acca5dc675abc3468baa4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD542194099091dc5a5c2dee967c83133dc
SHA1aceff326347752fb30a167f8dd58a7c34c7214ff
SHA256138e8aa137b354f50ecabd480a952c20c7297f927f99ed4d303fb19c3e1b6f99
SHA512ecc47f4d4147af62305563ee6fd3bb8394bb18b640f0c680a3a489c6101a52d90840e06477d044fce0510e1614323281c225e5bb361a54742286e8d1e6529390
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD53ce200fda1496d907a9cbeac6cb5ef92
SHA1659027a207eff122ee5d6eeb0eb7a700217f81c8
SHA256d0b1736717c10b7697ed27c754cd81c6b329ba79c34292976d666a038dfac3f8
SHA51212a4f9fd3d39b11ad1294bf86d4cd25c686936cac3d7a107a6a203b830258a02e79d2941d11fc26f56e0dce3429a906b43b87b6f4f356f64f04bdd08d553c7fb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD577b38316556c24d8809992fdb657f2be
SHA1472c9220dd9ecc5ef135dd6b9a42e20e4211bb5b
SHA25647dc071efbf27fa227ff0a5b04b118c3d01b37f0cb0d13b4d24bb18e10faf6a4
SHA5125c33a254266075d4b0a1c623b6b587c4053f3a9fe9f6000314118a691caf5069a395123cca5d49dd837596ccf663f13af50985b7534d4cc1dda069be5f4a777a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5b0fad63c52d8a7c67563ca8a8332b2b9
SHA1cd51dc2ceb52a1b9bcd73031b655a6163b0e4168
SHA256e72b2c957d6c10708b64e385e36ea3521e7cfe0cdd7ddb9787927ef6bb382c74
SHA51227b4fc76655daca0e121b5f558929d45887676e7cffa1932bb4b763d06bc674d5e44f294817c28cee11b78c1fdbfdf9b62916b075a10f1d9ad8cf073c3482938
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5222e7b9827c0512003f52dab2061be45
SHA1108cf4414edf10862d549a8ce97f1f4d41914dca
SHA256fd82ce0ad4dfeece5ebf0972282f74e0cff44eea70277a58af3b0d4bbbfe85fc
SHA512b03ef19fb6f3c8dd6c528c1e6d3a917a45075635d82b07bf6e477d01f7c1cccba62828d34f32b751522ae42661faa33ec6384b4b6e0e2cab4bdba02ff2f06391
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5a0d7b3c17165e22d7af397677eaa1f61
SHA19bea3fb66d4a6f13b278743deb0a8f0b2ead57a7
SHA2568534b7a9ee70775d27ba198f1283ceaaad509408fa349bb0fb7b481b377fd4ef
SHA51242f613e019588fbde7667af35621359ecc3f46318e128ba9173bd0d63f1a6e83e6ff7f59b0cd6c768f4b18fada5670038b8fbe72990ad515f4faac15800223cd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD522b8d1ebc452597ccd048f763ce219e4
SHA1930041a6ab59f36df35da07327e66483719341ec
SHA256aa3b4f9794d82b7b41672a993c3fad1173bf5a2415e932430d58ae7a2a28d1b7
SHA512c21c15362690955d67dff37f5fbfec717eccd41a47c2ba5f45578c3632ba120fb0f6abb2f8a887fc065bc5f333f587a65733248157cece90011760d55b37d14b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5990be3fdfaf49c96f12d26170a21d7c7
SHA1d26169a9cfc986866c82e5ed07b31900269b5e7c
SHA256b91a09e8ee3bdd632820087de4e4c32d14932e7b3b8e550555dd378f03afab3b
SHA5129b68df08ca011e88d3abf6cc70ab0c8fc6fd4c0ddd2603ae3a37aed07ae2f74a9ec39a206b87ed2fbe727a96aa69116c03d9b3bb3d30256e16977c69a6ce537f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD51b59b42d8628db44783a15419901a741
SHA1ec8c1cffce00d40f433cc9e61a59c15e102650e1
SHA256a274140b19123da0f887bea4717e7bfb56a62406331e5f4371b509e0f1ac4081
SHA512b841c38135835fa60dde89bf343baa1cea65b8053e2534fc4905584d3d0d5704ee53195829297384ae4badb9d1ea4935366cca82c52fd0eae0c32c9420278acf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD57d0bb4888e2a01551efdde2bb60ed8b1
SHA13e5dbdbdbab2809f42706e2dd737a1b72f7a1462
SHA2564fe972d5647400566ec0932944a60bf9d151d46dc5ca604da0fd6efb039faa85
SHA5122494a8597930c150cae288645d7199390e1e3e4e68d36002d99bed6c8e6b84d837809382e60907b5c3a792ea742e1ded3a2edece373fb8715d3c2f34a2b49891
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD52e738974ae6491851cd192d15ea1a658
SHA1124acc66ce76f27375c622aabdd82c63ca9f506f
SHA256b817f9e6e95006d0020e8e4ce49a6d5c60b150f21b8f70b4f6a7dd8e7b768841
SHA512fde7bef80409e013077c8319c86e2540c3901f8be53dfbaf20d2374a6515309e1cee370cdeaea002c3ea6d97a4cb01b901d6c613e6ef56d0e9ab1f2ef06ba66b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD594b3b90f1246d981d5bf8d6bc050cbb8
SHA1389d144f8c64c6077d432f2a954254325c56267d
SHA256d43d79732806820aa5f5232e7013a0a346ff4a74bb02abf2623a9d10c59b141c
SHA5127884564cce43c613ab0ba496cbd809471d2e9a5e2dc971744b914285708c9791a28e715f34cbaa4a73c1adbe3f1beab964e9aa3224fcce4aea9c8b613d0d49a2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5c28c95cfb9849dbe9c44f9335ea78081
SHA134d362c443fc14772e94fdb55b88334b339acb36
SHA2564606d41d39dbbccc41e6a3ee3545838eb7da2b0e20ce8c447e03d138ba8c631a
SHA5122eace911cf4605791aa08fe8048196c83991d590c70e0f4fefac1f535034b3772863d5a77aa1112456769509eea6abf9131aefcec7cbdc94f0469abca00cb9e9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5b034c7ff83abeb147b8246bd6709b92d
SHA1ee4c467b8f450165aa5f6b1960586280d611a641
SHA25645435f2563bda18d2c1f19501a1de3cc943f07970004ad6edf02c141f9f6c4ed
SHA512a26515c3d6682c9a928fba480e6535ec4ab80b9fdd7640b8014b6824f3d01ee77dcac9fc2e0928b0388ca64f9a372f4e8745ae5250ac7dd03cc641294739811b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
120B
MD50e78fdb3c415dfd9356c70f340f7fa12
SHA1d1462ab407acaa41fbf1067b58e862fde88165d7
SHA2565ecca3f464942d5e99473b882189af7eca45344e4d0616fbf43dca020a047f94
SHA5125b6f2e5df97cf0013c05e54822810ab33b89632de50b3aedf0abc1f245a674de2b8947de9da7463baf0c42313c3b0a2e7bb33b7c1a5fc63d6a9221cd76c720ef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
120B
MD54a5af2a48edd675d5fe7f33dfeda4575
SHA1c654ce87dcad1d0f596ef00ee787a9e98af023d9
SHA25627779c4de05e545c86eadf93c23419ed6604ebdfcb591eb3414eaf293d3bf61b
SHA512da170e4d0a5c4301aead93cf15765ba9143788ab8707a1fb803e802e38f1b683ee17c38855cebbc0dad63b9213f0b249ed1749d42f1ff3338f93fb74523f31bf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
120B
MD5ac63558e031939a585d73e6a463485eb
SHA1f6d45b9d7a3c654e79ccee081be67e894b66cd69
SHA2568604857dfce9c0318e4b0784824f7850bffe2dce23746531f2dedb49a333380a
SHA5126054274752c7abab4197b5cc5519c46359ba29a17dcc02fbcb931b4aec5361df59220af759114e3618cded0e7b4141766c7d4179f278349550bc7f5655a2d1c7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58ce86.TMPFilesize
120B
MD5bada0a60029dc973c5d21514f9360a64
SHA1a851f8bd43207ecaae6cb0d46614a337191ab10a
SHA25660806f1039aa73ae30396f1b4275746c52e6df1d26aec76f730bef4ff19c499e
SHA5123f8981616209fc1accd1fd4bb35f1fcffafe2f851ade6ac2e7d1cff0586676d6a1a9db67c951c1e7d57e58c0bac54332f91011a7bf47b82eee8af79496d382c7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
103KB
MD5cb7d530b7ec37c005a1a92ded10f483c
SHA1259271267c4275db9d690bca9216dc732fb78140
SHA25624e2694d5a7e79466b26144855241b9e89728116f78472c62c4952acb56fd729
SHA512e563973d5fe6fb7fff16452b420a311404c411296cf38da829a9c1f0d5cadf31711171824394bc0fc15aa9c9af7d8c89f7f20bfad75ba183ca84337f2c58281f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
202KB
MD5f23ffdea8166a40eda1977281157d09b
SHA1517b4ac8b0d1a99f45c20fc314e9d0a9ed697046
SHA256f344e0804e29c1b1b9e89809a58f2532a2c448d71ab46142d51de000f42af076
SHA512d52d08a06e965d04826d0ec787d39e8d61226c17fc33528c139a69113e7fa78794867da0a4c4c99471764f330101b878fe3ce35d0ca07d25ced66a849441e3f7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
202KB
MD5c4e6d3dd738bec44cef92a32c20383bf
SHA19f52249b719798f71a61c98ded397fc670e536e5
SHA25668d422e01aab72fcfdff43bf51b261ee525afa0aa8eebfbfc42860ff406a87a7
SHA51225ba9581857b36a1c7276b9fbae8722cf2f6da7359d5a2ecfc3bea7b4f3bcdc6163ad42fefc7b7ffdc9d28e1dedc5e41f5907392c7e74f038df73858afac4bda
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
202KB
MD5ae785730e39d30369807a2b3358648d9
SHA12ede47fd2889b6f460e81f3d8aafca811d485450
SHA2566058e9402ed8a755671edfeb7e1efec503ffc8c5fd6e5d059fe6545188538ce5
SHA5121d80cf1ccdc810a7e0ef773e9681a1f485e394d9edd53bdce705d41c4f5f6cd85f06fd96f1ee122118a343a77b72859df226db9bc028913c0f58974cc041dd80
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
201KB
MD5e042ebca4692ec78811644132e141a94
SHA126965f3a1b9c7d92c109c2ff314fbc00d998be6f
SHA2568664a211f0cf135280166a4a5f8debad50fa9dc6110a5848ab0d244e4f72713a
SHA51203c6a31955b57ebc6e5b9ba5f7aaed7cf3c4ea3443b8e179286df6bd58be3e418fb2f91539787d235a924f7ee5840c59cb0d312b54a132e1e18a66709224d966
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
201KB
MD51c26e3a58562e45e4c52c3d4c8ca4fc8
SHA144b5a871e6f405bb862df1a49f7f6436fc3e7457
SHA256df035ed055c5e2cfdb36190dbee9556c7c3d55826e60da12ca0c501cdd276e7c
SHA512f62592486fa8521831ae2590a9ff721d763b7dfd065325310427b94a2960266c183396b3f3eba982038631fce2d71c00728ffa9f61183aed1424b69101712156
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
201KB
MD59f1e1a463b08c505145be28d7e165155
SHA147a0046ef9cf58195ef01b2eb7ed5203faeeaeee
SHA2567fd1cdafdcf4e614970c7213385673184671d0c1c75d0900152e360f62f74222
SHA512d76774b4276f11f6d675dbcaeab412f626baed08ba8a8711b2661063e696108b2a55d779e11955e6f4c01b50afaaba483df6649629736491452677f80063fb7f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
219KB
MD5266cb0ba3f1c36b04732a422f3b24fea
SHA1bb7bfa92f589ce1cb71243301f0b04069491ec08
SHA256f65aaccd95bf5cfcb1c1f4045b45bd8408e078a59ca51ad6ffc91a38091f7acb
SHA51268b9840bd8862e0b35995d2c12aa118138a1a1b6649843a763d157dc456909e78f8ca52203c2c5adea3d92dcb574808a360877bb62271ffd1ff708da72a639fa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
201KB
MD554710f6737256d8dce7f4f669b404291
SHA136062676963bb95b474a39b998edfe574d112942
SHA256e2429a5ffea56ec296a61a987be5c8d8daedabd8c8349265a2a5c894fe7f3878
SHA512f081e7fd307532b50e80b5ec5c67e4658e0fe5db7d6fafcb36ee581a2222424b4e687e6f3741500ff1c30f3645eea994138203c3a7970947f918fd3d62abfc20
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
201KB
MD5c6184930d4244056d5f0e118e4b4f02f
SHA1ed203a4a0e3e68d429e2446462ef42615c99d8f2
SHA2569d57677a9aea3ec9c8ed246547188c633cec53c310914a44146653c41aa0f9d9
SHA51238687899b8664e86e360544d61643cdd77fc9590db61d882a90e9c7f0377cef1d5694bc74f6bdbe8a329aa4997def2595cbcb6d45746b9d592ac79a4b276b5ca
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
201KB
MD5f21192fe7f55a300c250e8b370baf553
SHA13dbbda7b72f8f3493c47f69c27536f630fc1f805
SHA256128b27d9fe921d0d945fe167fbd6423f5ef6637c5bbfe03fa18569990ae4673a
SHA512cfb370a344d88174781467c901657d3875b1cffb93692bc8da30330248614183cb5f55f2c2b3ff64cb231cb308f62a7f171bc21e76a6d42d9251da1c67ece374
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
201KB
MD50fcd418518168e592f767926c96c2e81
SHA1a24c50fa7aac49f84d506638139f1f98d306667a
SHA2569f9c2bcf439c0ba0d306b4b8f8ab17b925fa95188b40ad6feafd15f3b5a3bee2
SHA512e7dc944666c73f9d3f227b4bcba6e91c62c7fa58a8f5ba3d92cf970f60d0a9906ce5e8758e5db832b4df968455cf611abc7ed8734c9abb1668e3f4a49cdb56c1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
201KB
MD5f48b9cca4e494b16c233b396293fb215
SHA11c56bf2c47ee8735c271b90211d75fd44ee3376e
SHA256d887ecb43c9ff0a7aad598dd9c9e15b0c26b880f4be6da43c1af6f20f3df02c5
SHA512d35fc6f05d61d5c04cf96c3af743b485aa8694e12e3dc1ea31d23284a27cb532e2d1f9665c89830d98e9377c80fff97a859b8565d786ce179859036f93547b7a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
113KB
MD5e57f86d214dd6c6606ae47e9dcf38cb3
SHA1718a657eb2f11707224618f9c0ba8944c7b08ef3
SHA2565efa381fdd897e08f81bac5c87ece321c2641d04809fbde998c448355b1fd87b
SHA5128399ed819b4fbff9a84c9db46da90bafad921f1b13a336116f9369bb09aec9805764850a97465b4159698e2744ae188188d49b94edf7b0819aa19a8aff1e224f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
117KB
MD54bd8db0821a994fe32be52c952e66138
SHA1839030f82cde5e1ced7283215cef668d219a681a
SHA25675f96e173c85f5e26035a2454a76803f7c9a4cb092b05f8a1dd13cc4c51ecc22
SHA512786f2f86746f81471274e752574cdc8a6339cf70e367cefa0d2e0689483925b35a318b85b900fb0e6b0f1e43cc690f107ed5211d7ed1a0c204a574fd200cb236
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5c61bf.TMPFilesize
104KB
MD508c0000c256e7ab5eb8e662dc416c73e
SHA19652f00c49e17f96805c290bc3b3f87749cf36bb
SHA256b1f31331e352321343afb0c8ce2ffb6323f5cf6d34ed045b20b4014830ad4a94
SHA5128c1f5360ea102e0de5df304a9acd7dbfea6e0e584c4655a979b9b7b3ef759c282cd4f1a0b4de026f97fdeddbd501b36aa5fdf6079e4fe0af71c8edfdef11688f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\TEK1SANF\microsoft.windows[1].xmlFilesize
97B
MD588e99175b1b7d310e0fbe53c60d388c3
SHA1ac3c326df344a8240d9abf82eff3ef99eae6b430
SHA256fea3a8d15530a744cbbd8c0b32672badcbd06fd19b2e311600c1bc016de37af2
SHA512197b140abfc809b8da6348b2340ff93c06244a188f12ab0307877792597f36dbebc2c004ea1987c5b7dc5f9786f99a2201e655852c4e7ae6195400f1fe212154
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLLFilesize
40KB
MD548c00a7493b28139cbf197ccc8d1f9ed
SHA1a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLLFilesize
160KB
MD5237e13b95ab37d0141cf0bc585b8db94
SHA1102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA5129d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLLFilesize
60KB
MD5a334bbf5f5a19b3bdb5b7f1703363981
SHA16cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA5121fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLLFilesize
64KB
MD57c5aefb11e797129c9e90f279fbdf71b
SHA1cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLLFilesize
60KB
MD54fbbaac42cf2ecb83543f262973d07c0
SHA1ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA2566550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA5124146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLLFilesize
36KB
MD5b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA2568414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA5122c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLLFilesize
60KB
MD59fafb9d0591f2be4c2a846f63d82d301
SHA11df97aa4f3722b6695eac457e207a76a6b7457be
SHA256e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXEFilesize
268KB
MD55c91bf20fe3594b81052d131db798575
SHA1eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLLFilesize
28KB
MD50cbf0f4c9e54d12d34cd1a772ba799e1
SHA140e55eb54394d17d2d11ca0089b84e97c19634a7
SHA2566b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLPFilesize
8KB
MD5466d35e6a22924dd846a043bc7dd94b8
SHA135e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA51223b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INFFilesize
2KB
MD5e4a499b9e1fe33991dbcfb4e926c8821
SHA1951d4750b05ea6a63951a7667566467d01cb2d42
SHA25649e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLBFilesize
28KB
MD5f1656b80eaae5e5201dcbfbcd3523691
SHA16f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA2563f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTEULA.TXTFilesize
13KB
MD57070b77ed401307d2e9a0f8eaaaa543b
SHA1975d161ded55a339f6d0156647806d817069124d
SHA256225d227abbd45bf54d01dfc9fa6e54208bf5ae452a32cc75b15d86456a669712
SHA5121c2257c9f99cf7f794b30c87ed42e84a23418a74bd86d12795b5175439706417200b0e09e8214c6670ecd22bcbe615fcaa23a218f4ca822f3715116324ad8552
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INFFilesize
7KB
MD5b127d9187c6dbb1b948053c7c9a6811f
SHA1b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA51288e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLLFilesize
52KB
MD5316999655fef30c52c3854751c663996
SHA1a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA5125555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLLFilesize
2KB
MD57210d5407a2d2f52e851604666403024
SHA1242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA5121755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLLFilesize
4KB
MD54be7661c89897eaa9b28dae290c3922f
SHA14c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA5122035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ADVPACK.DLLFilesize
73KB
MD581e5c8596a7e4e98117f5c5143293020
SHA145b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA2567d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA51205b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6
-
C:\Users\Admin\AppData\Local\Temp\mbam\qt-jl-icons\2057f1da2a0.icoFilesize
4KB
MD591a74c169917bee7cb2c8ef9dc74ecbe
SHA18633b44ae58c4b201078114d925f551b36c549b0
SHA2561e5eaee00708bb44d5d053ee25da5b273ad855b7f49456268dcdebac5d5d5710
SHA512d5274c14e4f1aa99d5ead0cafa5f42fad074092944d6f48c3fb0cc6a311f958f97e23fdeba3c5639fae0751f692f9e5f85dd065baf2638291f2ba2a42c4afb72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-msFilesize
6KB
MD55bc1d4890ed9d6a0c00f0941d9409163
SHA18982d059b76072ecb4b51a65a5b67a4334f8aad4
SHA2562a3a8649a7737291a52d9ba8f9ebca15639758c97171e586dae357ea41ab2d26
SHA512eff3a0d598a7a3ef47a538c940c656a114e75d088b00086be1c9847e402010fdc801985cc4e1cd9e346b66f7b1b9c90d4a00de063c0c200e236966e168438388
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-msFilesize
4KB
MD530e4404894e5b649122b4140cad74650
SHA17dc3c6333449d154d135ebafca73f032ca691011
SHA2562546792ddfa44f5a7fb6e6663404e66b685b7ef2148c17925666bc7b7b16fa24
SHA512a3280acce987476ad48a7f5d98a933cfbddf5bd01bfa4583974cce93f60eb1b0e68cee59da9c0b05aeacda3283614908ae368844153233e1a4ae2f684774d51f
-
C:\Users\Admin\Downloads\BonzifyMaster_archive.torrentFilesize
1KB
MD518a7a648137e5045ca56747b5ae71e83
SHA179b76c4061df3851b9d353be707be5798e9b8e8c
SHA256a94acc80c353f6f443a309ab0366ee09bd4d6591a8743675682374cafe91c1ff
SHA512c2f2cbf71e7718c72cc85481f9084bea3a9b371fc31bdc7cd9d4b36bb23b5365d088c45f5cdbbf21c2ccbb152c18df265f1be9aad46654e964232878a8c6d53b
-
C:\Users\Admin\Downloads\Unconfirmed 109950.crdownloadFilesize
6.4MB
MD5fba93d8d029e85e0cde3759b7903cee2
SHA1525b1aa549188f4565c75ab69e51f927204ca384
SHA25666f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA5127c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
-
C:\Windows\System32\catroot2\dberr.txtFilesize
147KB
MD5056fa3fda79cd1788032eb15cb5c6b72
SHA1052388995b2a1a0de35d3ae13bf1c5ef71ec8bf4
SHA2568517038fa62c9531cabc17d9aede607363a9751c8302d9fb6073e0437e7ef9b4
SHA512b765dad79b494e033d0c71b9420dc17115a997bc8c55998211e8299ae83f288480ede389f2240d43d8f4e30bf7f1b59d05c0c7e0d4c84aabb42d0e12488b1239
-
C:\Windows\System32\drivers\mbam.sysFilesize
76KB
MD51e88c7a4bd3748f8958155cd285588a2
SHA1191956f5ca82a4b191b8d05bfa3d0d5abaf75e49
SHA256fbcdd69bbe5a49be001c9e236773b108657767e59ace47989968ab304344009e
SHA51236a873af86bc921adf15ad8b5c973a37a1639c2ac3bbff0dc412f32014927a7c5e73e30b3e28861e0b616c1774395a459ecc00a0c8063958d42753553f7062bb
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\7z.dllFilesize
1.6MB
MD5ab8f0c1a37c0df5c8924aab509db42c9
SHA153dba959124e6d740829bda2360e851bcb85cce8
SHA2566e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\7z.dllFilesize
1.6MB
MD5ab8f0c1a37c0df5c8924aab509db42c9
SHA153dba959124e6d740829bda2360e851bcb85cce8
SHA2566e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\ctlrpkg\mbae64.sysFilesize
154KB
MD595515708f41a7e283d6725506f56f6f2
SHA19afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\servicepkg\MBAMService.exeFilesize
8.9MB
MD52d5f7e54f0678f45e8d07b4ab1f32a2e
SHA18db3e26e974b1098f8c9a7c7be8a770394d243cb
SHA25643676ff9573b8d29fb3f46c0e4381009eba37dec0ecb053aaec424e60a4eef29
SHA512ef7009d8269a29e1ce5e542ef9305dbe702b9778b13ba483b0efea01b19b013c899d3528154047f4fa13b2393972b0c091d2eab02eea0b252fc80d152d1d608c
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\servicepkg\mbamelam.catFilesize
10KB
MD560608328775d6acf03eaab38407e5b7c
SHA19f63644893517286753f63ad6d01bc8bfacf79b1
SHA2563ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA5129f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\servicepkg\mbamelam.infFilesize
2KB
MD5c481ad4dd1d91860335787aa61177932
SHA181633414c5bf5832a8584fb0740bc09596b9b66d
SHA256793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\servicepkg\mbamelam.sysFilesize
20KB
MD59e77c51e14fa9a323ee1635dc74ecc07
SHA1a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\servicepkg\mbshlext.dllFilesize
2.7MB
MD5b7e5071b317550d93258f7e1e13e7b6f
SHA12d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA5129c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qmlFilesize
1KB
MD5d8c9674c0e9bddbd8aa59a9d343cf462
SHA1490aa022ac31ddce86d5b62f913b23fbb0de27c2
SHA2561ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7
SHA5120b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82
-
C:\Windows\Temp\MBInstallTemp8736258f57d311ee8d3dc2c9425c9a59\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qmlFilesize
1KB
MD5829769b2741d92df3c5d837eee64f297
SHA1f61c91436ca3420c4e9b94833839fd9c14024b69
SHA256489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0
SHA5124061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521
-
\??\pipe\crashpad_4324_MYZYLDMAWHUFLVENMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2872-4832-0x0000015AD9C80000-0x0000015ADA066000-memory.dmpFilesize
3.9MB
-
memory/2872-5537-0x0000015AD9C80000-0x0000015ADA066000-memory.dmpFilesize
3.9MB
-
memory/2872-3814-0x0000015AD9C80000-0x0000015ADA066000-memory.dmpFilesize
3.9MB
-
memory/2872-5132-0x0000015AD9C80000-0x0000015ADA066000-memory.dmpFilesize
3.9MB
-
memory/2872-5460-0x0000015AD9C80000-0x0000015ADA066000-memory.dmpFilesize
3.9MB
-
memory/4412-5304-0x000002057D160000-0x000002057D170000-memory.dmpFilesize
64KB
-
memory/4412-5287-0x00007FFA6CC00000-0x00007FFA6D01E000-memory.dmpFilesize
4.1MB
-
memory/4412-5288-0x00007FFA6C690000-0x00007FFA6CBFB000-memory.dmpFilesize
5.4MB
-
memory/4412-5286-0x00007FF6E8FC0000-0x00007FF6EA661000-memory.dmpFilesize
22.6MB
-
memory/5872-6356-0x0000013A6CCB0000-0x0000013A6CCB2000-memory.dmpFilesize
8KB
-
memory/5872-4829-0x0000013A6D630000-0x0000013A6D830000-memory.dmpFilesize
2.0MB
-
memory/5872-4810-0x00007FFA6C690000-0x00007FFA6CBFB000-memory.dmpFilesize
5.4MB
-
memory/5872-6363-0x0000013A6CCC0000-0x0000013A6CCC2000-memory.dmpFilesize
8KB
-
memory/5872-4823-0x0000013A6AD60000-0x0000013A6AD70000-memory.dmpFilesize
64KB
-
memory/5872-6362-0x0000013A6CCA0000-0x0000013A6CCA2000-memory.dmpFilesize
8KB
-
memory/5872-6361-0x0000013A6CCB0000-0x0000013A6CCB2000-memory.dmpFilesize
8KB
-
memory/5872-6360-0x0000013A6CC80000-0x0000013A6CC82000-memory.dmpFilesize
8KB
-
memory/5872-6359-0x0000013A6CCC0000-0x0000013A6CCC2000-memory.dmpFilesize
8KB
-
memory/5872-6357-0x0000013A6CCB0000-0x0000013A6CCB2000-memory.dmpFilesize
8KB
-
memory/5872-4826-0x0000013A6D1F0000-0x0000013A6D630000-memory.dmpFilesize
4.2MB
-
memory/5872-6354-0x0000013A6CCA0000-0x0000013A6CCA2000-memory.dmpFilesize
8KB
-
memory/5872-6353-0x0000013A6CCA0000-0x0000013A6CCA2000-memory.dmpFilesize
8KB
-
memory/5872-4809-0x00007FFA6CC00000-0x00007FFA6D01E000-memory.dmpFilesize
4.1MB
-
memory/5872-6342-0x0000013A6CC70000-0x0000013A6CC71000-memory.dmpFilesize
4KB
-
memory/5872-6341-0x0000013A6CC80000-0x0000013A6CC82000-memory.dmpFilesize
8KB
-
memory/5872-6097-0x0000013A6CC90000-0x0000013A6CC92000-memory.dmpFilesize
8KB
-
memory/5872-6094-0x0000013A6CC80000-0x0000013A6CC82000-memory.dmpFilesize
8KB
-
memory/5872-6093-0x0000013A6CC80000-0x0000013A6CC82000-memory.dmpFilesize
8KB
-
memory/5872-6092-0x0000013A6CC70000-0x0000013A6CC71000-memory.dmpFilesize
4KB
-
memory/5872-6091-0x0000013A6CC70000-0x0000013A6CC71000-memory.dmpFilesize
4KB
-
memory/5872-6088-0x0000013A6CC70000-0x0000013A6CC71000-memory.dmpFilesize
4KB
-
memory/5872-6087-0x0000013A6CC70000-0x0000013A6CC71000-memory.dmpFilesize
4KB
-
memory/5872-6083-0x0000013A6CC70000-0x0000013A6CC71000-memory.dmpFilesize
4KB
-
memory/5872-6084-0x0000013A6CC70000-0x0000013A6CC71000-memory.dmpFilesize
4KB
-
memory/5872-6077-0x0000013A6CB60000-0x0000013A6CB61000-memory.dmpFilesize
4KB
-
memory/5872-6076-0x0000013A6CB60000-0x0000013A6CB61000-memory.dmpFilesize
4KB
-
memory/5872-6075-0x0000013A6CB60000-0x0000013A6CB61000-memory.dmpFilesize
4KB