Malware Analysis Report

2024-11-16 12:27

Sample ID 240312-qs772aca49
Target ChromeSetup.exe
SHA256 e570807ea164132b6ed35c7a50e80799e0a6195717712d4e304de67d53711ebf
Tags
xworm discovery exploit persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e570807ea164132b6ed35c7a50e80799e0a6195717712d4e304de67d53711ebf

Threat Level: Known bad

The file ChromeSetup.exe was found to be: Known bad.

Malicious Activity Summary

xworm discovery exploit persistence rat trojan

Xworm

Detect Xworm Payload

Xworm family

Modifies AppInit DLL entries

Modifies Installed Components in the registry

Downloads MZ/PE file

Possible privilege escalation attempt

Executes dropped EXE

Modifies file permissions

Loads dropped DLL

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Unsigned PE

Program crash

NTFS ADS

Uses Task Scheduler COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Kills process with taskkill

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: LoadsDriver

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Checks processor information in registry

Modifies Internet Explorer settings

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-12 13:32

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-12 13:32

Reported

2024-03-12 14:03

Platform

win10-20240221-en

Max time kernel

1799s

Max time network

1728s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Downloads MZ/PE file

Modifies AppInit DLL entries

persistence

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\SET3A8C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SysWOW64\SET3A8C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3887.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3888.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3889.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\SET3A79.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\rescache\_merged\4032412167\2900507189.pri C:\Windows\explorer.exe N/A
File created C:\Windows\msagent\SET3883.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3883.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3884.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3886.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\SET389E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3889.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\fonts\SET3A7A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\help\SET3A79.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\SET3A7A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SET3A7B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Downloads\Bonzify.exe N/A
File opened for modification C:\Windows\msagent\SET3885.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET388A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SET3A7B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\rescache\_merged\2717123927\3950266016.pri C:\Windows\explorer.exe N/A
File created C:\Windows\finalDestruction.bin C:\Users\Admin\Downloads\Bonzify.exe N/A
File created C:\Windows\msagent\SET3887.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\netrasa.PNF \??\c:\windows\system32\svchost.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3884.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET389F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SET3A78.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SET388B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET388C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET389F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET3A78.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3886.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SET388B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\executables.bin C:\Users\Admin\Downloads\Bonzify.exe N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\help\SET388D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3885.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3888.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET388A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET388C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SET3A77.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\SET388D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\intl\SET389E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET3A77.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\takeown.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff4800000037000000ce0400009c020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1024105594" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053cc7a0eed2515479bf31208e699f77e00000000020000000000106600000001000020000000d6f1bdf842e53c33630084efcee886bdf6d86a1670a51a205fc84092ae28cda0000000000e8000000002000020000000ff529a0c145815f918ffcda5e2f6673de46c1b180e18c2afddb5548ce06ab01b2000000054fd7c76493fcd091456998873b2f1f53716aa3d7893419291672ba686bd3812400000006ade0b08effc88f2b789cb78945a391133df44a2ec033ff53e63133f70fe51b4d14860248c8df1f24a63c3d6df2ec3109bca8ba33338c26f30a205f147d3b3c4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ac123d8474da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1024105594" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68707447-E077-11EE-B1B7-CA85FA0F64D0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31093892" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053cc7a0eed2515479bf31208e699f77e000000000200000000001066000000010000200000008f2b68ee242f09819d926527ab213342ef90ed5c183b222553965693404f1fce000000000e80000000020000200000005fdd3bb9e459cee1f24b27550568dabb29fa9983bb74a8ef186aee282169bb5d2000000079dd7c697e0d6c32e0105b30c8341bdd2c802b2e7b2037ee3c65646a725609404000000051627ae3b3f8c3e98837c910e3216cad58aedf7981c98db86815b5911baf2795710f89d678a9ef54077b83ee447edd3965075803ba629ec9e54246cb9dab56af C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60f6143d8474da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31093892" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547240290823083" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\CLSID\ = "{D45FD301-5C6E-11D1-9EC1-00C04FD7081F}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lwv C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Control C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\shellex C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\ = "IAgentCtlBalloonEx" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCharacter" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlAudioObject" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\ = "IAgentCtlUserInput" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ProgID\ = "Agent.Server.2" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommand" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Programmable C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\LWVFile\ = "Microsoft Linguistically Enhanced Sound File" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ToolboxBitmap32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\VersionIndependentProgID C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\BonziBuddy-master.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3712 wrote to memory of 3488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 3488 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 2384 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 4708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 4708 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3712 wrote to memory of 1864 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff991839758,0x7ff991839768,0x7ff991839778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1860 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4012 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4688 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3016 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3052 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6072 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5864 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5744 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4616 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4808 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3740 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.0.1099075557\1358909008" -parentBuildID 20221007134813 -prefsHandle 1676 -prefMapHandle 1640 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2ce7098-9f1c-4931-8945-3b1c5421e1f1} 696 "\\.\pipe\gecko-crash-server-pipe.696" 1760 2281d0b5b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.1.845310633\134975602" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c92ecf73-ea9b-4350-a707-a1751e6a27c6} 696 "\\.\pipe\gecko-crash-server-pipe.696" 2116 2281cc40c58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.2.2057451923\1961877899" -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 3060 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efac30ba-e9b4-487e-9a54-39a1945d76ca} 696 "\\.\pipe\gecko-crash-server-pipe.696" 2832 2282129ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.3.546792716\1253515358" -childID 2 -isForBrowser -prefsHandle 1076 -prefMapHandle 2148 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f46bb734-b847-4fae-9a92-8714dd8a9285} 696 "\\.\pipe\gecko-crash-server-pipe.696" 3324 22822012458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.4.1120169609\1783134778" -childID 3 -isForBrowser -prefsHandle 4104 -prefMapHandle 4100 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3e96291-5685-422d-bc1e-20b6fb116abb} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4116 228226e3b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.5.194350028\1524679445" -childID 4 -isForBrowser -prefsHandle 4816 -prefMapHandle 4764 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c0f2df0-cb7d-4e88-a94e-253be1262655} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4776 228235e7758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.6.509338041\414630891" -childID 5 -isForBrowser -prefsHandle 4680 -prefMapHandle 4272 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72966b1c-794f-4982-9471-8446324fc843} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4996 228235e6b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.7.945698039\776179665" -childID 6 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dd2623e-6269-4592-83ce-17dcabef7abc} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4844 228235e7d58 tab

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1528 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1588 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4032 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x348

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2652 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3848 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1852 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2052 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Users\Admin\Downloads\ChromeSetup.exe

"C:\Users\Admin\Downloads\ChromeSetup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5468 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6000 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5160 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6216 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6444 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.0.1677577672\1119020498" -parentBuildID 20221007134813 -prefsHandle 1580 -prefMapHandle 1568 -prefsLen 20747 -prefMapSize 233527 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c7f1b0b-c97f-40bd-9ad7-0822a8113cb6} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 1564 20c51cfaa58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.1.2099204706\737008544" -parentBuildID 20221007134813 -prefsHandle 1976 -prefMapHandle 1972 -prefsLen 20792 -prefMapSize 233527 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aedece5e-049e-4f1b-a90c-439bab3d4dce} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 2000 20c46eddf58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.2.576934174\1557043190" -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 21253 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9b9125e-7a90-4014-a805-b0e466b2005d} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 2748 20c5589d158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.3.1757419053\1465612762" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26431 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e4651e8-3da7-4887-8183-e0ef6fff7c4b} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 3540 20c46e5e958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.4.1485248198\1835330830" -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3904 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04eb6981-6d77-4051-b5d7-207d1a8aa1f1} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 3928 20c57443858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.5.762378290\1532611016" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4896 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bebed5f-e0f7-4063-902c-6922072fb4b0} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4900 20c5847f758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.6.2032887917\949408092" -childID 5 -isForBrowser -prefsHandle 4860 -prefMapHandle 4844 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {343fa55e-a5d4-4adb-a6c4-3656582f7dec} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4852 20c58480058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.7.1928573094\1293284734" -childID 6 -isForBrowser -prefsHandle 4528 -prefMapHandle 5124 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86c6e247-bc3c-4c84-b947-2fb283349620} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4944 20c58480658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.8.536270691\930444354" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 5544 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7439e60-71a3-4458-915c-726abdf187af} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5552 20c582c1e58 tab

C:\Windows\System32\SystemSettingsBroker.exe

C:\Windows\System32\SystemSettingsBroker.exe -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k localservice -s SstpSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Windows\System32\SystemSettingsBroker.exe

C:\Windows\System32\SystemSettingsBroker.exe -Embedding

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k netsvcs -s RasMan

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.9.1986624518\870881771" -parentBuildID 20221007134813 -prefsHandle 5948 -prefMapHandle 5944 -prefsLen 26930 -prefMapSize 233527 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35ebab33-b4b0-41d8-8426-46c10c5eea7b} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5956 20c5ac72958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.10.1937038282\1850310627" -childID 8 -isForBrowser -prefsHandle 6184 -prefMapHandle 5940 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ab2a0d1-095e-4b9e-b26d-eafd402c4192} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6196 20c5ac73558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.11.828168599\1166637770" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5092 -prefMapHandle 5056 -prefsLen 26930 -prefMapSize 233527 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c974a773-a975-406f-93ca-c3017c42e802} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4920 20c56913b58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.12.1389275702\1482006137" -childID 9 -isForBrowser -prefsHandle 6408 -prefMapHandle 6356 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9377837-9d1d-431f-95bc-39a9e4cfc44b} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6100 20c5abb3558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.13.1639246989\379144365" -childID 10 -isForBrowser -prefsHandle 5296 -prefMapHandle 4936 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67765c63-8605-46b4-9621-fd725eeed822} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5008 20c586d8058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.14.1779161168\1251417016" -childID 11 -isForBrowser -prefsHandle 4968 -prefMapHandle 4972 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a906896-2c98-4e66-9fcd-836ad84d075d} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6356 20c586d7758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.15.1974390151\818823398" -childID 12 -isForBrowser -prefsHandle 10428 -prefMapHandle 10404 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e393229-d0af-4b0e-a09b-9aa4dbfa567a} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10396 20c5ac71758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.16.1093348868\366493503" -childID 13 -isForBrowser -prefsHandle 10256 -prefMapHandle 10252 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e38b97a-9b62-4234-86d2-c4a65e45e2f5} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10264 20c5ac73b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.17.575006241\2050144842" -childID 14 -isForBrowser -prefsHandle 10060 -prefMapHandle 10056 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca595f9b-e15e-4377-aa68-a3bc1386cf40} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10068 20c5ac73258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.18.2144037064\175981929" -childID 15 -isForBrowser -prefsHandle 4980 -prefMapHandle 4964 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1b97488-abe6-4b5c-b230-5926598cedf8} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6360 20c59185e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.19.878702701\1102747220" -childID 16 -isForBrowser -prefsHandle 5408 -prefMapHandle 5988 -prefsLen 26939 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa853d84-7f6c-4bd3-a5a4-65b7b8e44077} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4924 20c586d9b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.20.548878788\1934876299" -childID 17 -isForBrowser -prefsHandle 10044 -prefMapHandle 10440 -prefsLen 26939 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19462118-13da-4adc-8e10-8908e11db6d2} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10308 20c5ac72658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.21.29134499\1322343867" -childID 18 -isForBrowser -prefsHandle 10196 -prefMapHandle 5660 -prefsLen 26939 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85670e18-a1c5-4dec-ba37-14ca8f42a671} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10436 20c5b466358 tab

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-master.zip\BonziBuddy-master\.github\bbabilities2.gif

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4308 CREDAT:82945 /prefetch:2

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-master.zip\BonziBuddy-master\gatsby-node.js"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.22.908105103\1763492025" -childID 19 -isForBrowser -prefsHandle 5084 -prefMapHandle 2324 -prefsLen 26979 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {339eadd2-65cb-4243-b635-f3e5af339f4c} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 2648 20c5a287458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.23.405433703\1864608723" -childID 20 -isForBrowser -prefsHandle 5232 -prefMapHandle 2648 -prefsLen 26979 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe8ce077-f6f0-4907-bf23-24fbb4bddb84} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5348 20c5ac71d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.24.1844759870\1046835858" -childID 21 -isForBrowser -prefsHandle 4824 -prefMapHandle 5556 -prefsLen 26979 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35627696-ec09-4e69-a07d-7077ad616ce1} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5700 20c5328d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.25.932439139\1431688177" -childID 22 -isForBrowser -prefsHandle 10360 -prefMapHandle 5216 -prefsLen 26988 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f184417-659f-4fa8-8c42-4879f6ce8295} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 9876 20c5ac16258 tab

C:\Users\Admin\Downloads\Bonzify.exe

"C:\Users\Admin\Downloads\Bonzify.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im AgentSvr.exe

C:\Windows\SysWOW64\takeown.exe

takeown /r /d y /f C:\Windows\MsAgent

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.15063.0_none_6fc3bae99f1dce71\WpcTok.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.15063.0_none_6fc3bae99f1dce71\WpcTok.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.15063.0_none_6fc3bae99f1dce71\WpcTok.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSSVC.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSSVC.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSSVC.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSUNATD.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSUNATD.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSUNATD.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.15063.0_none_7a7f08f436397aad\FileExplorer.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.15063.0_none_7a7f08f436397aad\FileExplorer.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.15063.0_none_7a7f08f436397aad\FileExplorer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core_31bf3856ad364e35_10.0.15063.0_none_c6209afdaf9f22bc\fhmanagew.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core_31bf3856ad364e35_10.0.15063.0_none_c6209afdaf9f22bc\fhmanagew.exe"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core_31bf3856ad364e35_10.0.15063.0_none_c6209afdaf9f22bc\fhmanagew.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\FileHistory.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\FileHistory.exe"

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\FileHistory.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.15063.0_none_d38595d50ceb30bc\FilePicker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.15063.0_none_d38595d50ceb30bc\FilePicker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.15063.0_none_d38595d50ceb30bc\FilePicker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.15063.0_none_2aa18c3b5e266749\fltMC.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.15063.0_none_2aa18c3b5e266749\fltMC.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.15063.0_none_2aa18c3b5e266749\fltMC.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-findstr_31bf3856ad364e35_10.0.15063.0_none_3843649b928360ec\findstr.exe"

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-findstr_31bf3856ad364e35_10.0.15063.0_none_3843649b928360ec\findstr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-findstr_31bf3856ad364e35_10.0.15063.0_none_3843649b928360ec\findstr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fodhelper-ux_31bf3856ad364e35_10.0.15063.0_none_4403434aa91e2007\fodhelper.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fodhelper-ux_31bf3856ad364e35_10.0.15063.0_none_4403434aa91e2007\fodhelper.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fodhelper-ux_31bf3856ad364e35_10.0.15063.0_none_4403434aa91e2007\fodhelper.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fontview_31bf3856ad364e35_10.0.15063.0_none_5577e678ef45bf6c\fontview.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fontview_31bf3856ad364e35_10.0.15063.0_none_5577e678ef45bf6c\fontview.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fontview_31bf3856ad364e35_10.0.15063.0_none_5577e678ef45bf6c\fontview.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.15063.0_none_663748d9165783b2\forfiles.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.15063.0_none_663748d9165783b2\forfiles.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.15063.0_none_663748d9165783b2\forfiles.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fsavailux_31bf3856ad364e35_10.0.15063.0_none_bbdc5c1c56a0a003\fsavailux.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fsavailux_31bf3856ad364e35_10.0.15063.0_none_bbdc5c1c56a0a003\fsavailux.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fsavailux_31bf3856ad364e35_10.0.15063.0_none_bbdc5c1c56a0a003\fsavailux.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.15063.0_none_dd77edb228bb5599\fsutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.15063.0_none_dd77edb228bb5599\fsutil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.15063.0_none_dd77edb228bb5599\fsutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ftp_31bf3856ad364e35_10.0.15063.0_none_bdff37299158b71e\ftp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ftp_31bf3856ad364e35_10.0.15063.0_none_bdff37299158b71e\ftp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ftp_31bf3856ad364e35_10.0.15063.0_none_bdff37299158b71e\ftp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\LocationNotificationWindows.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\LocationNotificationWindows.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\LocationNotificationWindows.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\WindowsActionDialog.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\WindowsActionDialog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\WindowsActionDialog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpresult.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpresult.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpresult.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpupdate.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpupdate.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpupdate.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.15063.0_none_bae6f1b1935516b4\fontdrvhost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.15063.0_none_bae6f1b1935516b4\fontdrvhost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.15063.0_none_bae6f1b1935516b4\fontdrvhost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-getmac_31bf3856ad364e35_10.0.15063.0_none_1d126ff3dac9cbd1\getmac.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-getmac_31bf3856ad364e35_10.0.15063.0_none_1d126ff3dac9cbd1\getmac.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-getmac_31bf3856ad364e35_10.0.15063.0_none_1d126ff3dac9cbd1\getmac.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.15063.0_none_49a4f8dbda83d75d\powershell_ise.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.15063.0_none_49a4f8dbda83d75d\powershell_ise.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.15063.0_none_49a4f8dbda83d75d\powershell_ise.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.15063.0_none_762b11bba87afc55\gpscript.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.15063.0_none_762b11bba87afc55\gpscript.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.15063.0_none_762b11bba87afc55\gpscript.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.15063.0_none_b39bfe17767c9267\grpconv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.15063.0_none_b39bfe17767c9267\grpconv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.15063.0_none_b39bfe17767c9267\grpconv.exe" /grant "everyone":(f)

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-h..icfirstrun.appxmain_31bf3856ad364e35_10.0.15063.0_none_83dc6003e01c7937\MixedRealityPortal.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-h..icfirstrun.appxmain_31bf3856ad364e35_10.0.15063.0_none_83dc6003e01c7937\MixedRealityPortal.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-h..icfirstrun.appxmain_31bf3856ad364e35_10.0.15063.0_none_83dc6003e01c7937\MixedRealityPortal.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-help-client_31bf3856ad364e35_10.0.15063.0_none_7d2c695b66e56a55\HelpPane.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-help-client_31bf3856ad364e35_10.0.15063.0_none_7d2c695b66e56a55\HelpPane.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-help-client_31bf3856ad364e35_10.0.15063.0_none_7d2c695b66e56a55\HelpPane.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-holoshell.appxmain_31bf3856ad364e35_10.0.15063.0_none_34ae4307b90cabc4\HoloShellApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-holoshell.appxmain_31bf3856ad364e35_10.0.15063.0_none_34ae4307b90cabc4\HoloShellApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-holoshell.appxmain_31bf3856ad364e35_10.0.15063.0_none_34ae4307b90cabc4\HoloShellApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.15063.0_none_d969cfebbd8b347c\hh.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.15063.0_none_d969cfebbd8b347c\hh.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.15063.0_none_d969cfebbd8b347c\hh.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-csp_31bf3856ad364e35_10.0.15063.0_none_f923819944a6f585\hvsievaluator.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-csp_31bf3856ad364e35_10.0.15063.0_none_f923819944a6f585\hvsievaluator.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-csp_31bf3856ad364e35_10.0.15063.0_none_f923819944a6f585\hvsievaluator.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.15063.0_none_11c96e64248ffa9d\vfpctrl.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.15063.0_none_11c96e64248ffa9d\vfpctrl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.15063.0_none_11c96e64248ffa9d\vfpctrl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_10.0.15063.0_none_35b3a50d81f066f6\ImagingDevices.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_10.0.15063.0_none_35b3a50d81f066f6\ImagingDevices.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_10.0.15063.0_none_35b3a50d81f066f6\ImagingDevices.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.15063.0_none_ddbbb06b516e5f13\iexplore.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.15063.0_none_ddbbb06b516e5f13\iexplore.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.15063.0_none_ddbbb06b516e5f13\iexplore.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.15063.0_none_eb8784774de6a9ad\iscsicli.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.15063.0_none_eb8784774de6a9ad\iscsicli.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.15063.0_none_eb8784774de6a9ad\iscsicli.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.15063.0_none_2bd1e3a1cfd67be0\SystemSettings.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.15063.0_none_2bd1e3a1cfd67be0\SystemSettings.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.15063.0_none_2bd1e3a1cfd67be0\SystemSettings.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCLNWZ.EXE"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCLNWZ.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCLNWZ.EXE" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCPROP.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCPROP.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCPROP.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.15063.0_none_43c87849dec8eac3\icacls.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.15063.0_none_43c87849dec8eac3\icacls.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.15063.0_none_43c87849dec8eac3\icacls.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.15063.0_none_2c028519c752071f\dccw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.15063.0_none_2c028519c752071f\dccw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.15063.0_none_2c028519c752071f\dccw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.15063.0_none_4b6c90a3d99e2006\colorcpl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.15063.0_none_4b6c90a3d99e2006\colorcpl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.15063.0_none_4b6c90a3d99e2006\colorcpl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12chooser_31bf3856ad364e35_11.0.15063.0_none_e1d96673d71865a4\F12Chooser.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12chooser_31bf3856ad364e35_11.0.15063.0_none_e1d96673d71865a4\F12Chooser.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12chooser_31bf3856ad364e35_11.0.15063.0_none_e1d96673d71865a4\F12Chooser.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.15063.0_none_4153431b7e6a9b04\msfeedssync.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.15063.0_none_4153431b7e6a9b04\msfeedssync.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.15063.0_none_4153431b7e6a9b04\msfeedssync.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.15063.0_none_9e5f4352ad06261f\mshta.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.15063.0_none_9e5f4352ad06261f\mshta.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.15063.0_none_9e5f4352ad06261f\mshta.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.0.15063.0_none_5be5810e34f9fd65\iediagcmd.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.0.15063.0_none_5be5810e34f9fd65\iediagcmd.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.0.15063.0_none_5be5810e34f9fd65\iediagcmd.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.15063.0_none_4b7b603814e3516a\ielowutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.15063.0_none_4b7b603814e3516a\ielowutil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.15063.0_none_4b7b603814e3516a\ielowutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\iexpress.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\iexpress.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\iexpress.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\wextract.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\wextract.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\wextract.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.0.15063.0_none_730314b2672e2d8d\ExtExport.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.0.15063.0_none_730314b2672e2d8d\ExtExport.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.0.15063.0_none_730314b2672e2d8d\ExtExport.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.15063.0_none_7467541abda71808\ieUnatt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.15063.0_none_7467541abda71808\ieUnatt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.15063.0_none_7467541abda71808\ieUnatt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-serviceworkerhost_31bf3856ad364e35_10.0.15063.0_none_f85cac2e43af7bfe\ServiceWorkerHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-serviceworkerhost_31bf3856ad364e35_10.0.15063.0_none_f85cac2e43af7bfe\ServiceWorkerHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-serviceworkerhost_31bf3856ad364e35_10.0.15063.0_none_f85cac2e43af7bfe\ServiceWorkerHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.15063.0_none_0ad609360221e0ad\ie4uinit.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.15063.0_none_0ad609360221e0ad\ie4uinit.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.15063.0_none_0ad609360221e0ad\ie4uinit.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.0.15063.0_none_2da12d30354af4c0\ieinstal.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.0.15063.0_none_2da12d30354af4c0\ieinstal.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.0.15063.0_none_2da12d30354af4c0\ieinstal.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.15063.0_none_6b7bc361308b8a86\WMSvc.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x410

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.15063.0_none_6b7bc361308b8a86\WMSvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.15063.0_none_6b7bc361308b8a86\WMSvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.15063.0_none_9234ad40ead4b732\InetMgr6.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.15063.0_none_9234ad40ead4b732\InetMgr6.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.15063.0_none_9234ad40ead4b732\InetMgr6.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.15063.0_none_98e77699f3e6352a\InetMgr.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.15063.0_none_98e77699f3e6352a\InetMgr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.15063.0_none_98e77699f3e6352a\InetMgr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.15063.0_none_4a45d10e5ac1db0e\inetinfo.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.15063.0_none_4a45d10e5ac1db0e\inetinfo.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.15063.0_none_4a45d10e5ac1db0e\inetinfo.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\appcmd.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\appcmd.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\appcmd.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\aspnetca.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\aspnetca.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\aspnetca.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisreset.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisreset.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisreset.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisrstas.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisrstas.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisrstas.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iissetup.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iissetup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iissetup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.15063.0_none_e72dde21b301025d\IMCCPHR.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.15063.0_none_e72dde21b301025d\IMCCPHR.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.15063.0_none_e72dde21b301025d\IMCCPHR.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.15063.0_none_7da85cf8d4de2361\InfDefaultInstall.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.15063.0_none_7da85cf8d4de2361\InfDefaultInstall.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.15063.0_none_7da85cf8d4de2361\InfDefaultInstall.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.15063.0_none_5a954e05bee89c0d\msiexec.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.15063.0_none_5a954e05bee89c0d\msiexec.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.15063.0_none_5a954e05bee89c0d\msiexec.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.15063.0_none_d12d9b8e26686bfa\MuiUnattend.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.15063.0_none_d12d9b8e26686bfa\MuiUnattend.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.15063.0_none_d12d9b8e26686bfa\MuiUnattend.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.15063.0_none_5d4dca3950bd5bb9\ipconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.15063.0_none_5d4dca3950bd5bb9\ipconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.15063.0_none_5d4dca3950bd5bb9\ipconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-irftp_31bf3856ad364e35_10.0.15063.0_none_67ce1a25b7105221\irftp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-irftp_31bf3856ad364e35_10.0.15063.0_none_67ce1a25b7105221\irftp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-irftp_31bf3856ad364e35_10.0.15063.0_none_67ce1a25b7105221\irftp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.15063.0_none_e8ff03ea94e0988c\iscsicpl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.15063.0_none_e8ff03ea94e0988c\iscsicpl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.15063.0_none_e8ff03ea94e0988c\iscsicpl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-isoburn_31bf3856ad364e35_10.0.15063.0_none_f7468058d209fb04\isoburn.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-isoburn_31bf3856ad364e35_10.0.15063.0_none_f7468058d209fb04\isoburn.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-isoburn_31bf3856ad364e35_10.0.15063.0_none_f7468058d209fb04\isoburn.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.15063.0_none_999dd15739f791d8\ktmutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.15063.0_none_999dd15739f791d8\ktmutil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.15063.0_none_999dd15739f791d8\ktmutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-l..nstaller-comhandler_31bf3856ad364e35_10.0.15063.0_none_3259fa94c3558942\LanguageComponentsInstallerComHandler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-l..nstaller-comhandler_31bf3856ad364e35_10.0.15063.0_none_3259fa94c3558942\LanguageComponentsInstallerComHandler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-l..nstaller-comhandler_31bf3856ad364e35_10.0.15063.0_none_3259fa94c3558942\LanguageComponentsInstallerComHandler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-label_31bf3856ad364e35_10.0.15063.0_none_6842e50103173914\label.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-label_31bf3856ad364e35_10.0.15063.0_none_6842e50103173914\label.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-label_31bf3856ad364e35_10.0.15063.0_none_6842e50103173914\label.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ldifde_31bf3856ad364e35_10.0.15063.0_none_31fb19fd41a13522\ldifde.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ldifde_31bf3856ad364e35_10.0.15063.0_none_31fb19fd41a13522\ldifde.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ldifde_31bf3856ad364e35_10.0.15063.0_none_31fb19fd41a13522\ldifde.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.15063.0_none_f387fb9c810fa2b6\hdwwiz.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.15063.0_none_f387fb9c810fa2b6\hdwwiz.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.15063.0_none_f387fb9c810fa2b6\hdwwiz.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.15063.0_none_f883ebc20cc094ca\LockApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.15063.0_none_f883ebc20cc094ca\LockApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.15063.0_none_f883ebc20cc094ca\LockApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lockapphost_31bf3856ad364e35_10.0.15063.0_none_0cba64789bfd5c16\LockAppHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lockapphost_31bf3856ad364e35_10.0.15063.0_none_0cba64789bfd5c16\LockAppHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lockapphost_31bf3856ad364e35_10.0.15063.0_none_0cba64789bfd5c16\LockAppHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lpkinstall_31bf3856ad364e35_10.0.15063.0_none_1a46de6983dae7b8\lpkinstall.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lpkinstall_31bf3856ad364e35_10.0.15063.0_none_1a46de6983dae7b8\lpkinstall.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lpkinstall_31bf3856ad364e35_10.0.15063.0_none_1a46de6983dae7b8\lpkinstall.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpksetup.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpksetup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpksetup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpremove.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpremove.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpremove.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.15063.0_none_4e7f7ad6cb1d2087\lsass.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.15063.0_none_4e7f7ad6cb1d2087\lsass.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.15063.0_none_4e7f7ad6cb1d2087\lsass.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lua_31bf3856ad364e35_10.0.15063.0_none_b75e366b959a24e0\consent.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lua_31bf3856ad364e35_10.0.15063.0_none_b75e366b959a24e0\consent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lua_31bf3856ad364e35_10.0.15063.0_none_b75e366b959a24e0\consent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.15063.0_none_50af37c8f560d163\bash.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.15063.0_none_50af37c8f560d163\bash.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.15063.0_none_50af37c8f560d163\bash.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-installer_31bf3856ad364e35_10.0.15063.0_none_1525b04a87b3edd7\LxRun.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-installer_31bf3856ad364e35_10.0.15063.0_none_1525b04a87b3edd7\LxRun.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-installer_31bf3856ad364e35_10.0.15063.0_none_1525b04a87b3edd7\LxRun.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_10.0.15063.0_none_39fa0c051f7a048c\MdRes.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_10.0.15063.0_none_39fa0c051f7a048c\MdRes.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_10.0.15063.0_none_39fa0c051f7a048c\MdRes.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.15063.0_none_20872449ae70f822\mmc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.15063.0_none_20872449ae70f822\mmc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.15063.0_none_20872449ae70f822\mmc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.15063.0_none_5563c0977685c595\odbcad32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.15063.0_none_5563c0977685c595\odbcad32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.15063.0_none_5563c0977685c595\odbcad32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.15063.0_none_813120118f809dfc\cliconfg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.15063.0_none_813120118f809dfc\cliconfg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.15063.0_none_813120118f809dfc\cliconfg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.15063.0_none_8fe2a8c1a908d138\EASPolicyManagerBrokerHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.15063.0_none_8fe2a8c1a908d138\EASPolicyManagerBrokerHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.15063.0_none_8fe2a8c1a908d138\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.15063.0_none_a4ea7575b2863db1\MdSched.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.15063.0_none_a4ea7575b2863db1\MdSched.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.15063.0_none_a4ea7575b2863db1\MdSched.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.15063.0_none_db2639cea4666169\MbaeParserTask.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.15063.0_none_db2639cea4666169\MbaeParserTask.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.15063.0_none_db2639cea4666169\MbaeParserTask.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqbkup.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqbkup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqbkup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqsvc.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ge-capture-pipeline_31bf3856ad364e35_10.0.15063.0_none_f7874c61413dfbcd\MixedRealityCapture.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ge-capture-pipeline_31bf3856ad364e35_10.0.15063.0_none_f7874c61413dfbcd\MixedRealityCapture.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ge-capture-pipeline_31bf3856ad364e35_10.0.15063.0_none_f7874c61413dfbcd\MixedRealityCapture.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.15063.0_none_6badce134411d35c\mblctr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.15063.0_none_6badce134411d35c\mblctr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.15063.0_none_6badce134411d35c\mblctr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.15063.0_none_c6d59a10fd695c44\FsIso.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.15063.0_none_c6d59a10fd695c44\FsIso.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.15063.0_none_c6d59a10fd695c44\FsIso.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.15063.0_none_0d07ce77359b6878\SecureAssessmentBrowser.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.15063.0_none_0d07ce77359b6878\SecureAssessmentBrowser.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.15063.0_none_0d07ce77359b6878\SecureAssessmentBrowser.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.15063.0_none_b49bde28ded2f8e1\ucsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.15063.0_none_b49bde28ded2f8e1\ucsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.15063.0_none_b49bde28ded2f8e1\ucsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\doskey.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\doskey.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\doskey.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\find.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\find.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\find.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\print.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\print.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\print.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\replace.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\replace.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\replace.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\subst.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\subst.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\subst.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.15063.0_none_1eafad097b3c26e6\ModalSharePickerHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.15063.0_none_1eafad097b3c26e6\ModalSharePickerHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.15063.0_none_1eafad097b3c26e6\ModalSharePickerHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.15063.0_none_d1b1ac6aac061a18\wmprph.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.15063.0_none_d1b1ac6aac061a18\wmprph.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.15063.0_none_d1b1ac6aac061a18\wmprph.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.15063.0_none_7e3b33e33c38d6d7\PresentationSettings.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.15063.0_none_7e3b33e33c38d6d7\PresentationSettings.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.15063.0_none_7e3b33e33c38d6d7\PresentationSettings.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.15063.0_none_1e8ab3b62aebef6a\odbcconf.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.15063.0_none_1e8ab3b62aebef6a\odbcconf.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.15063.0_none_1e8ab3b62aebef6a\odbcconf.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.15063.0_none_7f41b0a5d17e992b\Magnify.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.15063.0_none_7f41b0a5d17e992b\Magnify.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.15063.0_none_7f41b0a5d17e992b\Magnify.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mail-app_31bf3856ad364e35_10.0.15063.0_none_026c06c18883ec63\WinMail.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mail-app_31bf3856ad364e35_10.0.15063.0_none_026c06c18883ec63\WinMail.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mail-app_31bf3856ad364e35_10.0.15063.0_none_026c06c18883ec63\WinMail.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.15063.0_none_01e35b1fa20d9246\makecab.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.15063.0_none_01e35b1fa20d9246\makecab.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.15063.0_none_01e35b1fa20d9246\makecab.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.15063.0_none_e75e9f9d0b5ad3c2\mmgaserver.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.15063.0_none_e75e9f9d0b5ad3c2\mmgaserver.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.15063.0_none_e75e9f9d0b5ad3c2\mmgaserver.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.15063.0_none_bc611a88528e688d\fixmapi.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.15063.0_none_bc611a88528e688d\fixmapi.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.15063.0_none_bc611a88528e688d\fixmapi.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.15063.0_none_5610865856ee34af\MDMAgent.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.15063.0_none_5610865856ee34af\MDMAgent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.15063.0_none_5610865856ee34af\MDMAgent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.15063.0_none_aac266c5d4de38a1\MDMAppInstaller.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.15063.0_none_aac266c5d4de38a1\MDMAppInstaller.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.15063.0_none_aac266c5d4de38a1\MDMAppInstaller.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.15063.0_none_ad730875459063eb\mfpmp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.15063.0_none_ad730875459063eb\mfpmp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.15063.0_none_ad730875459063eb\mfpmp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.15063.0_none_2c0e89d778c97945\wmlaunch.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.15063.0_none_2c0e89d778c97945\wmlaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.15063.0_none_2c0e89d778c97945\wmlaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpconfig.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmplayer.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmplayer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmplayer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpshare.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpshare.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpshare.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.15063.0_none_fc546570fad79187\logagent.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.15063.0_none_fc546570fad79187\logagent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.15063.0_none_fc546570fad79187\logagent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\setup_wm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\setup_wm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\setup_wm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\unregmp2.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\unregmp2.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\unregmp2.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdge.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdge.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdge.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdgeCP.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdgeCP.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdgeCP.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.15063.0_none_69bbb0ec140eb63c\mighost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.15063.0_none_69bbb0ec140eb63c\mighost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.15063.0_none_69bbb0ec140eb63c\mighost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-miracastview.appxmain_31bf3856ad364e35_10.0.15063.0_none_3d8834d7dbd2a689\MiracastView.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-miracastview.appxmain_31bf3856ad364e35_10.0.15063.0_none_3d8834d7dbd2a689\MiracastView.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-miracastview.appxmain_31bf3856ad364e35_10.0.15063.0_none_3d8834d7dbd2a689\MiracastView.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.15063.0_none_0064b2c78d23d765\mobsync.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.15063.0_none_0064b2c78d23d765\mobsync.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.15063.0_none_0064b2c78d23d765\mobsync.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.15063.0_none_c36d52a68a42056a\mountvol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.15063.0_none_c36d52a68a42056a\mountvol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.15063.0_none_c36d52a68a42056a\mountvol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.15063.0_none_2898eaeff590ab5c\auditpol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.15063.0_none_2898eaeff590ab5c\auditpol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.15063.0_none_2898eaeff590ab5c\auditpol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.15063.0_none_f0b22df7eb3a6b30\MSchedExe.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.15063.0_none_f0b22df7eb3a6b30\MSchedExe.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.15063.0_none_f0b22df7eb3a6b30\MSchedExe.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.15063.0_none_eb8e17bcd68ec9f9\msconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.15063.0_none_eb8e17bcd68ec9f9\msconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.15063.0_none_eb8e17bcd68ec9f9\msconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.15063.0_none_b6963b2c565532e6\msdt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.15063.0_none_b6963b2c565532e6\msdt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.15063.0_none_b6963b2c565532e6\msdt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.15063.0_none_9758d85423af97b8\msinfo32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.15063.0_none_9758d85423af97b8\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.15063.0_none_9758d85423af97b8\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.15063.0_none_bcf04010327d02a0\msinfo32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.15063.0_none_bcf04010327d02a0\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.15063.0_none_bcf04010327d02a0\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.15063.0_none_393a5d12f5d3e91a\mqtgsvc.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.15063.0_none_393a5d12f5d3e91a\mqtgsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.15063.0_none_393a5d12f5d3e91a\mqtgsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.15063.0_none_9f315fde27607282\mspaint.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.15063.0_none_9f315fde27607282\mspaint.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.15063.0_none_9f315fde27607282\mspaint.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.15063.0_none_2b207574eda70e50\mcbuilder.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.15063.0_none_2b207574eda70e50\mcbuilder.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.15063.0_none_2b207574eda70e50\mcbuilder.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.15063.0_none_9f98741fe88ed514\BackgroundTransferHost.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.15063.0_none_9f98741fe88ed514\BackgroundTransferHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.15063.0_none_9f98741fe88ed514\BackgroundTransferHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.15063.0_none_f5a9a21d2c7306c6\NetEvtFwdr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.15063.0_none_f5a9a21d2c7306c6\NetEvtFwdr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.15063.0_none_f5a9a21d2c7306c6\NetEvtFwdr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.15063.0_none_8136139ab73880ae\NetCfgNotifyObjectHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.15063.0_none_8136139ab73880ae\NetCfgNotifyObjectHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.15063.0_none_8136139ab73880ae\NetCfgNotifyObjectHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.15063.0_none_cf31b229dc87b1a1\Narrator.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.15063.0_none_cf31b229dc87b1a1\Narrator.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.15063.0_none_cf31b229dc87b1a1\Narrator.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.15063.0_none_af245dab572dabc2\nbtstat.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.15063.0_none_af245dab572dabc2\nbtstat.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.15063.0_none_af245dab572dabc2\nbtstat.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_63462ab9ab45c943\net.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_63462ab9ab45c943\net.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_63462ab9ab45c943\net.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_97efccaa8d61e3b6\net1.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_97efccaa8d61e3b6\net1.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_97efccaa8d61e3b6\net1.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.15063.0_none_7178a19b3012e0cd\netbtugc.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.15063.0_none_7178a19b3012e0cd\netbtugc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.15063.0_none_7178a19b3012e0cd\netbtugc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.15063.0_none_2142b4f18a48407d\netcfg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.15063.0_none_2142b4f18a48407d\netcfg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.15063.0_none_2142b4f18a48407d\netcfg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.15063.0_none_fe6a8dff4930a284\Netplwiz.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.15063.0_none_fe6a8dff4930a284\Netplwiz.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.15063.0_none_fe6a8dff4930a284\Netplwiz.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.15063.0_none_70b4cf7730a78bba\netsh.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.15063.0_none_70b4cf7730a78bba\netsh.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.15063.0_none_70b4cf7730a78bba\netsh.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.15063.0_none_18fdca143ee4528f\bridgeunattend.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.15063.0_none_18fdca143ee4528f\bridgeunattend.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.15063.0_none_18fdca143ee4528f\bridgeunattend.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.15063.0_none_2e97707bc6105930\LegacyNetUXHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.15063.0_none_2e97707bc6105930\LegacyNetUXHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.15063.0_none_2e97707bc6105930\LegacyNetUXHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\ndadmin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\ndadmin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\ndadmin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\newdev.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\newdev.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\newdev.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\nfsadmin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\nfsadmin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\nfsadmin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\rpcinfo.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\rpcinfo.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\rpcinfo.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\showmount.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\showmount.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\showmount.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\mount.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\mount.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\mount.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\umount.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\umount.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\umount.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.15063.0_none_bdf655ee7b62cf8c\nfsclnt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.15063.0_none_bdf655ee7b62cf8c\nfsclnt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.15063.0_none_bdf655ee7b62cf8c\nfsclnt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_10.0.15063.0_none_53dda61833dbc731\notepad.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_10.0.15063.0_none_53dda61833dbc731\notepad.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_10.0.15063.0_none_53dda61833dbc731\notepad.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.15063.0_none_802e66b4a8ce74db\notepad.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.15063.0_none_802e66b4a8ce74db\notepad.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.15063.0_none_802e66b4a8ce74db\notepad.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.15063.0_none_dc944d299f4147ed\nslookup.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.15063.0_none_dc944d299f4147ed\nslookup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.15063.0_none_dc944d299f4147ed\nslookup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.15063.0_none_3e098bc8ad9cca4d\OOBENetworkConnectionFlow.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.15063.0_none_3e098bc8ad9cca4d\OOBENetworkConnectionFlow.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.15063.0_none_3e098bc8ad9cca4d\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.15063.0_none_5ac8e66dc4f41fb7\Fondue.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.15063.0_none_5ac8e66dc4f41fb7\Fondue.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.15063.0_none_5ac8e66dc4f41fb7\Fondue.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.15063.0_none_bb5aba0e13c80b21\dasHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.15063.0_none_bb5aba0e13c80b21\dasHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.15063.0_none_bb5aba0e13c80b21\dasHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.15063.0_none_5352ed23f360146f\OOBENetworkCaptivePortal.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.15063.0_none_5352ed23f360146f\OOBENetworkCaptivePortal.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.15063.0_none_5352ed23f360146f\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.15063.0_none_ce7f342a6c769cf7\ofdeploy.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.15063.0_none_ce7f342a6c769cf7\ofdeploy.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.15063.0_none_ce7f342a6c769cf7\ofdeploy.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.15063.0_none_dc62da3fc66fefa8\FirstLogonAnim.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.15063.0_none_dc62da3fc66fefa8\FirstLogonAnim.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.15063.0_none_dc62da3fc66fefa8\FirstLogonAnim.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.15063.0_none_1e92236e3c0062a9\msoobe.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.15063.0_none_1e92236e3c0062a9\msoobe.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.15063.0_none_1e92236e3c0062a9\msoobe.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.15063.0_none_94fac2eb5f00ca4b\UserOOBEBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.15063.0_none_94fac2eb5f00ca4b\UserOOBEBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.15063.0_none_94fac2eb5f00ca4b\UserOOBEBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.15063.0_none_f83a403a2332e36b\openfiles.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.15063.0_none_f83a403a2332e36b\openfiles.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.15063.0_none_f83a403a2332e36b\openfiles.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.15063.0_none_7e34a7e5ab829f02\OpenWith.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.15063.0_none_7e34a7e5ab829f02\OpenWith.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.15063.0_none_7e34a7e5ab829f02\OpenWith.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.15063.0_none_777ad383267da96b\OptionalFeatures.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.15063.0_none_777ad383267da96b\OptionalFeatures.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.15063.0_none_777ad383267da96b\OptionalFeatures.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.15063.0_none_f310177e01b1811e\tcmsetup.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.15063.0_none_f310177e01b1811e\tcmsetup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.15063.0_none_f310177e01b1811e\tcmsetup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.15063.0_none_7d443ad9ecf1cbd0\ntoskrnl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.15063.0_none_7d443ad9ecf1cbd0\ntoskrnl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.15063.0_none_7d443ad9ecf1cbd0\ntoskrnl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.15063.0_none_bbd0aca592bd6ae9\osk.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.15063.0_none_bbd0aca592bd6ae9\osk.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.15063.0_none_bbd0aca592bd6ae9\osk.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.15063.0_none_5206261f1378192b\desktopimgdownldr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.15063.0_none_5206261f1378192b\desktopimgdownldr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.15063.0_none_5206261f1378192b\desktopimgdownldr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.15063.0_none_b481f63064666ea7\WpcUapApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.15063.0_none_b481f63064666ea7\WpcUapApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.15063.0_none_b481f63064666ea7\WpcUapApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.15063.0_none_0853c4529bd43688\pwlauncher.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.15063.0_none_0853c4529bd43688\pwlauncher.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.15063.0_none_0853c4529bd43688\pwlauncher.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.15063.0_none_e76818d92ebb0454\printui.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.15063.0_none_e76818d92ebb0454\printui.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.15063.0_none_e76818d92ebb0454\printui.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ionsimulationdevice_31bf3856ad364e35_10.0.15063.0_none_8c91bbc89bdb0560\PerceptionSimulationDevice.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ionsimulationdevice_31bf3856ad364e35_10.0.15063.0_none_8c91bbc89bdb0560\PerceptionSimulationDevice.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ionsimulationdevice_31bf3856ad364e35_10.0.15063.0_none_8c91bbc89bdb0560\PerceptionSimulationDevice.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\diskperf.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\diskperf.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\diskperf.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\logman.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\logman.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\logman.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\relog.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\relog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\relog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\tracerpt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\tracerpt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\tracerpt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\typeperf.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\typeperf.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\typeperf.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.15063.0_none_1a6f9170b98dddd0\powercfg.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.15063.0_none_1a6f9170b98dddd0\powercfg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.15063.0_none_1a6f9170b98dddd0\powercfg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.15063.0_none_adc2ec279770e76a\PrintIsolationHost.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.15063.0_none_adc2ec279770e76a\PrintIsolationHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.15063.0_none_adc2ec279770e76a\PrintIsolationHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.15063.0_none_5c0336e176732c9f\WpcMon.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.15063.0_none_5c0336e176732c9f\WpcMon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.15063.0_none_5c0336e176732c9f\WpcMon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.15063.0_none_3cc172c3143596cf\printfilterpipelinesvc.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.15063.0_none_3cc172c3143596cf\printfilterpipelinesvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.15063.0_none_3cc172c3143596cf\printfilterpipelinesvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.15063.0_none_01175375b63af00c\ntprint.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.15063.0_none_01175375b63af00c\ntprint.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.15063.0_none_01175375b63af00c\ntprint.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.15063.0_none_c4f067d86940c645\plasrv.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.15063.0_none_c4f067d86940c645\plasrv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.15063.0_none_c4f067d86940c645\plasrv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.15063.0_none_9be63ee70131f3aa\wpnpinst.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.15063.0_none_9be63ee70131f3aa\wpnpinst.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.15063.0_none_9be63ee70131f3aa\wpnpinst.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..spaces-creator-tool_31bf3856ad364e35_10.0.15063.0_none_806743e6508512ad\pwcreator.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..spaces-creator-tool_31bf3856ad364e35_10.0.15063.0_none_806743e6508512ad\pwcreator.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..spaces-creator-tool_31bf3856ad364e35_10.0.15063.0_none_806743e6508512ad\pwcreator.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\lodctr.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\lodctr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\lodctr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\unlodctr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\unlodctr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\unlodctr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpq.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpq.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpq.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpr.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmEngine.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmEngine.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmEngine.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmUi.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmUi.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmUi.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.15063.0_none_b7a58a094557495d\PnPUnattend.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.15063.0_none_b7a58a094557495d\PnPUnattend.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.15063.0_none_b7a58a094557495d\PnPUnattend.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.15063.0_none_7b95e107f7fe4a21\PackageInspector.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.15063.0_none_7b95e107f7fe4a21\PackageInspector.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.15063.0_none_7b95e107f7fe4a21\PackageInspector.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.15063.0_none_fdeb9d552c12ff0f\PkgMgr.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.15063.0_none_fdeb9d552c12ff0f\PkgMgr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.15063.0_none_fdeb9d552c12ff0f\PkgMgr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.15063.0_none_a3773526b0c3b2e2\ApproveChildRequest.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.15063.0_none_a3773526b0c3b2e2\ApproveChildRequest.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.15063.0_none_a3773526b0c3b2e2\ApproveChildRequest.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.15063.0_none_063fa71d3876cdbb\pcwrun.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.15063.0_none_063fa71d3876cdbb\pcwrun.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.15063.0_none_063fa71d3876cdbb\pcwrun.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\perfmon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\perfmon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\perfmon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\resmon.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\resmon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\resmon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.15063.0_none_bec1449b872a26f6\PickerHost.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.15063.0_none_bec1449b872a26f6\PickerHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.15063.0_none_bec1449b872a26f6\PickerHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PATHPING.EXE"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PATHPING.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PATHPING.EXE" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PING.EXE"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PING.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PING.EXE" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\TRACERT.EXE"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\TRACERT.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\TRACERT.EXE" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.15063.0_none_f9f50ac2838d283b\DeviceEject.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.15063.0_none_f9f50ac2838d283b\DeviceEject.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.15063.0_none_f9f50ac2838d283b\DeviceEject.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.15063.0_none_0e779bcaf5563fd6\pnputil.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.15063.0_none_0e779bcaf5563fd6\pnputil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.15063.0_none_0e779bcaf5563fd6\pnputil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.15063.0_none_7a29d7ed3b015cec\powershell.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.15063.0_none_7a29d7ed3b015cec\powershell.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.15063.0_none_7a29d7ed3b015cec\powershell.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.15063.0_none_96267e4211f788b3\PrintDialog.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.15063.0_none_96267e4211f788b3\PrintDialog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.15063.0_none_96267e4211f788b3\PrintDialog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost3d_31bf3856ad364e35_10.0.15063.0_none_f84efaddd7ac3203\PrintDialogHost3D.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost3d_31bf3856ad364e35_10.0.15063.0_none_f84efaddd7ac3203\PrintDialogHost3D.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost3d_31bf3856ad364e35_10.0.15063.0_none_f84efaddd7ac3203\PrintDialogHost3D.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost_31bf3856ad364e35_10.0.15063.0_none_45b8a69fcfd72d8c\PrintDialogHost.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost_31bf3856ad364e35_10.0.15063.0_none_45b8a69fcfd72d8c\PrintDialogHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost_31bf3856ad364e35_10.0.15063.0_none_45b8a69fcfd72d8c\PrintDialogHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\splwow64.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\splwow64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\splwow64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\spoolsv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\spoolsv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\spoolsv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.15063.0_none_bbe663b4ac5f809e\w3wp.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.15063.0_none_bbe663b4ac5f809e\w3wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.15063.0_none_bbe663b4ac5f809e\w3wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_38dad110cb33e151\proquota.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_38dad110cb33e151\proquota.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_38dad110cb33e151\proquota.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.15063.0_none_c8e2de6b6854073d\provtool.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.15063.0_none_c8e2de6b6854073d\provtool.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.15063.0_none_c8e2de6b6854073d\provtool.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.15063.0_none_7b9c596abcc179e5\provlaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.15063.0_none_7b9c596abcc179e5\provlaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.15063.0_none_7b9c596abcc179e5\provlaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.15063.0_none_a60f9982853b9f8e\ProximityUxHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.15063.0_none_a60f9982853b9f8e\ProximityUxHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.15063.0_none_a60f9982853b9f8e\ProximityUxHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.15063.0_none_0f14a5b4a7919f86\quickassist.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.15063.0_none_0f14a5b4a7919f86\quickassist.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.15063.0_none_0f14a5b4a7919f86\quickassist.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.15063.0_none_42a80d36637e324d\reg.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.15063.0_none_42a80d36637e324d\reg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.15063.0_none_42a80d36637e324d\reg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.15063.0_none_ccf9db72e2edfd53\Windows.Media.BackgroundPlayback.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.15063.0_none_ccf9db72e2edfd53\Windows.Media.BackgroundPlayback.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.15063.0_none_ccf9db72e2edfd53\Windows.Media.BackgroundPlayback.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.15063.0_none_6c257c3cb63101f8\rdrleakdiag.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.15063.0_none_6c257c3cb63101f8\rdrleakdiag.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.15063.0_none_6c257c3cb63101f8\rdrleakdiag.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..pdate-oob-component_31bf3856ad364e35_10.0.15063.0_none_feaa67e4dd30b715\rdvgm.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..pdate-oob-component_31bf3856ad364e35_10.0.15063.0_none_feaa67e4dd30b715\rdvgm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..pdate-oob-component_31bf3856ad364e35_10.0.15063.0_none_feaa67e4dd30b715\rdvgm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_10.0.15063.0_none_0ba1e8fb38f0aa68\RDVGHelper.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_10.0.15063.0_none_0ba1e8fb38f0aa68\RDVGHelper.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_10.0.15063.0_none_0ba1e8fb38f0aa68\RDVGHelper.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.15063.0_none_4107792cae6166b7\raserver.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.15063.0_none_4107792cae6166b7\raserver.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.15063.0_none_4107792cae6166b7\raserver.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.15063.0_none_5452c60eca787254\SystemResetPlatform.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.15063.0_none_5452c60eca787254\SystemResetPlatform.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.15063.0_none_5452c60eca787254\SystemResetPlatform.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.15063.0_none_20edd7ef9e21d8cb\rasautou.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.15063.0_none_20edd7ef9e21d8cb\rasautou.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.15063.0_none_20edd7ef9e21d8cb\rasautou.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasdial.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasdial.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasdial.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasphone.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasphone.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasphone.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_de-de_a369c67176801422\cmstp.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_de-de_a369c67176801422\cmstp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_de-de_a369c67176801422\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_en-us_4c5a9c6a655e1fe7\cmstp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_en-us_4c5a9c6a655e1fe7\cmstp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_en-us_4c5a9c6a655e1fe7\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_es-es_4c25f94e6585118c\cmstp.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_es-es_4c25f94e6585118c\cmstp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_es-es_4c25f94e6585118c\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_fr-fr_eedd6f4d585727ee\cmstp.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_fr-fr_eedd6f4d585727ee\cmstp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_fr-fr_eedd6f4d585727ee\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_it-it_d90565942f890d6c\cmstp.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_it-it_d90565942f890d6c\cmstp.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 568

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca

C:\Windows\system32\backgroundTaskHost.exe

"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_it-it_d90565942f890d6c\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_ja-jp_7b2ae4a122a41f47\cmstp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_ja-jp_7b2ae4a122a41f47\cmstp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_ja-jp_7b2ae4a122a41f47\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\cmak.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\cmak.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 568

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\cmak.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\rqc.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\rqc.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 568

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\rqc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmdl32.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmdl32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 276

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmdl32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmmon32.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmmon32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 568

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmmon32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmstp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmstp.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 568

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.15063.0_none_958fd3aaec6fff19\recdisc.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.15063.0_none_958fd3aaec6fff19\recdisc.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 568

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.15063.0_none_958fd3aaec6fff19\recdisc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.15063.0_none_39a68a4ac47c2e57\RecoveryDrive.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.15063.0_none_39a68a4ac47c2e57\RecoveryDrive.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 568

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.15063.0_none_39a68a4ac47c2e57\RecoveryDrive.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.15063.0_none_97272707ed69b8da\recover.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.15063.0_none_97272707ed69b8da\recover.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 376

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff991839758,0x7ff991839768,0x7ff991839778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:8

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 1488

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.15063.0_none_97272707ed69b8da\recover.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.15063.0_none_1d6a15a7f29f9ce6\regini.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.15063.0_none_1d6a15a7f29f9ce6\regini.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.15063.0_none_1d6a15a7f29f9ce6\regini.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedit.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedit.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedit.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedt32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedt32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 576

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 1448

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedt32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.15063.0_none_896af68a6852519a\regsvr32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.15063.0_none_896af68a6852519a\regsvr32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.15063.0_none_896af68a6852519a\regsvr32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.15063.0_none_5ed4a96b3e219375\RelPost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.15063.0_none_5ed4a96b3e219375\RelPost.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 572

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.15063.0_none_5ed4a96b3e219375\RelPost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\msra.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\msra.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\msra.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\sdchange.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\sdchange.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\sdchange.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.15063.0_none_914941045ced5588\RmClient.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.15063.0_none_914941045ced5588\RmClient.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 568

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.15063.0_none_914941045ced5588\RmClient.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.15063.0_none_d81b08ba2532f621\Robocopy.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.15063.0_none_d81b08ba2532f621\Robocopy.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 576

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 968

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:2

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.15063.0_none_d81b08ba2532f621\Robocopy.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.15063.0_none_e0486c662566aea8\Locator.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.15063.0_none_e0486c662566aea8\Locator.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.15063.0_none_e0486c662566aea8\Locator.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.15063.0_none_aecde74979873d40\RpcPing.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.15063.0_none_aecde74979873d40\RpcPing.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 572

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 1920

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.15063.0_none_aecde74979873d40\RpcPing.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.15063.0_none_70fc227d963c1c0f\runas.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.15063.0_none_70fc227d963c1c0f\runas.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 576

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 4656

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.15063.0_none_70fc227d963c1c0f\runas.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.15063.0_none_e9192ac8e3b94c4c\rundll32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.15063.0_none_e9192ac8e3b94c4c\rundll32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 576

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.15063.0_none_e9192ac8e3b94c4c\rundll32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.15063.0_none_221fe8572e1b8efd\RunLegacyCPLElevated.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.15063.0_none_221fe8572e1b8efd\RunLegacyCPLElevated.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 376

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 1588

Network

Country Destination Domain Proto
US 138.91.171.81:80 tcp
N/A 127.0.0.1:58090 tcp
US 138.91.171.81:80 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.39.110:443 clients2.google.com udp
NL 142.251.39.110:443 clients2.google.com tcp
US 8.8.8.8:53 110.39.251.142.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 3.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 assets-global.website-files.com udp
US 162.159.128.233:443 discord.com udp
US 8.8.8.8:53 global.localizecdn.com udp
NL 142.250.179.170:443 ajax.googleapis.com tcp
NL 142.250.179.170:443 ajax.googleapis.com tcp
US 104.18.4.175:443 global.localizecdn.com tcp
IE 18.66.171.113:443 assets-global.website-files.com tcp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 175.4.18.104.in-addr.arpa udp
US 8.8.8.8:53 113.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 216.58.214.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
US 3.162.143.129:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 assets.website-files.com udp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 65.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 3.162.140.9:443 assets.website-files.com tcp
US 3.162.140.9:443 assets.website-files.com tcp
US 3.162.140.9:443 assets.website-files.com tcp
US 3.162.140.9:443 assets.website-files.com tcp
US 3.162.140.9:443 assets.website-files.com tcp
US 8.8.8.8:53 129.143.162.3.in-addr.arpa udp
US 8.8.8.8:53 9.140.162.3.in-addr.arpa udp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 40.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 remote-auth-gateway.discord.gg udp
US 162.159.133.234:443 remote-auth-gateway.discord.gg tcp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 162.159.128.233:443 discord.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 74.125.137.94:443 beacons.gcp.gvt2.com tcp
N/A 127.0.0.1:58090 tcp
US 74.125.137.94:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.218.90:443 newassets.hcaptcha.com udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 94.137.125.74.in-addr.arpa udp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 8.8.8.8:53 api.hcaptcha.com udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 imgs.hcaptcha.com udp
US 104.19.218.90:443 imgs.hcaptcha.com tcp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 imgs3.hcaptcha.com udp
N/A 127.0.0.1:58090 tcp
US 104.19.219.90:443 imgs3.hcaptcha.com udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 162.159.133.234:443 remote-auth-gateway.discord.gg tcp
N/A 127.0.0.1:58090 tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
N/A 127.0.0.1:58090 tcp
US 74.125.137.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 192.178.17.96.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:50552 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 44.237.149.213:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:50559 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 74.125.137.94:443 beacons.gcp.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 162.159.128.233:443 discord.com udp
N/A 127.0.0.1:58090 tcp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 162.159.128.233:443 discord.com udp
N/A 127.0.0.1:58090 tcp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
US 104.19.218.90:443 imgs3.hcaptcha.com udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 142.250.141.94:443 beacons.gvt2.com tcp
US 142.250.141.94:443 beacons.gvt2.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 74.125.137.94:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 94.141.250.142.in-addr.arpa udp
US 142.250.141.94:443 beacons.gvt2.com udp
US 142.250.141.94:443 beacons.gvt2.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 162.159.133.234:443 remote-auth-gateway.discord.gg tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 74.125.137.94:443 beacons.gcp.gvt2.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 11.127.203.66.in-addr.arpa udp
NL 216.58.214.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 16.125.203.66.in-addr.arpa udp
NL 66.203.127.11:443 eu.static.mega.co.nz tcp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 gfs270n081.userstorage.mega.co.nz udp
LU 89.44.168.213:443 gfs270n081.userstorage.mega.co.nz tcp
LU 89.44.168.213:443 gfs270n081.userstorage.mega.co.nz tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 213.168.44.89.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
N/A 127.0.0.1:51548 tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
N/A 127.0.0.1:51554 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 consent.google.com udp
NL 142.251.36.14:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
NL 142.251.36.14:443 consent.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
NL 216.58.214.14:443 apis.google.com tcp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 plus.l.google.com udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
NL 216.58.214.14:443 plus.l.google.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 id.google.com udp
NL 142.251.39.99:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
NL 142.251.39.99:443 id.google.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 99.39.251.142.in-addr.arpa udp
NL 142.251.39.118:443 i.ytimg.com tcp
NL 142.251.39.118:443 i.ytimg.com tcp
NL 142.251.39.118:443 i.ytimg.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.39.118:443 i.ytimg.com udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.251.36.14:443 www.youtube.com tcp
US 8.8.8.8:53 youtube-ui.l.google.com udp
US 8.8.8.8:53 youtube-ui.l.google.com udp
NL 142.251.36.14:443 youtube-ui.l.google.com udp
US 8.8.8.8:53 118.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.198:443 static.doubleclick.net tcp
US 8.8.8.8:53 static.doubleclick.net udp
NL 172.217.168.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 216.58.214.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 216.58.214.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 142.250.179.198:443 static.doubleclick.net udp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
NL 216.58.214.10:443 jnn-pa.googleapis.com udp
NL 216.58.214.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 adservice.google.co.uk udp
NL 172.217.23.194:443 adservice.google.co.uk tcp
US 8.8.8.8:53 198.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.39.110:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 bonzi.link udp
NL 142.251.39.110:443 play.google.com tcp
US 8.8.8.8:53 bonzi.link udp
FR 151.106.4.82:443 bonzi.link tcp
US 8.8.8.8:53 bonzi.link udp
FR 151.106.4.82:443 bonzi.link udp
US 8.8.8.8:53 82.4.106.151.in-addr.arpa udp
US 8.8.8.8:53 d36ee2fcip1434.cloudfront.net udp
N/A 127.0.0.1:58090 tcp
NL 172.217.168.226:443 googleads.g.doubleclick.net tcp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
NL 142.250.179.206:443 www3.l.google.com udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.250.179.129:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.250.179.129:443 tpc.googlesyndication.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 129.179.250.142.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.250.179.174:443 encrypted-tbn0.gstatic.com tcp
NL 142.250.179.174:443 encrypted-tbn0.gstatic.com tcp
NL 142.250.179.174:443 encrypted-tbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.250.179.174:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
NL 142.251.39.110:443 play.google.com tcp
NL 216.58.214.14:443 plus.l.google.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.10:443 codeload.github.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 10.121.82.140.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
DE 140.82.121.5:443 api.github.com tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 bonzibuddy.netlify.com udp
DE 18.192.231.252:443 bonzibuddy.netlify.com tcp
US 8.8.8.8:53 bonzibuddy.netlify.com udp
US 8.8.8.8:53 bonzibuddy.netlify.com udp
US 8.8.8.8:53 252.231.192.18.in-addr.arpa udp
US 8.8.8.8:53 bonzibuddy.netlify.app udp
DE 18.192.94.96:443 bonzibuddy.netlify.app tcp
US 8.8.8.8:53 bonzibuddy.netlify.app udp
US 8.8.8.8:53 bonzibuddy.netlify.app udp
US 8.8.8.8:53 96.94.192.18.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 discordapp.com udp
US 8.8.8.8:53 discordapp.com udp
US 162.159.129.233:443 discordapp.com tcp
US 8.8.8.8:53 discordapp.com udp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
US 162.159.129.233:443 discordapp.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
NL 142.250.179.196:443 www.google.com udp
NL 216.58.214.14:443 plus.l.google.com udp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
NL 142.251.39.118:443 i.ytimg.com udp
NL 172.217.168.226:443 googleads.g.doubleclick.net udp
NL 142.250.179.198:443 static.doubleclick.net udp
NL 216.58.214.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.250.179.142:443 encrypted-vtbn0.gstatic.com tcp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-vtbn0.gstatic.com udp
NL 142.250.179.142:443 encrypted-vtbn0.gstatic.com udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 www.google.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
US 8.8.8.8:53 codeload.github.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 209.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 142.250.179.142:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 142.250.179.142:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 r1.sn-5hne6nzy.gvt1.com udp
NL 172.217.132.166:443 r1.sn-5hne6nzy.gvt1.com tcp
US 8.8.8.8:53 r1.sn-5hne6nzy.gvt1.com udp
NL 172.217.132.166:443 r1.sn-5hne6nzy.gvt1.com tcp
NL 172.217.132.166:443 r1.sn-5hne6nzy.gvt1.com udp
US 8.8.8.8:53 166.132.217.172.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 96.134.101.95.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.39.110:443 clients2.google.com udp
NL 142.251.39.110:443 clients2.google.com tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 74.125.137.94:443 beacons.gcp.gvt2.com udp
US 74.125.137.94:443 beacons.gcp.gvt2.com tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 74.125.137.94:443 beacons.gcp.gvt2.com udp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp
N/A 127.0.0.1:58090 tcp

Files

memory/2492-0-0x0000000000DB0000-0x0000000000DE2000-memory.dmp

memory/2492-1-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/2492-2-0x00000000015E0000-0x00000000015F0000-memory.dmp

\??\pipe\crashpad_3712_QUPWLVRSMUESVKZX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/2492-14-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

memory/2492-26-0x00000000015E0000-0x00000000015F0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b373f15c3cc7ce88f86ec7999149cbff
SHA1 4e69b9bac216dbe41f03aa89e9a509441ca33334
SHA256 19ebfc3c19af4dba19d6066554dfe367244b2569f225e1ba2630cd0822230b90
SHA512 ec714009af1ca8fc3a0f151a0787fe18ce990053ac6cbcabee85ad18df91f8f21050df7c84963bc90ef2e8cda5b7599434fa139b8292f33ebc90e9a49af6aa6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7dfcfcafa771e9fce608056e94f1eb47
SHA1 5a96d91e325e3dd52a6d8b32d54118c679136eed
SHA256 2ec9e16ca7095eeae0ef51420bac0c373becefc49955c05f060f42bf60807f70
SHA512 12426a92012ea182b5aab1ead3358784f58cf78f9f61952f1cc2b50517b45806d93d8eeef84bcedeb184c4c6c29079ab456bd6cdf868d1466c7e8733a1583556

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7e9f878fbb0557384c96c0a614c87941
SHA1 00b5d6be4599b82d2b93b734b79c2bdc2cea8370
SHA256 5e2d60a7ffb2813554200935fbc0727cf059a63a148d84ee1225387f19d5a967
SHA512 31c4d6bc398d36b7e09208bb5c8beb8a644f76c14feb0933fd7d6d7a040ef053b9f54b90bb586a7de65cbb00ab79bfb63d029ee96421897f2549e9e08df11ca2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ab96014e74548e8a8114127290273e80
SHA1 fa130236cf2c776f877961042d0914eafa087dc5
SHA256 d0023d117aba55aee3ef0f0c73dbd0e726af16778c7205258a3ea6194112e12e
SHA512 2abad537949b99a4ab6cacbbe322960595bc1e49e371b27fbd105340f316a1402736d768f31d6e80c58ed0d0e87da27d8c0c8414cb04989ed7118719f9af6e9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 f5b4137b040ec6bd884feee514f7c176
SHA1 7897677377a9ced759be35a66fdee34b391ab0ff
SHA256 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a1e00c5f6316834d7927dc6d82b3a56b
SHA1 f266af06afb48df98a0a9eec4d6c5677254c73e8
SHA256 d95684527f1be59ecbf23fa2d99e3faf925728d2b1f390306afb797482bf028c
SHA512 e90fd4653afe21982e26a6a71ec4f3dd5873ff3f9c990d49bbb213966db08feec575cfbd03ca9f79798eb90e6bd0a782ba69f43dc9b8bfc743b0b4fafe644066

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a34fb5f3796a08d11594d2471f59fcc6
SHA1 0fa2ea61f0f01cc45016e9791475747b155938fc
SHA256 a40cb3074d426d713d9b334bb04a4737e1808fd477f2aec2b4a7af882cb2177f
SHA512 df9ab0392a30511a7fcd8b6f1295f144aa433682739e957297425ad0035da02cca6a2aa62a5e7d77b57fc13c76613489e4f965ae1b0776e9bd47cbc13c169eb9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 95a5def9be34ef0c30dbbdd3887f197f
SHA1 fec54695126b9f3051211a0230d59fa76b9f718e
SHA256 24169035e616bc096a91094ef10e0d0f8027c1b93a4fdd8a07f96a4c1595427b
SHA512 0ca34cde019c27b79444931ba1d423606b4a8893b432682b3c4efcfee58cc912ab4838d8f21b81f63f8d090cb4468f711cd006cc6a5acdddcdca8b4e9271da31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8352c0476046daabb8618b7d980f533
SHA1 f3a831f7796f391e8c19a773795039634fd59077
SHA256 d15398431a20c3359974bde060f220ae96516701888ce63be019cf75b5e41919
SHA512 bb55a43a8fc4f29016e800ead8427ee8d438d1e908f7caaee60a2abb81adec58282e6c1da8ffbca1a4065a36b2fa625a660f4b66534f68b7e21d7ce729742a87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e381cc5d3a2b80b17b1f2000a7cc08dd
SHA1 8821ebaa2753e2b6ddd6bf861af6f2d13371928d
SHA256 d9b4df30dd4732cbfa0e36d82876f3b88c8086da722e7d17eb7e484d17b17a0c
SHA512 a34fe02938bdc6fb482627a4f7100da28336d2875d16a30f1bd77e083bad7970a62b38f6144dc3423da2bdfd8139ba8f79615e546d39f08842aa807a24eff0c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cc4eaadf62d59a15b886b49e2437b65c
SHA1 1fc4ccc03c66a60a471ce9f4d72bf9331230e3d4
SHA256 8b70341527942aa6f9a885be902202a3bcf36e01f4ec85c08a38985f5e32f276
SHA512 00a48b596685552b12099e0b286b4fb34f8b674748ebb78dabd1fec03a76bc00d94d86634e901e430ce5f010a4eafeb6b9e2d61a965bf98db9f589845c372c57

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 f857388481fa8df0ce5771ed69f69a5b
SHA1 907cc69e3b30491668e2cdfdd9f167eb10c954e6
SHA256 a054698abcd42f32ebd2c489f15bd4363124c6b9f98e9cc169c2e186f57d6b69
SHA512 2a61109224fb182a6da33dcb7f7ac80dffe3087780306702b242d4972b9529dc65264345b3dbdab8f92863d6b11393801bb6c5ffe57c34135b2a2a623f83c5f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584cd3.TMP

MD5 3df16609b9f7377301896e3aaf233cb7
SHA1 b40d51ea64419d60eb7574dd0ffdaecf493e58d0
SHA256 b4b4fb2cc4499fe9752c6d9ce0ac810c537c2a7d9469cbdf923e7640b612b194
SHA512 278764237a3df1e93c0b6463cb505af18a57771ab674b2b5db3ced702ab38f97b740725ff8853e72a4c7eef8f1ff640b7574f8277c8ed5c494d63dec8cc5b706

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2cbfc893e1fa45afdc966b27aee37dcf
SHA1 be2d4a74b5318e6a29933a0db9c0637a57900b49
SHA256 13d254772766e39ea018958896c6d40612fd4440d94ff031410fe89a561fa080
SHA512 068e95957cbeb79ad979f0cde3408ec51be85e894f9b77cd34e7399e05832d0667b28572ff91f2c76db6d6a2a46614d0a7a3d6f9acc5e669428c72d8c04f6c83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5f7e0526ed3629bede345acb25a9bc31
SHA1 e6cdb4c1f5d6e18041d74edbf6141f8e735ef515
SHA256 fcc09c5d04a46fb10fd3d1923ae3948aedd77cab3244032dc6944ed86a060106
SHA512 2ce101750c8e1c1f9cc4ce228f6c8db5688bdf621fb4671933eeae1ec967cd6a24943a2d932295563dd7e155e5a2accdf2b6733bcd57bd86ad5e0ba6d3630de5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7cac21600952a83d1f2187e40a266de2
SHA1 8db8b3ee2d3fbf98f1e161c2844725e0cebf0fed
SHA256 4e07106f4469decb0648ed08fa7901a4a9636ec1632937e0a93c9874d04828ca
SHA512 cd68fa0ef7f93cfae154f90838d123a02fa3d7cf40ae106024abef3f7bb91f9b88c95e13e619a39738ab3ee01617c0c3aa2f5414399bb595cc5c4318cfa2a626

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a443dc4bd90039dabfd57ec1f14d28f0
SHA1 ea28051c5fb8f840ef54f66ea55982bd7825884a
SHA256 875dedcb3a2ed29b8f8eab0e8281782000c07260d7ac9e98e81ce215190baff2
SHA512 849eaeac9459a0325ebfabbc29a574e0e11ca80f09dc6693da2b9bcb2d8201ea8b5239dade23dd0086401a1ede67792d4a21d68ace76a2e3bc0d28915f44773d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 1d4ef3e5bec47e010e3a521a74f57165
SHA1 9262d2c11b0f55790725bac45fc81afd1ec5f476
SHA256 c5f8b726651641ddde33b4dd80ec9cd25c0098d1192dceea85e373d12d4a5d70
SHA512 510135c9e238a00d0a0a179ebcea6297d7ad297e2897c36ac569123f70da601a31943e99a0aa8d262bf8fb8cb6a2b10e4244ff6299d14ff2cabb81655fb5867a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aa49602c85d5d1285c0ae72cc6eadebf
SHA1 c13794e0bd3bd99bc9ffe7b18be60e2e2bf3dfac
SHA256 fca9f72c6d786a155046bc3c2b455593b1f9d27caec46bd88477d0a3f347a088
SHA512 b2d470f3544f4faa2204aaa859a584fcf656ab57397b5d877a54d76898b139d9ef1555373420821ab41021cfa1e42a40def54fdcb56d13cb5bd50500c9a1d37f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3e5ee769110d586b819ad994d81c6792
SHA1 5fd4237daf3b92029c8da0ca7431ef84556a2796
SHA256 6faa8974efa55a2e498e5efd067adba111f035be8595c3f471a5ec931ddd59ed
SHA512 36d0fbb97d0e490e0501b0960c547b10f5a3ec624c6cf5b2073e09d7dea6734d0fcdfbcfddfd9e5ddfef9978c1c70285f41e10bd9bd4a3e14f13c32056144f44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5765d3ed14c5ed8647d2614590a39c65
SHA1 7b02cdabfe25ce3aae77fbc16a3fd7990df00b9a
SHA256 573f9d9791397b87d19a1e897c064f8c6515b92cdc97cc17523b330c05044e7c
SHA512 e05dc61f6a0beab7820bd61f06e70f3fdf2537738475b26c1aa7b387991f44616c61c2b62dc452565e47cdbf2f8a24ab7b9db638c1cbc6410dd970f25188fbd3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 30be9fc9c53ab4e7945e17c8017c0406
SHA1 616004bc43aebb9be362104598067f73aefb7184
SHA256 b13c61a03b1cfa5155aa682687cc20ff6f371354416afe0fa6cf1d262b4f4306
SHA512 2ee90e11382e68ed06608052548d68b59cd1ca235a398895ecaafdd5a2da21f8dfd38c58db82969f986be30f56d2ce2c272e379eeffbe43c9b002bde3be3b001

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6cf0cdf0bd61d53a1c0b5fb99e1169f8
SHA1 ab7b9200d794a2a75ac3d3fb79ec81864f40e082
SHA256 8c70b3939e146838dfafcc02c81aa6e95ed2dc9a5578d2ffcc9b3ad454d596ac
SHA512 71a431b2f3784fcd9c91f9bb7505e7bacf0f7c39ebf84b5f9781212f3dc9e85908c6b107b4104e88b20507b7cb425c7f3f0e444af45fc88e713d92f01a6457b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5aa7b913c1ff2ba8b51a8f461fe8ab41
SHA1 3c899f9efb210e8ab00e5ec038e3be75de27013c
SHA256 e29208f74220bc8a1f4ec5c50787e4d4d8ed7590046581a95ff5682595b9c506
SHA512 a6a2744c28932f72d833a1bbd79b0bec371b4f27f2e9e2f0b53745f2b37ac50887ebec5b10ed726f64d0720eb7cbbf33d11db2b060d6286affcd227c19fbb155

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3c04a289b5adad266048874b0416ac7b
SHA1 cd9af009186946baee4dcbe25788bf31899f8691
SHA256 7f51755a1a8191bff23090a7ddf5294ff2338f11030df75ede6cdeb8dd85bd3d
SHA512 ba0de991693679a449d1f0a348aba97b5fb6cd25115878969a512807e0d12a73b2bd59369e19b651518fb8f23cd9f257c1d96a7c33a531c08c609e823a45743d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9fe7b4adc52ab2f295f0a8d9a86e1825
SHA1 9e9ac4a12d81167a9e2b27d6955f63ed682cc534
SHA256 01e432c3ddb58f8d1574242c1e0ace69dc6f05433eab4efa4ed6b8b4f077fac1
SHA512 ce338940b17691e91bc4bf01b69b618ce7f4c950e74bcb8553b64d95a379f14772fb3966d2f6c3586f5d14be84cd17ff8abf4bae14fd266844e841fe24c01b51

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 500497d8817c60453c07c1cf274cc546
SHA1 c66bc91080066fc4623a07c22f4e9580a10b2beb
SHA256 52b89282d2fa4b934564b1f8d8d7d18a472bee646369b8b3d94c13b5226ba36c
SHA512 4b9abb4a376aa975bc36493c8d52d8f317e57164294eba050e8567b95cd5164a8076a4fe394e2916d82ec1e3b06559294d3b2bd3310459d03db39029ca800391

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\220a8403-9f17-4897-ad9c-1873f9850760

MD5 7611670c49efa511dd8be78dc22e32a9
SHA1 f1111ee6f512cdd7e745e79108a4d42f271c6ef1
SHA256 66e2a4976a98fe6af352e65be8b43b34fc60f39ddfbd0f1a4febbe2cbfe78f99
SHA512 f6047d19433331ff90be51fcc94c82545787cc89a950cbac08ae28c672a2be92940f0b7374910c62e7cebfd62491ad74be8659baef19180fc15fa093939644a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\be91a0e6-76f3-4d5a-83db-c7463fa1e156

MD5 197825ada5b6f1910199cff46f4b0c37
SHA1 8e555cf25f82df1369341424eadc368066f91d49
SHA256 d758dd73c3d81069894ba94fb4a5597100fb6f9c654b83dac00c3137f2b87443
SHA512 810706312aa7c14fc42336718b03ad7ffc4a048a6ac2ee8b4d5d06aaaf9209140b295c5498a68a50cb4a11e94d2d015388120392fab4b567700187e36aa1fac3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin

MD5 e3c392f52b2a0d923c02280098db8587
SHA1 fc27236a914cee76d5cda733819870c480b4b03c
SHA256 c2362133750b85e08c3496d5d2c18bd979fc8c430040c3d141ddadd2fe55f38b
SHA512 6d9b3f6eae4d81dbec92c507e09400541f30fa306b8d55abc8259e2cbcd7231239e61115cac3e07d6297214414e02d15f64eea322f9ccef89d52903ae661d353

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

MD5 bc13ebf91e8b38689341dcccf911d17b
SHA1 2408047e1d72a367078eecdffea00d5358d7b484
SHA256 3a4b5bbdd5a5411f3b22b46f1beeaa3826d09394136a2958da874026df7e78c0
SHA512 8a7e1eeaf4774b1b3d1fff82c4bb4dc31f3b7bfe943f643e7e44e0a84868d2bed1e28a2ce95d9683ee1f3430b00b646916ef292d40cedf002234a47d7c71b507

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

MD5 55a73fcf7a64e75e520d36df8b202941
SHA1 c489fe124a13c1d4f76b1e83cf2101f5191fc567
SHA256 368de062f2344dece13870aae34ff7cab9f81c144454cf74c85f2061ba6b248d
SHA512 49e2b77be19ad0febbf69e207d8017a42bc332cbf93230410940e10e7dd78da567123b5656a59d9a99f95490a926694587c4f5817f5f341db829ff709f1a0ff5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0df48a24d68313171eb841e5616731f1
SHA1 8cb4c1368c8f6f763846429228b2338a39c75e67
SHA256 4d65adbd0d8ccc2d945154df0b10a4c51e7d9d6624adfd6975754c669863b103
SHA512 9ffa84657691124ce40b1fa9aac6e0985c00b8ab8346f411fe1139a9ae3e4b07cad1c7673f972a49afe1822dc07d2cbc4309c76ae31a6bdd16409ba7798a0bb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34f1c4c196a51102c4e03bc7dd8bbff0
SHA1 2c86b3c4d19440f385a7e69d23a8bf1af1707a56
SHA256 a1fdaacb7874d5f610394179162dab6e489857e3048ffd02af19b1583a9e9635
SHA512 3761138e1e660c053a18a5dc0afa4453d57d29a82d8810355aa8db57e023f7c17f3145a8224bfab73fd6f7826abab2c86f1e04bb0917f9dba2ffe8081e9c7d72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 701f5ccb94c70df629c048ddd2086535
SHA1 f95569a106b25b97d570888b4d75ad8bfab52497
SHA256 a22032494f15a559d0ab640ed32b1a39fa4f23ddc478eee1b3b77a26a5ae4925
SHA512 294996853cb9714185413dabbab548a3ef4d64ce4c4db3023bad191c279b7a8bcc71f7170ff85479ab827b66eafff572eba6e327879598ae9ddac150baaf4b45

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore.jsonlz4

MD5 b3d44b956d8666e2c62c547bfd858a4d
SHA1 25980e00a31ce80dcbc04b2cee4ec7efc881055f
SHA256 881640cadb75dcb412abea1459e041e566ed6030e2b395a222d8078ac469f178
SHA512 2f281365fc8e9a66b82e7311258e722f876875b2b7191403a4e4068c561a2ffa324f8d5347518cce545ba1d583c56f4eb3835eb6320849c74a05d459954de7a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 863f1b2731263ce06a7fbdfba3576146
SHA1 22eb85b90c984bdc2443cad9c0c4a1355da41dbc
SHA256 0890b94dad1b6f9a2b498ce0ea550d05cb0ea613145da910a31e3ec134fa1bf8
SHA512 725014aa2c133d7475d8b1ab7abd6595203c60458e798457ac532560b6a4166e7f84be6f1d928e0df9dba63ea07ece5ef1246e1f6b7d745eb92c3c0dd1d87295

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 2fc881b72289153635453d8e5a0bcf04
SHA1 ac3275ed83eba7102dea1f3b850869c6bc3c4d1b
SHA256 ff02fe3f18fcc7f424fffbb7cc5310fcc1c45fec41894a3bce11c0f7ff52e345
SHA512 46a9698c180eed4946806ca4dcb4eadf06b24bc3b9eb66cc6664bbddf448653008c29671984ef125308bb6867fda212ed901f2438feb09d5954c845ec61b0d9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 4488f44d1af9f8da3a910e90c3ab3a92
SHA1 5aacefb5d92ec6d2fd9c4141df489f2dc5c24a62
SHA256 3d9a24e7927820fc46e73cf1d18f2acfc824906cd76418d47087c031c9d8074b
SHA512 15a2e1265cba84c297993cc14ba8a0e946e635a820520b57a84d38f799795f4c48f481c41a0384afe2dac156553086c00b71b309b4eef14b194c8672ef919011

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 69eb04b75ae17ee3be08f7fa17142833
SHA1 dc794e8cd9f262726613a7617a85a1dd3810b073
SHA256 f4216a2933106146ed23401c63d4ff54f02a52d4568070c33a6f46741968f77d
SHA512 716585c936834418570fcad5cbe8ef7489b603ab23e94cb5f76a66e998da609200f6587a569f07da50d5470066b9df542b60c2715b2aa3dbcc4683e204d311e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 45cde1a71212f3b01da14f87b1da6f49
SHA1 2b5659c0255d589ff551b157138ce0b8b7b9e952
SHA256 6d26475f8e177e28bb8dff201c36ce6625076b2bc1e97589587b150bcd65ae29
SHA512 9b8a05f4714c74b5bd95328d0c95c27043b20d9b10b6c03c5edee482819bdb62354246fd747808355e34328e39dea1bb073a24d0d6afc11251cf7e814c2f0a77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab04ba61f97be33dc1d74216789a1385
SHA1 bc43bd66aa5fc8a270cdffd7541c7fafad050b7e
SHA256 65979ca1860546b7b5cb5b46e3b0c2f37454cc419300e27ffd398ee681ed7f39
SHA512 7e0996ac490c4c353da5ee8addede9f0ccd93a78ae7526f0c61fc2244fe80964ab8bbc90cb5027b44baad5a72a39b67fd1c984ffb681b06751008cdbdc9b451b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 109c9e486dc09f66b9c1a88f78221378
SHA1 9f636301ab6c90038529cce2b0db4cdeca357cb1
SHA256 b088d991e2fa7f419e308bc2b503ede1df5d0dbeaa593b6e63348c40f29b3cd6
SHA512 666dff8114a51edd9ccc1b0d3085b81dbf443071ae66e932edbd2a9a9d72aa49d48426babd3d304fe5f6c42afe92d0ca01db131b069f32d848570a2a09ca4b88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ec7655a27eccc9ab25ea68f1d636b61c
SHA1 5cf3b35e82379b234812b3f4026f90ac59bbb2b8
SHA256 f823cb445711e0c1777b4773c4128ff82961be35b263e8768d2d1d97b25b5c50
SHA512 4ff31ab901b76c4707b7c4cc720de53da3c990d661718352cc78d6bceac50ff3b0dab8f5b86aefa061055a1108f920a3bed5f983b4e4af4fceeb5ae64eaa6787

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7ba347a913853a00d8d97b47f0fe70b6
SHA1 7face3db242289c74ba3bcf762ac2ef6cc7d2379
SHA256 6fb77be673d04a1568127c79ab22a79a863eda972ada53be057050eb8169a04b
SHA512 1ef64c4ad945ef6ebdfd3ba3632746188e5a6ed76e5c0f4dfbd5b8b886fb8b084cc4d3b53f98e567460cc2511d4a7f887e6c9e1e9744b9326f7428c98fee25b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bbedf5bb0d9589cb624a2b181b700705
SHA1 6642f39ee2919af46c5ff2238be6a1b0d10cb528
SHA256 597d75a93ae173e47a43a68fe783b84910bbbbb495d188bb42cad98de3e18d1a
SHA512 0d7c14bb6c18027043a6b5a92fe20b93f44094a3b14b41c3f40c9ba664dd5f47045f32cc4f967be51d63085deec50484a87feed5c96b3ad4efaf72a67c8ce458

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ceda25729141c6b3160c5fc0ae062610
SHA1 7ad7542718c1932ce1e9601f2e81751679e5fb72
SHA256 396d2fb82bd5189627c5447a7510b756a7b47d631256c7546fe9f162158a3825
SHA512 2f0b05daee5d579238d62963eabc34b0e2c80527b3765e7974020aa2bda7cdc1e31039f62a84ecfd436b33d2bacbff0cde0888f3d7c267df00227c47e8ced178

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 70a51d67768261cbf76a77d64fac56bb
SHA1 adba153c4d07ddd9cd7e55baeadad2160df55a28
SHA256 7cbb5c1ec77216c627ce628088d70c915153d0eb1405b455faccd3d2d4ec6a08
SHA512 71946628a13b00ac7ec6252bf60f3c3388d79bda16837e58f37a7c1b69db98b920091585c4fce1785436ddb67463165e6f847bf7787d822bd9ba2e45c9845838

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 099ce1317515d23b15d47e6c190e71b4
SHA1 5123dcf1b8e0ebfdae1d7cd5c5d65fbbf0b22882
SHA256 0cf091e62d159673652c898dbf53f4ddea6b9e9f3df92d7c3652f9c7eecd04dc
SHA512 e56a7b8215f715645796be8356704ce766164c7548e20fbb658bfc5afd52f3a13724c5ee7da5c1322cf499efb9d6d77d7f92cab8b7708941e5865ffc9a0dc606

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 3bf7d36ae099881ed9e4b960c9c6fc92
SHA1 34a0948c83a6c7ee4315bfef32288968e4ec5669
SHA256 0cf6723517ab6c5b878a7349f05bdff516906ef9b10a7415c51ff1b710ef2692
SHA512 84b21b03b5b3652761e478135cf4b5063a5fb60d79b3373fa7c56b38ef401dda5e357100498d033b4747f23bda41b79c9097abbe0a1e34713ab5f04e8ef2c38a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 734935bd65405d03177550638fa79391
SHA1 4024e59661f4e1bc98849383d3a60b9d0ce54d55
SHA256 63c3443736a2bfac4968219037e0fe1d3379308b3741e9ee7229d1101027bcb0
SHA512 baf4f12f13571a51e6057b762743d03b96db1c80054dca1dd1808b4c092e553aeac677260a7c27f0d6e74a4df4f39414ccebd9c8f4f530145e95b9e2c807cf73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5a50d1e5a5dce29a74f5806ecdb3ca7b
SHA1 c9f1ee7a5646e68441a117ff148f737fc5f1e2e1
SHA256 9bc01b5a4121af081a497598816e283e32719a5fab5b51f87fb119b818d70a60
SHA512 da4c654349c52dd22dbb16e1febae7376687f40eabdb8034ccf84a1680dc25dc794e14170123bd017988505496a74aa26e80e2c0732d10982b2fc4b824b4b229

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6470c81ea9e5c05b961bd67548ab3202
SHA1 8a92d481cc06ee88863d7df3396835bff060c1ff
SHA256 de7b060f9e9805aa8adce327aa424de66ebd4aef47d7792de8b40b42ae156a89
SHA512 c43e8b7f3a76dac75f295d5383e3468c5833dfde6f38d47356943c3aa8d5194b0afe651d0808a6726c857959f2fb627b061798774a35c0d10051265e3120d526

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b0c8080d766e87c92d8ad68d0a19b7a8
SHA1 bd34cd76541493bb4ddf03b0ba36fe45bb8a1c1d
SHA256 43875b6415beb69e4ff6d1048bd39c22984220fadacaf8a5a9761c9750ad5d03
SHA512 6d5796cbc9c6d5f45865867266901f428c789be74cb6be3f0016c90e59abcbdc993d7821037a7723cd0b163b6b0ec4b6d79640f8ec07886e62dcaf45051bda20

C:\Users\Admin\Downloads\ChromeSetup.exe

MD5 a93bf31d93120072394ce27fc50409b2
SHA1 e85cbad5a29af6e40d3f5dc7cf6675f90b5414e5
SHA256 34b81c2b57f0caf79ff795a8ca976d7c7f7602cfed73ed67d75d524f4d7316cc
SHA512 ea15cc1b0a298f4375f7b14ec4bf35d8095578ba2bff71c3025d03945faa14a8b1129e6ed89d1260d4c28c1467be1652e41301b9c280265b35b5c59c07178eae

memory/5952-1176-0x0000000000DE0000-0x0000000000E12000-memory.dmp

memory/5952-1177-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d0105a8f4534688d9cb3f12390682af
SHA1 89a39377082798f126d14c429f3105f3a9aa35f6
SHA256 0b608f5fcb1c0f862625d5d461a69797b564a6a64735567ee3c8ef458c29934d
SHA512 070e7e7c9515453b86c6e7fdc1a60a1e6e3d27ee54bf831ed0a74d1ef3d880fa22f46a084b54683c8ca34fe297279c8afc20bfc6dc823be42d2abb6258d4fdab

memory/5952-1187-0x000000001B9A0000-0x000000001B9B0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe61564d.TMP

MD5 4aaefb3f7cb9ceb8f331de2038e5bfe5
SHA1 6a1999a65583fb3e0f53d75b043c78448319ec18
SHA256 7f70336c3e4b7adf41e5abce397b8ddc0aaedefc37bac646a631ae8fa609c732
SHA512 2af6aff1858ded760f263c2d578f68860333b4b4b4e418e860823a08d9dffd1c0c10863ae6f2e67bd678c8e3443815e2b0c123b8a8b4e67b831301185d0e5109

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 dc896b2ca02c2ecf7faa8b64c9558317
SHA1 cbb8a821ca0bc42e38166f62acc60e13f0bd6ead
SHA256 87b2207a9b7f6872dcd6fcc715111635dbe9458ff285b71ea92ae5009caf4f67
SHA512 d5017943097db4ab975385cabeee800918c9ca9f4d4eeeb2ee901fa9c9125005c3c888d5ce1e297d68f4c03081d9743d8700dbda7514d67c4fc1d51ec327f508

memory/4536-1200-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d1977aa02734617348e03900c91a151
SHA1 711b767b867eec734c3bdb6129f2c762af8a9f18
SHA256 32a6dbb17f1ed0bcb849a5e7fe23b38c87430fa84b487077a2e9c2ca618e1a43
SHA512 426bec49713e233199d9ca3b7cacb4dbef570a9b64081f4b0849642ef825fed37a47810ec6a2ab64592fb180ff2c3f0a076401ad0308c4a87f20cdf60394a044

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 d4a944bd966c9b9e3ede71d4d0ecfb84
SHA1 ffef3ad8fd744feb7910389214db8238215bd38d
SHA256 0901251092e8ad7b696f1df149f6cb29e3b513012f51894301ee08b094f9ea8a
SHA512 9619d2c309f53121dd26eef531cd82da8f84f5959b0415b787b57385d459cd913781efb59c8c354328fe677e33477f003e5adc5391729f5a7a3da8c2163f973a

memory/4536-1220-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5952-1221-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5952-1222-0x000000001B9A0000-0x000000001B9B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ChromeSetup.exe.log

MD5 16c5fce5f7230eea11598ec11ed42862
SHA1 75392d4824706090f5e8907eee1059349c927600
SHA256 87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151
SHA512 153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc

memory/5344-1225-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5344-1226-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5484-1228-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5484-1229-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5392-1231-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5392-1232-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5540-1234-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/5540-1235-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

memory/236-1237-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9fe54edd4513dffcf5886481a74a470d
SHA1 73dfcdd2a4659fbbd2b0dfa87bfb7882b697b8e3
SHA256 593fb05bae1350ff70b3d4fd8f23b6b1b9f704c501b2354079be6354c76e724a
SHA512 ee7ea03e468830c2046ab6f9ec40c2e2f035125c4d442597e827970a160b9669dd9b67109de948c47aea1f5f55eafaced1cc179bdc0abafed4e07223720adc16

memory/236-1247-0x00007FF994480000-0x00007FF994E6C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 09fadd379225ccb98fc7cea8bf868223
SHA1 ceca08dbcce027b46a56fe2b36d8f0450428817d
SHA256 0749ef1ecc5de76d78758374768b33f9a15afecb073a80a8193938fd90d8e6aa
SHA512 91318388eb6dcb8a0875b9ebe11cf9b067da36a0138fe66073a1c28a124f114626fae0f8fc8ea7146d2fb7246f36b91a97b06d2e991f57282c2e30e74d591ac1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f964c3ff182896891b81b778c9b5a4a3
SHA1 09d09d0d3bfb80751a537f2116627ec761b4e8bb
SHA256 c87bc1b0ee7d15e972fa6d12f87c0e88082b60c709746c52ea379956fd1cdaa6
SHA512 ba60bd4e5fe26e4163507613ed4d4dc8524ce2bc7a3516dda1b0b0d4bfdd75508e823ce38e6143615446eb7adef5974c2904f7a8aead776b2ac71dd3a9b40a20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8ad4ab6db9ae65e81b32ba70188d491b
SHA1 afb2a097dd61e963531954d07ae495ac0c1a52ac
SHA256 09eecb26e1899edeba5864a757131cbbc338d486719d45515f7f9798f7267078
SHA512 ead7b1963bfd852e6a15187c5054096b551d296f7c38333ce468af75c627dc3d9b173541464e8c8cbd101f5cab52b158c2a37cb3a1a2eace24937c0440a402ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 97c3377139154a306bbce9c6b40c897e
SHA1 89c6c0ead8e1af12b1fa7475ba16dc9f3bc234a8
SHA256 bf86777d3365d90345da8031514655b73c4cb0b06977225404449da0c01e01f3
SHA512 90290651174474d2c45ee84a996272b037d7d7f0b4fcf758a7994ba068d0b3a99b862962abed602d85aab70798e587ebb40fefecf2e43fcf46bf1b5b24df9cd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

MD5 b82ca47ee5d42100e589bdd94e57936e
SHA1 0dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256 d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA512 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b7276d8c8b87d627ebb4b1c965fc3581
SHA1 88a3cdd1c740d84e0c011ff3f3e431605bbeb3fb
SHA256 ccdea191fab217d0248e2748efd0b061af6cd74cc2c83f8225873d1548192b2c
SHA512 6f8df58d15072380f9b848aa046aa8208fe61529cbbe215785add741fa32783e4eebada12e4c90e96eda8822525ec6ea0705bb935218fb7947e92edf3391c85f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 22c97b71a3827aae46a3a59e1042b535
SHA1 a28caa68d403ac9e28525596c441ecefc0231505
SHA256 f9cac0c3591f00b277087955b34ea329236af5d4691a6dba951750d3ad1be32e
SHA512 b90cb90b0cb37b185ca7259588dac2e878ce099fa0948a851c3c8b30fa3d9677d016d2f421124b3bef75b31c2e2a614e20657ce16e59393282e5c031265938b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 50520851af2690019d8e14533e67601c
SHA1 328c0c2da89fa6b55d0226ab22c003aec80b1c9c
SHA256 391846ebcfcec1c2e36ce3eaba503fd708c9c84046003df790ef5c768d8ddbc4
SHA512 3e97e83a21d37991744ed86683a9a99fea326dc5bb6f5072f0a2af2b2bd9a9fd5f607c36c347a7250a61bbba733f55d551f22d79b27e89030f4f56a8cc42b084

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac9f7fe4b4d06c85bfa80998bd312ad7
SHA1 6e08866a5ae3c521d9928046eece30cff0936833
SHA256 679cb2638d9a1c4ba767da29bccecbe398401c657a21aaafdadd81dee6a7b853
SHA512 4ac04d38d29999714cdf02c257484290c865ba05146bcc5181ce6ac0d2bc4f90dcacb3a24396541271ec0a23681bf3ac676f715093d2ed468c6e5881a17fb368

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a266facf6799f79372357728d57eb257
SHA1 cfeafe255198e626fa265c863708df750f38a5dc
SHA256 a910e66bdb8ba7bd50e170e7d5605b6a62e78be3ecbe264c31f647a8b202aa00
SHA512 8c004ab634e503d8f5583798bfda34c3669db755be9aa29c307992f4697c04522960eac18a51973eaea2aa5fe700a2500999e8940d4ac2b6eea8421ab4cf0fd8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dcde8e1272f51b87fbc89b741c9c7e03
SHA1 1a3b02bcadf66effc17378c2d0d2bf72d574a419
SHA256 07a280f64406c30f34885ffcf2654e3793f281130aad31b0be44366abb39ea23
SHA512 8b6bf5434beb6c50e7ef53d9d841ccb8e656506974047a4d99b3feb5628e3d200da21e3d8e61f1ac320742e53981d4f76243cd15342330c1db5534870635a294

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe3e703e527990885c9f948547d913fa
SHA1 6c2a285cd31bdec1f1c88b33a7faca6ce1468d9e
SHA256 c4840e52bded737d07ced1907b5d7d80430321355009d4417198cff29423778e
SHA512 55c05c62864f33f9cbefb0ae008ad1ff3fd07d1684f9772750fe7b9fd353234d673c7bd6b1a7cd4eddef6e7364efab2c35e16fefa02e585a7c0aaa26d8764e66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7e57bf48dbce8a364b0ee9c13d97e9bc
SHA1 2366d7be8254932a4bc64d27eed51317efa8330d
SHA256 31136c6f463fffded2a0f6a28d957d13cc4659978811de54193c8491e6cd1c11
SHA512 d80b32e53ec44885113f8e5c0806450c1071a72248881534d13335433d772ad74bd4a3939b495c042a2cea4e290fe3fd8a93871ade75c047a8e926f655c68e1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6e60e30e2d08e0fe62215108e92f37f7
SHA1 933293766693fb98aa31638b394477dfd6b95306
SHA256 ac64657c93ddc9a0e36aa8a3230cbf654343ac449437811d829efe008c8e76ee
SHA512 c1e2bdddf33d104e28ef63cbffc197fa0295f9b6239c86b83a00945cb0e99828c25266b0cda7cfa388e5703105454a19af96f365d92a65ef6320d0d5d9d1a99e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 7aa572445a9fce7ed26fe949ebf25b3d
SHA1 48d27e2885dbf2926399338c57430fc49844bdb5
SHA256 0b078ef54f84d7d4b96c8f03db0706ef648369a4365619497db2a24474e27a6f
SHA512 13d75ce3297a282932cc3e3bd0207fa52cc460bbfd6cb633fa21790bdce8e510e1e4d3e951cec621e1364fc83cb36079421d1f8c9cc15d9e26e62c2c95c6cbe9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

MD5 463a53a7b63376700f5599a549fa0a76
SHA1 e036ff6c450eaf4325085595807af0f80dfaa64b
SHA256 7cdb7a2d43955dd5c1ff29984434c16bac74314530ed21c3017b1db8bdac4c2a
SHA512 7e7900185abcfb95c93a5b86a01b65962379ec81a7d24e3a5baa743b674d1bf83d821ff0befb69086ed31bb357d3c37194bcb41c35233757226be9b01f1e9edb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\startupCache\urlCache.bin

MD5 7fd12f28c8c6bccdfef0c6f07035c946
SHA1 29aec522be7334267f86316d8431b8e7c94ffe73
SHA256 8344a21a4323d5a7a3e429557ce7c3c06bd37349b7108ca29624419110859858
SHA512 216e321aecff15dea96ae5faa8442b48b55e4ec5327242ea31757814df126d1f39d8a2a1f6cef236ceefcdf016ff36287a91308541d54c07f2d3e45e336cfa29

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\addonStartup.json.lz4

MD5 240ba8559eb2129c9de23ef68fb49e6d
SHA1 bc37cc5e3dbe368918d503e4304aa90006fd99d7
SHA256 b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec
SHA512 ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\xulstore.json

MD5 13886164df60e7af87b06b538a9574ee
SHA1 442c3cb38eca82a899d54c344c4b8d83a1088b16
SHA256 9d33e61ab83cd1293da7679287cdc74762f6df2433f6b2303b5fa6d9a8d175cd
SHA512 d311ee089878c1baa373e260ac424f3ae47190fc15e4e21eaf2532cd671131a59fb68826cb5b4269abd1a86ffede22f28d35468f3a470d4da0d0ad8fb81608ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 831e3ee49b071bbb89245990cf1b87eb
SHA1 a9394cbf8d00a901585987a83a61d2a6b026b4f1
SHA256 5b2161b2865019c85dfd3f1c92ddd58ca6fee88602a3db1b79a0212a0dbaabb7
SHA512 29236cb55d97fad8091fc2b2a2d0d75623f9ad7bdf01645c10290bfa01b7425ed416b568fefdbfd8829722808b72ce5c13e2d651121458d9da27bbc3ef5840bb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\SiteSecurityServiceState.txt

MD5 ba3b0b6a3b8cf37a4e559b2309bae6ba
SHA1 da15dade71694ced73eab3b5a7f741275340070c
SHA256 dc3ce2439eebac11670d3a766cb98e833031753b6fb83d29f580c2c3d6e6f191
SHA512 e5c43b4576dce652861eff71fda9b0b2441bdc3e484c8ca3ea0ac5f6c2208577de173efb4dd6068fbc5e2c1b3ce6da33a95de2d5f03771f9b264149a55dead21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 9e612608bb0688b82c39d3e2421479ec
SHA1 e1df47af2cb5179009afcfda4ce368eeada5f834
SHA256 63cf3736f70c2b90eecc61a2348b310c4263ca39339de18ba5ffffd06abaef80
SHA512 0dab6cd2dd9bff2694e7c3a6bd3c8935766339aa95d887e313b91f7bdd7d3a273c13693a9c95c1ab72562ae02c04c0498f3338fbc8a05d55ddb5a2dcd2f7a5a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

MD5 906e4f19acc66fa8d573efbbd14d9d09
SHA1 a88cb8307b48372c65086288b6ebb89a070297a8
SHA256 9665bac469e9eb7c807e9ae125b85cb0e584d5d942816f1258169cfc1c64b92c
SHA512 cbd7873dbcb7913f4245e99d747abbb3828783d8553c2c89e173f338b36bfddefb2c83357c3724db2032be79f2fe0283af2d38e8aece66a6bfcf572c60f6351e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 685eadb4131c6d54daa8f1ed37120244
SHA1 294fd029b8645fbe32fd048e7a9a3e2094692165
SHA256 feab459d997a592c9df29f97bfcc940ca8cd250661b426378b12aab707d6ce92
SHA512 0a0eedbb48310be147c3ac864419eea6056cae980f223d1a18f917bafe3ffd8f58fead9ca73fa211560244fcf213394db7d81adc5fb918e3ddb114e3dc40572d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\0d3d8eb8-20e9-4ea4-b47c-245f77e91c17

MD5 fd92abc1a6b8a89fb55902057f4ffb23
SHA1 4c6f2067cec03b51dbd44e9677a57a3997a190aa
SHA256 889e8a826479e543b14d130c4477be5338c47ef0b83f7359a7aafa7bcbad7e2c
SHA512 f284006bb3c0f671e8adc7175260260a7432a6163d7e91089778a48fa6d35759774508e44f1aaee0f2636f4acca31f71f7a61d449e6afbbf3ce07d54fbe5e24c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\protections.sqlite

MD5 49397db0486dc59d607907a086f40c9b
SHA1 08742ce9db9569062def08e99eea8470702feb7d
SHA256 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512 fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin

MD5 df9060c3deaaf3db78b6629b0dc6e77b
SHA1 7f00077629aff76464e4570d21aabe0c944c6cc3
SHA256 0bf8834f533aca73e4bff7d8431e92a1a1e95818baf9cea85a2d60c8ed41dd49
SHA512 026a1d62730af000f8e046794c31d137fb31a178a5d2873534f2133c65390d5180474856deeb8e6ee4d32258b8b74058a25ea7ef8cafc97f03e7489b10103d14

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 707a2f6781129ff295593ec3aa6fdc3e
SHA1 2b3980b4832c6f0b3faba5ff9729d9c83a8ce7ff
SHA256 19582fb265bfc2b39f23dc619fc4f73d9ef5a3b33a70e9119d1da9c83fce7d48
SHA512 f697ef9b2cd3ded4f9c6f39a61577f6b5f6fccc9a960fe63897ee0b77153f7fe1aec462382604785b904afd400c8940daa112673def82f8b6d43737c37cebbdb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 61bef4d4b7affee4e2d51e33f5a16d48
SHA1 286d1b064b5d334ed7079edb9dbac613c164a938
SHA256 31d0f5898235e9bb6ca25eb2a09295ff234fbb113234e7a51276d1b511350b0f
SHA512 1340ea1fd1f82d32cba08f4ac218faf6d8836e75f83180ca8db9beac820d65572a165a791f22bea2225ab8efd003d63de8725dde982436e4c247173d9782dde2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

MD5 4feedd0ba330c4cb5c08a357268d4f91
SHA1 08747276d6fa239b2b1b3300e4430f4f4ad5f265
SHA256 23ca1678d986618fdbe8ff42b4473c5d9b5791ec1c0125f2561a0e72e84aed3a
SHA512 30a16ee0cd7a8d724cc16e5e930fa9e98e750a50d3508daf30d7f028626234acdff8604132bc3e562df028c6d5c7617fa748c67c9c23ccad56ae286bf876fce6

C:\Windows\INF\netrasa.PNF

MD5 80648b43d233468718d717d10187b68d
SHA1 a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA256 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512 eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ae9bd98a60d711c2143bf4c7ea49fd7f
SHA1 ba7b9be8951a64acc7772a34cc895038b0d0c2d9
SHA256 876d90275a225c9ad261c74420589fe064920ea8e0da4a11c38de922405fc42e
SHA512 b08a32d94247776fad1430b98f0a89928d2ef11e7f11c4d59812c32e0a1da0548213bd6753804fda02eb081a04ab3a48d176862a44e37cd9f273a5f6c25fcb3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

MD5 62cf72f305a7c9d7e91c6a5634fda102
SHA1 122b39315ed01526815e188eb0d656253ecb4fa0
SHA256 91c226f2f15c80af21a9cea6fe03f021237e6f1d7347a26046c6a9087a7e5ceb
SHA512 4c135a4103bb9e0a9c842bec35a499be809407388e7741971d8ab458be33c50cfe2f73e91fc5c245b45a96241dd5d4eb4b5b1912ae682fb9d7a68f4d3ad0ee12

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1744413214e9952cea3cddfa7b71ae4c
SHA1 160e9b5e48571829503f9de5af238ca7bca75a82
SHA256 3d6893c46ee5b8033281f25ee4c4fc0b0e711d29533c1a03ffbd851533ef2f7c
SHA512 2f8df9c89b327de33e45b65cd9d0fc1a6572a5b8f9226f36868ee279497841167d38594925c0d629a01ef62b7b7ac8b33fe5770d8553ba630cf7f6a5e112a99a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ad41e4800bacf6b79c79460c948b88f9
SHA1 c9eda2c3c080c3e5948cda2c90e59d0c3bd618c8
SHA256 b82a62ad58cd415f4480030339c93830e68b74ad8fee701f6519491e3a342bf4
SHA512 d1018bb537f43792a7e70097fdfb973f86799733b68faa67b56863dac6eaa8ef4a64e8d99ca5f87c4e7a0f5b61ffbc085f27c114e795558ac23198b3f51a72ec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A81C9E234266FF148A256F35BFDE7248FD8C97D3

MD5 e60b1f2b07de7852471205c747feb7c9
SHA1 543f52a6f6e937eb7f1292fe75a5d6bb8447e60c
SHA256 f00d2dbd297ab39fbfe3722d69713ec0fe2cb364071b349b8e2fb3010e70739c
SHA512 726502347a82ccc0859ef90e9ff9ef1c58b9628ec7a29bbafa052671dfb532caef36c4472d4c4610823f422bdd25e96e32db25da9989c7b2067e3aae809d287c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 12ae7bc2664a5adf326489395a46f9d9
SHA1 ef357aa7f21c13d468b54e78dcaf0ed1431a30f9
SHA256 c5e78d5a0f33f2a29e7cd3700c42dd238e5c5b5f727c9b9dec937678974f081c
SHA512 03a2c57e06c3cc0f4fc1fd21542db32fa97f8e3bb2c6616ab40b9cdac4fb0e5f3c12c39c56e9bbe5d65b57a302dbab994df2931fb73243197c626de7d289b1e4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\4425

MD5 b01b6679488828fcf3dde3551203333f
SHA1 1193377e642770e4f3d54f6b8afcbbef7303a3b1
SHA256 3ea4de45132cc83b70c0c9b4e5cd39c3da2e3a3fbdac1302f6f7776dc4ca64ba
SHA512 2e62df1c63f3b76a8fe0bde1790cacee6eda0973befc2c2f59f2b05baced38f4bde8f0fcc5fd2012c6043a410ecce1bd07759752a9d6d890b5891bdaa6ce08a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 04bb7a843cb28634453f847a24482ab0
SHA1 b70a2aa8661fe050cfff8a342ff8b68a50bdfb8f
SHA256 24febb9630584d9ecfc75956a3f4aed4277711b904d1b50a6c89eafb6b375d38
SHA512 f5fc0a52090709baf67faa81538860ecb9e9685fdc877fd1699a4ee7fdfedce2f77d8eb811e57d19134cfc18a441a7d93e3ac278b34cf075aa3c8b300d525f8a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f63bb850941b4d97d53a31454c1c7814
SHA1 af0b54454fbfc1b9d0075eace7a8e5ba19fb4354
SHA256 0c15252ed5182050cdf6f94e84adf82ca5e5fc917d1a5cc3ba6dfeff228be14a
SHA512 ac70758422a14622659cbe40fb1ab7cdd43260570c3b44f1f819c595fd8d75c8a5ec5e50f16758ad21fc8de28664de475251425891277ac3b61128c92b3417a0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\52DC50D724CD8CB66E810A1FBCD3A2590B75E5CF

MD5 8b25b1e4f85f0d6733fc03e28787e073
SHA1 b71a8987c5aad1d43b073f7314278b74ea932d82
SHA256 6bf86ec6b324dbf0897c7f3a91930f80d92f9cca3297f072e80b9d32e12ed3e1
SHA512 03c3b6f8c70dc10b88e8c584ea14614172c53c227f0b7c235973e1e43047949fcd4bdcd72a8379a7272a7030115b11a396e4e693d48e5da9e4851150b9011c60

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2232182701SeesravbiacteaWDosrgk.sqlite

MD5 5b66fd7d49a21f0eba386cea523aff25
SHA1 c09d078bbc09731dbd100628db516e3be776428e
SHA256 b30595143be2b263aa1c4f21be3c40082a04213e3ef03ea221d5f2f07c4fd9ef
SHA512 a3dc9e5fef0f76a76ad25b963bda1d76960fa1b1e96f17380e492a3ee6bd52036819d2dccfc835909df9156c1661657bc25d5d7dd1f4418873eb62584178d4b7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\11040

MD5 26e0d95c217c4a2a779800dc48996491
SHA1 236b480ff193af01dc7b430a0f0560e942bd5417
SHA256 acbf01d60cf160d77bc2186e0ff9c718e0cc0210ec4cf30b861aaf6c815605ba
SHA512 a660afa8b1ed98dee6a9920847ff6b1062b1c6008324544589a745ad4cdc810e326f7b5ec646d8b075674cb098d194753773af3531464a5a3d9b01557aa3509e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\21994

MD5 6c679c09f0b63c78b54a93df7cf1408e
SHA1 f013eb644c07cb04716a032cb885893d742fcc3c
SHA256 b25de8648f06cc29753e5e63a95cd699c8c95907fba44d53b45f51e54a83b34b
SHA512 8993e4580940a403eac97867b0a046736d95dde706cb67a9d1fb4e418411dc9bb2b84e6876c6886d340947458bb0b0a3f8957694d1f5304443bbf1ff7b0dbee3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\2661

MD5 c02ed0412464f84f216850f8faedc9fc
SHA1 a5badaec79c18344448c234fb4c307705afe5d81
SHA256 5600defde739aea98dc75e57f1227dd271d5dcbcf179df480442d8065457fadb
SHA512 f0230c60e71f2357ad83bbd7a79167310a2266f68dc9de3ce9232de4ef68a271eedd0a0fd49ae35fc8f0b557b95b4dff7782d9a5c2140299ca8ee12a07a46592

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\16131

MD5 9ff506e54f7158e5610a298a6ecd67bd
SHA1 cdcc988ef524830f566020fc8e4eced5469d9a46
SHA256 3c4a41d99294c6006bedf08cc39d8fde3d81b8f538697f9479edd228bfe74f89
SHA512 f92a9a3d03215bcc7eea7aab5d18d592ccec29a9377c794eb20414652ec6659eb3e18b55c5230c4dcf14b0cb4873d69b6258e6f52cba6d255299b2c87edc13ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e447b64d671c8a0de07c8e398940a5f3
SHA1 749c70b4ffc918e372e942fca6ad2e1456e52e25
SHA256 e514ab3243d798d3a408761f8e0af5f3a41a812f93f16a6079637f63c1d5f637
SHA512 59cb97a6f3002d3dbe8a0b83731398eaf40a4a6f7abc4bcf4bf8bbc650dee19f4035da5895e5389d544201caa263c52a4f4f89993c79c251a9f24046c41b0204

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\11824

MD5 d6a26848f7d2406ecd118dc3ea8afb5e
SHA1 fe6cbb012ff41b8909782e0f68fc3a9529e42229
SHA256 1f1372f0d7fbb3f7850f3fece39b7c36d5deeb4f47775dbeae5360680fd305f5
SHA512 53259213a5c5480d8bd1a4c54d8c07ef2b2057c99a4ba73618aadf007b004e75e940838bf95ad8973e2378340626127b14f26335df34c5399cd537772bc96d66

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\30857

MD5 9d9f91c3458101be4b786e38e2d3be9d
SHA1 dbfbb9db37a13ae72dd685c464797497373ee9fe
SHA256 b6d9a3ba11466d3feaacb7165ca5aaa7bbfa29d6d7adc37eabee027fce72e35f
SHA512 4ab6a5a63c3ab49b3fe625fe434410236e93242d74f8c71f85dc53f353f4bdf05ef4f54184e9e9f39ff6628fcf2a4c3d69126e0db16b65f8b95e6f907afa176b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\27591

MD5 698d3061ab39a0922d15e14992991516
SHA1 46e7b2658f3647639105b9edde4489b840e64d29
SHA256 56e48eadbdff84a2cda16c334f20dc2db298246a8665c27658de0ae36bcad07f
SHA512 9bda02b39789e9d288d12f1547cc03e2318127256061f8052c2c9c282ede3ee533eef485ef956f1ef909b8b2fd6950e73bd501b9758bf683291b1206ff19bd79

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\DC187FE54FE710997F232E6D8F638C11AD9A82A3

MD5 0bb19602056dfc6e4148f6e0feeaf2a1
SHA1 a6e13f0b212d6fff90e21d0083c3e1a51657cf66
SHA256 9f5cc0a2a2150ca29dafc8cc25f04ac441f66a9c5c26dff417f7f060cf4d5ef6
SHA512 3e129da0689c40c3b6288347f02e6f9588bc7d3217690d2aa62c4c0183093dac6a2e2cb1c4d5ef07cec4896584c6872820942ae91fc1d9c02da0b516f05232bc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\C877D66E1FEE4A8F461A686ABF9C6C60C7D3DFA5

MD5 27aee2170fa5bafeaa26b7a751a93f06
SHA1 595c103fc879bbd0958ea427be49c64519444d91
SHA256 ef88b65de3a0d6d4465941a8dd180275967e093211a3ebaa0fdac93db8b132fd
SHA512 c30518087145249765896ce2f026e659598f56508cbe76a59af15a8d6d92615c9681df5d04bc426f1de046b0aa5a8dd37f3a8d8a03a698ed318f48d5ab8a4a78

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\2600

MD5 b49b65a9cf8504f95c7e540d4f53ae72
SHA1 4ddf6af621cd32947529d9e96c2f5d72750a8f02
SHA256 f75426b749a4e4451b6b293bb62a1cc238dc4fb29b407d327609552981579bf7
SHA512 8d4f79b17004da530e65711c7bdb7f13bf2c67be5c804a6c749795239b7f238a7c2a6309c634b64eb4ba8ed355dc342546b8abeaec1e80c708ec93152ae0409e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

MD5 e255f47d46b785b7802cf7f1bdb15c9d
SHA1 dee2d41d9681a6f269a9783f2a70ba50be028662
SHA256 11b59b4539a1da7b4d81f5c99618afe9da27427bc49e201ace7a91ad119a94d4
SHA512 4983c29e1c178bcaa2b1d5d211d6333b4d78dedde4456b4ac7cb4903f66d94f36d2fd30a3b1088340614751f01a6d3e06d484840bd3f764448fd24f497d2ad33

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\2186

MD5 5948dcbfb4e09906be11d4d8ad2f7106
SHA1 4fe1abb2d0e709edf56129a2658c56ab54e17835
SHA256 54798272db0416176ba0c3fdbbf43d33243b204a19876caf33fdda85250ce2de
SHA512 3ce4c497bef37e8b23cc52184d00ee880a1df80fac1bc543b37ac7657e6aae0aa3d77c692a7b6a52cd753e97a15957339b25132e6c0cf29f80f7b80c6502a1c3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\5115

MD5 c71c137ba8a6ee8793016c535e239d22
SHA1 6c8bd6651a5ad8ceb790f545d2564e6635762df2
SHA256 d0f8fa3ebd0b2c262c8aba353db6724a287c597db556cb8bb2ad7b79ba273cd4
SHA512 4b1452d2751cd002aafa6503a28e3bf0fc52e07ab9a1e7519e47c8e5534750279e32d6d9a384d1c8cb025a90d292c53fde69f64e677c2c78b1416f5de1866581

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\25765

MD5 0797724e46172a37d2befba68a421ae0
SHA1 96969cd77f8629560bf5c74eb1905277b2d49ab0
SHA256 5e0de22fcdab3e12fa0f1eb3dbcac0e24f3cd3f6aedb1dba1f8b500e8db880cf
SHA512 1f262710c3986b5fcda5580881fd2dd6be9315afa2c87ddaafaa570404d14b99e096de9ca7b2fe26dc60b152529b1511cf30d5d20e85652f223a1e1cab1251aa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\27796

MD5 5a11c29fe32027793adfb48bedb71b9d
SHA1 c69722eae19f680c86d0ef62e28628148ce91ce1
SHA256 48dbf9df05ab418ab18739265e0e27c308493cb6569d1aa4e5976c6da10d7ae5
SHA512 9303e4a325e8b7400cfccc72a807250428f030610f5032735d938c6a276b583b0c9d0494da070695d396c50a34b2b5c3c787b19a2caaf5d46163ab62365f048a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\FBC042FB2FCEFAA2003FCE2B476862CF5DEED816

MD5 a297a161b757d2bdf197203090530613
SHA1 dd35184bc1595068f1c8382b2e0584b9f094e6da
SHA256 7b67d52e14dac3ffc731f74d3a40e0223b148410ebe50d416bdb6e7f2f20decf
SHA512 f3a45759069edbfdc7244177532a402940388cfab31737cbeca0d2ab49de9f33a517e6ee096a624243f7028c3f2ef9028f2e3905634767e093c959286045fe72

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\D11B9A2B8549A432F2C447A448471D7A283727C8

MD5 bf3be08aabb6cb95665e744359ece431
SHA1 e5cd33999528cc04ef4f1e9698057b0788d4d1a5
SHA256 082471dd7c7b9e1b5ba8622aed01b2089e34753561db33184483a4b02ba67752
SHA512 b3f24bbfb8802924b644144cab6e5c219e65d1caf5404eab2f693c3667b07b463992bf3a40454e9ab2e0816645f846a22c90de9bafe04176b544a4610042012f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\19163

MD5 7d7d45d0b3f3544d264ef412930f4e56
SHA1 b76d960abf0f6f35c7a0f2b5df6f752e96c6467a
SHA256 54cf124fccd2c5060c8aa906a721dd952e363624f2efa4045db30a503e0158dd
SHA512 9dee67918b5bc65805c0d15c2904508abf0266665967b28f80027b37b694c14aefd59b347acfde5761b18195ff26ea48b125ea293c30db29a8307d6c310a47f3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\E619D502D0DC2B10837AD54328D8DD4D36017B24

MD5 48fec75e9b6dfbb851ef531b43d95c10
SHA1 e24d0aae59f98850401dc5dd943017a5465e31b5
SHA256 0fb900c36b00e2fade356bbf8e3e3e1a038a7aeac9a2e7a80eee86e2b1f34173
SHA512 c3327e8fb7ec570d9bd70026543998c538e23ce718f992a58f2e7077f04b68376d299f981f6a8d610de9657c9b730bf2b69dc033d2a041c40a7328dc8cf2a3e3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 94920963406c4319abfd6f251939e411
SHA1 02755b684f1110d652225b452ceb9c30fe8b369e
SHA256 177b548efdc023f9bf6cbe36bfd23539e218d284e60a335852dbb20c2e69d6b7
SHA512 1ee59970638abaab13bde37b28f418cd81697b495ed95f4645682b46569ce7faf528da362fd336ebd473db7cc69f3a05e2223791a4315b997e791065e4daa6c7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\9A64E8724C1211D2D90AA8801B0A6333A4BB18F8

MD5 6e8eb8f51955bc970a8e3e8f2b6abd15
SHA1 1de80d1677b84ef57bd8eb689f6f89aa51a869f8
SHA256 7c367ea5fec244515f64b320a740f4580512fede37455ba135b95919267eb552
SHA512 f6ad9f4c49bee0c601135073e5a935924af2de0be7f99a5b3ae02e0ca25ddc6075f937719ae7c4a5c1a7102a8090ad67a9bf0dbf31ed8947f469ed0a925e7e3c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\208C84025BCF634523BC7E8F87BB4CA4F01C1EF0

MD5 2fc411be5115088857857f0e3c98b6f4
SHA1 601528c05582269d769a84d1534602c5029b82dd
SHA256 b60a74fd50e07f571906b9622cee593f2ab5dbdf93fac80da984afc2b6f109f4
SHA512 49f3073cb801ccd1d0937a9ef65822705953bf6c7cd15e2b6330ef7a9ea265ac87c0c25456f43645b161872a4fc877a4fd9d0b61651b4014d55f49d504237232

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9006

MD5 32f6dc5eb75eefdf0e1b4fdcba18ff96
SHA1 9b28b946e58819fd318a53985215c2fab124d432
SHA256 5bb1c5709ea228b976191221b0a046d27cda75ffcff562ab3ff95b4e9c594c00
SHA512 4b5f34fd4f3c981f59271e95b6064b33060fd28c3eefa8d6b851f59c3a277464e2c77451cbe768000db0d099b91443435633b2fec9bdb1f8d2c0052b12005154

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\14346

MD5 4495074a3798ccf220ff4882dbc933b9
SHA1 5670c3970a04d38be4ed39b875008751b4b658cd
SHA256 8d9fe002418631044b3e73f322d12776d23234f6ebdf6874a4fc135a041433fc
SHA512 4690d778e429921d46a82c71d475ba9759927f50fca6953c74e5eae94fd31d8f89c2b6f7fae0776b7bcd71e66555b2a7926954e2f1f0b05a91c62b152e508f69

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\18242

MD5 3476157683f5ab29a4917b7b8f425c15
SHA1 df4e5e9f50d89cdb3c342a77c009d78327137229
SHA256 8ee36c42a80fbdd500acb95a0022edd4824e9c3a02df80f36687e7cc7d2b706a
SHA512 c69e87a27aeb7e804b54827b3d75ccaacbca009a4197b40a0728fdefd5f281f8cb766be6048bf8160268d43eebe9fa0426fee0b39b5aa087009f63bc93dde3aa

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026

MD5 134c3b2d9dc6c1b190b52f8ca3dd6136
SHA1 6dc981a381a9b998f4067203ef881edd5506db16
SHA256 806b6cf82c56c7966550290a2cd4bd7eb556ba0c14ebfeeb59c880cefd825776
SHA512 fd57dcc1bb49de9faeee51e8fc2750b09877961b482d88da3dc96d389701b0616e4154d474ef614665d298e89c8aacf4cce6ae010e7e98c108154868e328daa8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9f8016da9b58223b637cf605b1a65852
SHA1 6546c674070c02a6d2af98882a12edae4966a7ea
SHA256 6ffb060668ffa822cb206c417c999fd23b7acf01b015d14531a74a262dc633fb
SHA512 22abe77af4fa6ca1fbdb57e8e09c23fab75b6051cb161634a840fe7257e4e7b3f2fd071d00760288fbd0d152058561bd3da64df15f17e5aac1be123712274a71

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\29032

MD5 7d83c11107c9dfcb4dfc9004f5ed069f
SHA1 1269667b307455dbaf0f030573f74fce5073506a
SHA256 1f77bd5084bbfcc588d1b80955968ef63b2ca18dc90fab81e858e89d6d5f8b5c
SHA512 cfee1578c19fd4da756e7ff14e1c8b93edce8fb09e5a5c3627dad521ac44c10045f7d429f8af0aceec0e33785bf703ff5b740286bef7168322c45529e340e0b9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\16790

MD5 7984cd41bf7328a00d44678d9cdbd716
SHA1 bc4adb8332c20d5db5dd2ea882aa5ae8c1c40ee6
SHA256 2943b6701a5167ab5ad5a91ee3fec0c6f4062a9f939a77e26685bacf90bffdc9
SHA512 83a08a42b71f401c8a17daec9a597f2cff5fbc499c5a1171baf2121657bbc7200218968b3e81bf23cd97c6cd3d53e43e0d449e406573610343f6ea967dc207ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\810

MD5 4a6e286940c87c08eb73402edd76b9f7
SHA1 260173e3344be1a4f67d60a8cb953569941e5bcf
SHA256 66e44bdd4f1b73d0573945f4af8b0b4b844cb0a582bfdb3023f98ceac5520ccf
SHA512 1994f525b081b26839120d35ee60430ec946ef2e558158ee4a8e127b83eab6abfa3b8b4ab04e6e6c524f62fc6f8bbde582fcb662c16c0a2bf6df26005d4512da

C:\Users\Admin\Downloads\BonziBuddy-master.csSHAYEs.zip.part

MD5 74413fd9206eec5be4e3c7149e8be71b
SHA1 18cef36b3b675ec1e8dab4f7c0b27c9d09ad8905
SHA256 0fa5c73b1d774484a1720f34d3a6fb5c6383582ebc2c949af27d6a9acab3976a
SHA512 c64a12f6ef11d685c810e0482b3ab65813aa01c865faecb58ab9ee8c13405f0351c73aa5b1db953833fe21efd6772c22e499b7a5a77baff06a902a53f1689350

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c820ec167f0b42f063e9e86dfa3ed39f
SHA1 1c09ba754c37eda5b5968526604fb67a11dc708c
SHA256 18381218e0f7a48d7004e0414ab86d770aea1d0a2aa0f40ec476db66054e1b7a
SHA512 09b061f604b49846de2dcb43b461abcee14951473520e4e4b27ea33ebedd2c3f32b4334212698686cfdb7881b670e2e1bba91298f83c475e4b51daa7ec6e2c19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\22aed011-6ff8-41bb-80ff-a2963d67a88d

MD5 a6741c8f7b72b8112e3bc67ad9dc19d9
SHA1 e13e24ee50f861a1de8cda96a831513766b239f0
SHA256 62a1a31338af63ce3ac47c6c37ec3adc8afea315e7293376454030882dd88efd
SHA512 2387b82bc38b0f28673e10c5f6aebe28cc35f5569c5ba3f59cb90674a9abcc6f3d3443e0aecf7f0ec7ac0020c260c541f65578644c0d0f7d968c54b0b8023181

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\85754da2-29a4-4462-8c2a-59fb9f50f5ec

MD5 46083d5d6f941a863d94a0356b270e59
SHA1 45ea0b21ea4684b36a3a0cddd714333b51d323e7
SHA256 35e13a34ecad2b247d1228c1d3ac577636e4fd600d62d776c43418b8488c3d6b
SHA512 98670f58d5a69c8f5dc41cfcfcd0b7f0e141a7d17d868def92fa44713ac9104e42101c0030c31e55c04e831e6e5102cc46c4930527bbbcc6053199b7c479afc6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f0d5043f5a3c98085839fd3f0794e7df
SHA1 4dd0fb348f195a28ca2be86406c92134cd24e1e0
SHA256 362de62b1a8474a5c7aac862230d3ad86b59168d349b05d4f9720e8d84089a57
SHA512 9116b714883967414ed2460cc97b1b5a3893a5249c494c6fe93d5bc0a791f62aa06faf4161f58c589c76cfa8bbee80e789305cb261efe7b07bba1204a3094e2e

C:\Users\Admin\AppData\Local\Temp\~DF0BCD5E8EEEB51288.TMP

MD5 5a08eb5df02d3fd7e91a0bec36251445
SHA1 171ea61eb1f9863e409d4bc640367708e1e0c714
SHA256 579db4ed9096eb1b01aacf7a2cb88d9c1f143f8928b8d60204e42ceaa4cdf946
SHA512 bdb9c7f6f141a79f21b5f2f49c82f54365c0bdabdd2545f7355409a429d0dfe0eee6e28329ba086beb4c38041842b5a91a81ad77582c8b234144bf6f0044409b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\32222

MD5 ce31d6023f09a8c473b4264a9819996e
SHA1 a7d23421b63e58891e558f9d3d74b9f3dd1bb603
SHA256 c90ec473f0305bd78437f9a6b4975f457bddab9e2fdac4e429b54085aeb903d8
SHA512 78fbc5705e147265f039e25d47478188e006c8f61465d7df82126130fb4d818c00c29c24bafcfd7a6b571799f6dc7d10f36437c25e500fe577ddc0b5e55df946

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\24143

MD5 9e40a47c0b0aa210627f446df97dd591
SHA1 d96985ee551fd7e5f2f60ae027abba4ffa5ce777
SHA256 05d7aa6139f318efea62ebf99cbed515bc37816c62213b1e918bbdd3ad20698a
SHA512 64ca00d3f81afa25624c24fe590f5c0781a50e3cb5d1fd970750f9c8c5a99ac455efd910543cd87eb1934e5cf95695b277f647271897dc321602b09439659650

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\30338

MD5 c14083f42b89e5be324658970a3b9c74
SHA1 07eda9d20f594330640ae13ead721fcc3537b371
SHA256 cf9260a41a502c4746409bc422e503eb60fae5fa62285c4fce41b87021723b4b
SHA512 6784a14478528c39d3695e8d1e0a1aeb6c5c0f4f7dafdabbde6ef5bf789cdd31c6b42628651515ec20afcc2cd531503e6486f136ee7160eac5f69c3ee2afe68d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\28088

MD5 f9262a1e264889e2bfe2017724c3480c
SHA1 8660bcb07d46180a56c8905f6c7cdb86724923d1
SHA256 3358f252ffe8b615111058e9d37fa002282da9d7527c3fa7fb57f4cf94ac04c8
SHA512 00a3b03bf5b2ebea21a6f6d27d8172da69a559b71ee8fdfeb78bad8aa5b40acad81d67f6adb064ee7ab6bdf1dd1523c089997eaf17096bfa7cd9f1341a9d448f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

MD5 b70007038833fbe2e62a8780921d7f3d
SHA1 012e99da5e9470d682f087a86bc5571e58df08a8
SHA256 977457102e9bcaffcd1b94dabbfeccd29cafc218250a323b92cee153972c8a14
SHA512 1b4e02d2569cf0b01e51f0f17f6937384f4be9ad0d9d75adaf07032ebd1f692792abb71204be24a92aad3833982f0c2b4a175b0fde19cd84778467cd4b31607a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\8CC28CB66FF7A9A0291587833D7EAB5881A6E993

MD5 4edd1ea7896c1ceeaf66d86ec33b7225
SHA1 40cedc7bd8545bd5e7ab8543787021da0b76637c
SHA256 8d61d3cdb3eaf3d6f528c8fef191533e4cc26f1e9fef4e74dd78cf05fb47640c
SHA512 703c6364dbe1acdaf7ba3f73f002fd40f8c6e0b9b0841c14cdb64a303f440aaf216a77802be7f3fa2abcb8b9ab4fcf1451d3ce8537be30a4f413e7d1b31a962a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\AA9BF27E71250D09BBFB7F2AABCFE51E4D4CD187

MD5 4bdf28e916c9e7a8fe8383c813c51eb6
SHA1 072a51af196d39c677a5b09461bdd96b6b9b1911
SHA256 e46307908f9541c04328a865ddb2e4dfe9510459df679d6af7596596c25627c0
SHA512 7f7d5bcf1a00a88458fa35b9de6a264340f789e7feb8d9b00979733edabe9dade418e58053e4b0c56cd4a276018c3fce34b6b3559f6390dfc647d39fa2a9fd5e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\ECC3BD59412EF800159A3A1EC14F0A77FF913CE8

MD5 fb3fc71e102474a2ae5c3ce3bebb9ed3
SHA1 ccb879c5158115eba567f7b084573f9ebc7bf2e6
SHA256 8ad339723a939df6e35670f85dca5ec769ae251b75992298f96c57f3268adaf9
SHA512 740cbc85f2d49b2d5e6bf2024aabb9afe962b51af58408a3f9dc02824076c28ef19e8b61fd9ffda78d7454e1715f962f3f97519bf08ff04c79904443dbd2f103

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\C40A671DDC0E0D1E51773C34A7BCCB0020C7FC14

MD5 27a1727a6d5be3be06946d271e309e3e
SHA1 f57edde94465c8edb01346fb3fd60ec356abbd0c
SHA256 6fd5892d028c048fe62d5145caefd4bd16642838e82e71a037f5f91e20465afb
SHA512 c69ca68d50a0096d784c8ded00670cec242f29869baf5038e444f5b1d279674800d34af85b15b70c04247840fc49ec1f7d77cfbaefc00db6872d9c0de7fba50a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\0430F7679082E5C9E37DAEB9E7203105F9DE6E1D

MD5 082e02ff6119817c2a6ff2874f288c43
SHA1 73d249db4f1a8664371c9ca218868278c9813ccf
SHA256 f0d2b72176164778431ef2ad7054f294fbc88c37b8a3523b1bcac9ad7b24e598
SHA512 2ab6bd2ae25b422f53fa11cda8d43eb34bc91cf725f9120b1630cb24441f5b4d4828d4b114dfcbde2b344a319f03ada4a49c59fcee2d7f58fbb8ecbc9526164f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\DC8A1DAD028AB77D5CA52835694336803CF7EF10

MD5 6a90ec373288e107321c9e123369f155
SHA1 1b3906a65f74b9f874cd111767eaf74bb0291246
SHA256 ed8dafed2284562b8386043c6c89d9f14488e3e780b4cb2b4ba284c1b9df43fa
SHA512 09aa0ad5d3e1b0f50bba2d187ae92920873abcbd4a4775ec0f01b4739e34304ff509096616ed683d50858cb451254b68ffa6b118926e5e418efee306520351f4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A9CD5DF22D46370F6F1959092BFCF5F2851A2662

MD5 30296c6b50c43599792888e779597071
SHA1 71a8f2c1cfefe5ac612b6414f8d42f192142cb9f
SHA256 c8e8722ac88398d1998c2217551539e793533e99a1077f46e823d2d8e14a5b74
SHA512 3ad177952e87725ab950f69b662dfba88d2349e493cf6a82378b282334e81ab474f24a3e4ec464a48e68288ec09e96e71ff4ab21b1f3488ddf051e3c4fe7e67e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\67C899E255FAB3E005640983DEF132290EEAF453

MD5 118ca5bb92c3d35a4db59e21ff8a4c1a
SHA1 65b2c0f53d4f454fa94fd65baa7410e08a266588
SHA256 5554ed3811770b1bf48410894cd971e081dc14fb3e67e8475952d31834842ea5
SHA512 f2f822426ebe15ad0f42f5df47e7fed7d0723315f01bbf9d274bf4dfa72eae91cc41e62060ef7d6e983e371f9bea98c3fa3c1db7c9886141b8a5763f1444a7e1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\1FF4F1FD80623A3AEAABCD6503E241DC2F3E2291

MD5 238912eb327e0fa5232d41c25feb3c80
SHA1 42706d12e6efbee570526d48ae23ed8153585299
SHA256 9fb83d3f350677b64e0ca88cccc9a336a84eefccb6111717d751396b9bdd6642
SHA512 3fdd640536503474d8fe5d4491da970a4dd5972a1b3aaaf7abd8a4ba9ca5e80fc37a41a18edab75457c1ea325f8aed05808d5b11f3faa2907259697e0b9e9e18

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\175FC1F27DF5030D57F8D0FF3A5E0CD7039CB332

MD5 801079106097876cb064e5955dec2cc0
SHA1 da7afdb26a3d19068e403401ae241aa0c672347e
SHA256 cca54ef2c50d1b3c525a34a09688d5b18b567841ed9804d87af1aaca15f109c2
SHA512 6f266568a7554aa8d8276856e3920931de0b1076137f1f94f0e60ab4fe2bc12d95aacfab2a6e99ca9d80f8a3d49020106e349ee8363aa0e59aac015d13f8fd4b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\61A78EA45604A0A23BECE0A69B0255A2DE19B805

MD5 eb02e5f68fac312922af3b59d7fc1f44
SHA1 52834921e5ca099f286a5624d3d99dce0de2191f
SHA256 0059238668fcf21632c00d90f8de43100647602f9f15bc55dba993711f33ce44
SHA512 048b5d8f1c3ae5da842c703cffe86402fa3bf6950cfb2df4519f33b41051be823729725aa2ab0c555b7a2ebc6146fe7f8648fd7b00738058804c5e9260b4e490

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 949d84791a60f625e3b70ab1ed6b5da1
SHA1 def48878465fda09d5061a1e6ae007307ec4ebd7
SHA256 d0cb42778e8f20da52828abb43fdfe6a00623b56e2b4b7fa33c3f9401775d009
SHA512 1297fbb96fef45deba0ad81efaaa4935308029dbeec13bf45f527958dc29e4c6929aabeb388b5d53e5e9f019d761c8f35175a6e964d879fb32cb4fb68ac68126

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\jumpListCache\SxPk0PvcVCNbCCciQLnZfQ==.ico

MD5 42ed60b3ba4df36716ca7633794b1735
SHA1 c33aa40eed3608369e964e22c935d640e38aa768
SHA256 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8
SHA512 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8a6e6e3526b26200cea10c29137b20b5
SHA1 2d29ddfada07ad277c1e813dbcdce8342bbcef7d
SHA256 5e9f0e6f79d46704f4b6eed632fd1ecc6aefc283cdb2c1b0805b41f9afcf9a9e
SHA512 c16e3aee87bf21eee8ff82a54baf379219fc3d2e8e6ab7b7778febfa57ad7bb375f2abfb1ed47d6de0f7fccf5e233397bb5838b58be7c4db325f9569dc9fd0ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A29388F5DB059DBFE3C6D4ACB2CED35D1353E915

MD5 6e5d65d054aad55d3a80312a9ec47139
SHA1 90c11672444cba4178d184d8b7b5ca35660abbfa
SHA256 8a18dd131d2dd40c04085d3d6461d7bbc8094501aa3b51c3ba8c6b7747f594cc
SHA512 e98f76e06814f8150f1fbddcf6c694314c636a32dd4d46c62fd806e85a810200cecd4fbc547ade974991d11740c4f232f300cef276271e7343835b85bd933a92

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

MD5 6e28633deb4d75f90f133ff6926b637e
SHA1 d2e1d4c3e1af78f14f2f9d4c926be6954eb3237a
SHA256 7d13c8682297924fcc3e6ef4c2fd02aa7e7186e9bbf4ed79e8d371b254d5518e
SHA512 9daa4aebfec91b1ccf6cc348b533f05e42d7842034790c67442232c122be0541b15d272b9f3924f27e66dd374c63ba47c155cdc8fdb1066ce14ad1ad7ada19a2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\15094

MD5 6057843d599bcc37e9c3b82b5251958e
SHA1 bb9fc1968e502c96bcd4d9648d03e182df490d29
SHA256 992598bcb4aa2985c0eb1ca566385381b0a72cce0dbc2f2bf9bc4a4ff4df1495
SHA512 9bcd03105c13b142622c461418efbade106a800053509733722e23fb56b476d6dc2b7a109c5336dee7238db1b7db2ab1225df48ded6ba4849c38d1f3ebb1583e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\4578

MD5 0263b17fc6eece0e456fba0979c4d0ea
SHA1 54034590b728df8988ede1c546b2fecd21c7ac40
SHA256 ede9543a0a83ca748d8f3c11808d51ffca02ee0cbf7af177403d1224434da643
SHA512 6d0c2451734f4d2db363b9a91e26497c6a996fcb193cfc44b1411d550421e1ea6eed0b9d2565a6a6e0e8d83d70d5d1a78dddb9281affedbac1471754735b1d49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\8451

MD5 8a608020239a779a306dc3c078c1cf1b
SHA1 abb0ed684044020b86d2f19f515990d86e4c9b71
SHA256 f8338c5185a01bfe61b4ca364ddb7d23d8d1893f92d456831aa15f1f62f06f9b
SHA512 d7900e5df6559e424b91c7078f927633371dfe7f81f5cef442f345532c57e7c1a5cd2bd73e6827ad77c94533ba3888e4477f9ef328590b50a57e1e0b7287fdca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2c55adab95ae359cc3dfb8a1087cb4ea
SHA1 cefe7178af578dfd53ecf39d8f1292b4799368b3
SHA256 1945396def145038bcaffc320caea1399d8784a909e1a427b7fb7ce7f6d27b5e
SHA512 d07edb901c42d4bc5cde196fbfdc91509768a45b143ffb1c4ef643f0aff786baac805df6ac0ba9a44da82add311ab1821a777c1db35c7b490d7ed7e7cbe804de

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9892

MD5 a87ae865b5a52e4283e44d0bb972d0f1
SHA1 4071ff9dcf38d6842a0a1d17bc78782cad473683
SHA256 cbc66fb81a896aaeb162bd7bf79db378913f45816bdae3aa874579ff0f099969
SHA512 8bf80c0e9a311dc7e6386cb3bbd84273a082e50605d3292885d772b17d861a8b1265b6a27481402beeb2eabe4b20a6807de61aa672cdc75c2c6dadeea4797262

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\F460F38EEB86AAA3F2FB98CA4FB94A62D6EC0DFF

MD5 6616d4c727246793fc044ef488398bd0
SHA1 aa9338d0909e1dd871853962a5d93ac1fb77b38e
SHA256 dbf67173ac7e607f13f91ed05e647c02b5aa93582d4677eed656ccff41fdcf77
SHA512 b5f76f0dfce7db80fb094af184550ed5c4117a9acc389b7a90578adf81fc21863ae5ad12c539b6fa46ab80e62924c3df9e75e34514eeca2ddfa898af528028d4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

MD5 17c299f1dfca4813aceff4541d9fbca0
SHA1 2239d97b1c03477a21527b272b3f777759c778d6
SHA256 941cbbad43406195e9a3dea36de1ca36610c77db7dba20dffc3034c2c0afe96f
SHA512 3ddfb5dfc6f9196ce003c86f2e75fd67d1c828d5da5476a89097aa5bd8982cf59dfd1d14ae6f1436531cabe1e3e4f476e8d7577ac89b01943f6bf5cd4913a621

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\51A07BE55B1DDF58CE5FA5017F75B228788F50B6

MD5 123bb19f6cf114d78b8e54b8fb76172e
SHA1 63e0eb3a4427347ccab86c7842c6d47b4e83ea2f
SHA256 ace990da2167e0af47a4d2edb567010b419ed1bb7a25cd04e4b02cb99f40d7c3
SHA512 bd2b32420f2847490f0b62f7cabed435e1ee87e21ac0c225c71301364ae7316482c12a20b91425bf70c9978dd6e1b9c853ab099822cf45c49278f5c656a1e8f5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\7D392A66986D1D9F40A8D15A3B14398C1756402C

MD5 7e81d13f88838a717a07c5b270ada6bf
SHA1 d464813e75e32d8f4ada00c1300025b1d424ddce
SHA256 32497ef529afa65923c861947ae71a7cdc1cd10af8dccae894dbdda1b68017b1
SHA512 01467e71390b1522c2249f87742eefe93031d4ec26873d1a0198d9f15a9df3069598c7b27f5dbda5a6728012df91efcd4a6d702030aaa4aaf6d2ba30acd2c765

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\03E630A9C89267E2D5226827C869A4081E15B69D

MD5 2e5a0103f1ca1a8d11f245a2dfb171b0
SHA1 8c8be94519808aca7ee6fc6a7b88fcc6072599cc
SHA256 9f36e3fdb87775d4da955ba5f43264636a757c395c288aa9638d5e83a4b3c97b
SHA512 94c95a7277e3c951d7082b05cd6b266e94adf6700ade0cadb08e1b82c46aa9f64a96d8340883206fc584fa1d6f01669eb0307c12eb0d4bff01b80bcde3b293eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A3278E98BFE23FBA69EDE5E7EB2D02FC58E6DE07

MD5 45f620c544497cad23b5cdde089d28b2
SHA1 fe177fb2e08edb4eda836d859893aa57e0828630
SHA256 1a8b854d8298d8c69ccce6d380ea10b942efb531f71c698643018d9879e056c3
SHA512 039bad415b1bdd657ffac400cec702c17fed05776b6bd313aa937b6179f16b07bd2d99f392617c57cd4620e7539aa66a2ade57593354f827db3f86ca3b095af8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\70D12BCE1442B63F8FAC6EEEEAE17D0905807FE1

MD5 d6c05edbebffe47f77628759f00fcdeb
SHA1 aff0ae302d992fcf940546f2f1f8b8774f72b4ec
SHA256 351f09e6a0d881b69107ec03b6e17e054a43f462e19036130f26ab823665555d
SHA512 19754dc07cd4576baaab22eafb6f0b5b10c7df0634b16b0d768a4cede54fb4f3adb4bec3ec9c3f7ff7898eb5f3e2af8835a8370f893a70cb1862cc963eb5b73a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\2745

MD5 4754fd3fa185ead7dfc79d0ec0b439d1
SHA1 25d1bcd43a092d0836529724ee88ba3b05cc785c
SHA256 d8859cc4ef5b98419ea4cd559401af4375a51d72a1b197befc4c2ac4d1584bce
SHA512 59117b922ff5f7148b96ac43d2c9ac73e760679255bf34b85761ae36c3090a419538149b7decd62c868dcd406ae3995a5abdc5b81e609577891d9c0d35fcde29

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9164

MD5 be4299ef261321fa422f4fba9c5fa486
SHA1 5c2959ec9259cb2fca7d04b9e9541f0af9883357
SHA256 cb8dadad43c527f941f5b9dc1b7708024041ab355a1646e520efc5aa3bf38c7a
SHA512 855f2b560242094bf537a6296f2caa7d009c35d89b37a1527db22981ab4d6abfe5cf68f0f99d3f435b0a94dd13814aa73b36332fcb31392e0775845aba10a92b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\16415

MD5 ac01ee9de5b1b122294bf51f8a652e99
SHA1 3db7733743c2f4c6b16e32a55c32ca77b8216ec0
SHA256 c0ae967486edca59a72f16928e93dcdfd6d11537e21e3790f7fd54caa88a6e69
SHA512 04a0b63718badb8a84eaa23b079525cc4bae3a8c1ca58bbc3f28ba1537565e17fcf17418672295e1b1448928a8b0e459a4fa3cf0e1ad93ccc432fe7ee5d96496

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9322

MD5 eec0e3f8b3cecf7438324f97388bf47e
SHA1 4956bf84877b6b6515ba49d37e8b6611ef239acf
SHA256 7127e3576bb94947e30582a3673dd0b8aedcadca8b870113a1c43f6989f4a583
SHA512 acdb955e5dce107fc84acb844cad0dfe52e0de46b01361a8eb13f0eb4489763b5f72a7d85fdf73eeae39119c7bc3f5ac56569ea55370ebe9781828f786ab9e96

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

MD5 2e746ed485edf56362c254d2d75e90fa
SHA1 83a02e58b2e536ebc710486f882c422904aae763
SHA256 367e98fd1d9f9fa21f89cea1b4e86cf98e172c13841530fc3ef02bd2826bcbd3
SHA512 ca9f859e8e9fadacebb431393fc8854f0e6afb500a24cbd197fd1565e0b7ec7b67ab9d857a1f9566cd539be3570bbfe38644738feb4878c3617198cf304b22fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

MD5 d385d299101c0ad321c239db3fc3b9bb
SHA1 8703d2855aa8c02f188890ada515403786ea9e30
SHA256 d9d93e129a0f8832a8020ce2358a93d46b9856ee6a254b56d1a0b136664f98ce
SHA512 c2617db0b7e5cfa372546c90a9965fb6eb447782000e58b28a3c530bf1eb1b2a1fede6c8537dce08b42a0f5f97b175d4f039d4eed516091ffb13a8f0aae06bc0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d8aece256db79d998c76be9b05994f16
SHA1 ed61caf21e65595690fab22e39ddc3a03fd05496
SHA256 e67f9137bd7608e19b9ea369d386308350344bfefd5df8a5614c55cf92a6a669
SHA512 1dbab8f83989ce4f5df5810fac5a5626d6d803e8676a3a649315b8c696405a7638ce0f4d14ab0abebb5367b80116d953c022a5b5b7c35e26313048d7c64f1bb8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\B2ACB154D5026C7929D340EC4FB3531EFD79D77C

MD5 1ef2cd9ee38e919e01ca647cca04a870
SHA1 31042b8dbc385cd99ef9ed88b579bd284ccf85c4
SHA256 ce5ffe9cfa89a5c7ad18ec5aeca8129709a898383623ab12950017541658d921
SHA512 460e56b54704943ccbbe36a700b63f61d5df7f818c0c9666e8c58440b39a98234731a20996db0d99e4ac505e2a538bfc90122286f8b3ab29d3fcaad2a9b31767

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\FCCF9F0E55F8A5EAA3AC9784D9197A9389F2018A

MD5 481ab28509a29178c01eda81e405dae2
SHA1 06065630f7a2f228e13d2e5f49aa4df3bc96d313
SHA256 9c39cc9df2fecc6adad555c701f7128f9fd90793004eca3c7bac2dcf730591a6
SHA512 83a92a51de136e92830faea4687016d20d279e735bf49f69ee41b4754a02cd494828e98f5529472ab1cf8d2612d55961cdb55c1b1558aaddd9d059f3e246b14d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4725dbecba1254e6e428933258ac7344
SHA1 90201bce6dc48eaaeee6f624f5367cbb6369ce1c
SHA256 41ebf63360aa6037045b1b8d26ac69ec2ffff834ebe1ebe934f251dc13491d9b
SHA512 044cf67186f2895a5f579fc62efdc8129bb6d92331d9be1be0e2386171db33d7f797e87351c45d6e9f8357115e46b657ae8fd7443bdfeb7f759412997efd93fc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d30541b95b242804373a55137a503f01
SHA1 b70cc1bb80bde677b1bb35d44789c38541d60b4e
SHA256 bec4821343fd83952703c4ccec57c31e6365e771831bf7977d5b63f1464fead3
SHA512 62f111431d100a359a033cfba29ddbb05693b41ee45c2cc5744ffa63b13675747efb90af276784259d5a952b783e8db3e31d0310bcfb60a503584b35b2bdac96

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ad412eb7af4c5807287d18bffb333aea
SHA1 3f6a1d842ced7ac3aca6d30923641806ce6bf329
SHA256 da12992ced81a651f70fb07f8b0d001ecd02149b8f9458fb8f6d9de234931acd
SHA512 46846ee069b060cc90725da12098d839f0ef00eaaaeb1e83121100e6acf23e3de60e60cd8aed864fbd036fa5f3911c79f6a3663e4fde16a9c7267fa92ed83e39

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

MD5 015d479a611c39823bb2faa592434f42
SHA1 dd44b6f9b5378c8cdb2a2279a18f9d571520267a
SHA256 3800caa5f6247dd45c9247544a966d522c7985f64225a8ea50f94a5b922058f6
SHA512 5633f19d1887b1b22ee86e1c98ed0cf4f9a71b56e157ad8c96f194ec9f41689fa8a9e002256c3898b75283ad536c2d87a3a9a4c9c4f550ef47bbdedd0cd0a50f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 699fcc753eda7a507af87c7ff412197c
SHA1 167572b3d84f5a6f1f230ceaba7292a5fc14df8a
SHA256 81e759f6c474000d1c7ba06c52aefaae3e309728e23cae10e02a4504cb9dc22f
SHA512 736a26b9f336130f5919a49cae862fa5dbbf5d34a1ea2afa5440c643dd8f957e3cd8265e32ea3391651e3d9dc3c0de68b7f17876108c23e8e5708b9733322daa

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9ae243496cfb48736439c604075fe5b4
SHA1 feb724d0e006ab7d512bb41c2583f5aacb2ac067
SHA256 c0a320a606c991c79c3b7b041741f3ed6f217b971950fb9e53b491ad9ee3dea0
SHA512 4b73a052d0005c9871ca9c7acd6604f40b9ef69cc46f8c2c2cbbf30ba75638e0bda3e8cd86a7637056b1b58ede98e7be2b844b5ad0e2f6e6b6340b09670ea384

C:\Users\Admin\Downloads\windows-malware-master.7OC54znl.zip.part

MD5 9efb77a90faa8fb926430574bf4a9f42
SHA1 1311863ed0d7172cc9b869e175e2ac6c3a224b60
SHA256 1959b8b94d112c15a700fbf8e514315e7ebf7512303d902031c175931449dfdf
SHA512 d4b43d5da72a337e7c65501ba4cab033442dc506e06d1bfd3bd2ae8d5e1914b83f82d50e10441da9ea03e420baa5d291172ea08c75099d2392ead93a156af566

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\0DE9FB5C7CA5471CF31BA52F40296DC937FAB323

MD5 1264348a277e9157a342a5ed63467e3d
SHA1 bd0afb5c5ce49bbb15494f445c9caa89d3270314
SHA256 f17f5268fddd5c28987bc84a8e2de09e3dc704bd2e692286e343a0e0fcb98590
SHA512 0a9ae34f26901564774917956c17d3c229aeff91c6385a6ada251691cdc5b3db563de4b58dcc6384419ee62f11ca1084c96d3e654e9617e05e5bec18fd6d4912

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520

MD5 ddfd81a106f66a80de981edfea0bc952
SHA1 8f15ed516359c738eb0146faca232b853ca15101
SHA256 90b67b6add5a8f91796a2750cdf053c57ea46420b5fd0cd1e951abfda4068469
SHA512 229ad7a2953adf21ba395c236810cdcffb415bbcf446f5be926f5dfc1d04d30969485b5f94ecc2210f27c9ed80478fb86dc7b3cedaf46fc95f4e59a435f57ad2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\7BEC118E9178654B061CCB804B21F0586EB281AD

MD5 1398d203f1b1beb7b58dee37c895a7ff
SHA1 63ae87fc70ee7f4873ae69a31d709620e68d6148
SHA256 98476a3a1317027b3f6c45af434ee7adb9fa5c9084ef334c58d27d8dabc6a558
SHA512 795705e6752e372c3082343b5eb48889cc0c42e26be177dfbff824f08877bcb0475e070cc0418c4cdf20c6ab666b972a64908efdc3a61546ba377cfc51e4ae27

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\83034475DCD175EA116CE1FF243C16C26D56582D

MD5 e0fb26fd07f5838a7b6afc7a6bed6927
SHA1 cdd3fae43654e4ad03a5011886174207d0c40ae3
SHA256 69abd4a94ba1f0af57aad57b5db5e2a12581aeec8fd3eec7710fef3a2d5a977d
SHA512 72e82fea16872abdf10bad005f9d64c99d43c40622d88e86bfd491874f4b8cc19b55d0ae8123795b47aff25f44b76c9b4856803a9599070fa8551f5c6d819bd5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\BBD958D5D1B2696B058F510216BC1019BCACC3B2

MD5 d61ec3c206e0d47609b3565e01ea798d
SHA1 ff633857debaf34745b02d7cb665293d57799adc
SHA256 d46fc13c8c4982d27f413c6cf1ddf80e307d8a819cb274c0be5f0b1d9c7e8f53
SHA512 7873ece0189b9ba3526690cc6ce4680e96c6672cf464917d4949ab4ce091b598fc319a37693153f9875af8a6e4a9a7da8f02cafc617bbcf377c410aececa9160

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 fba93d8d029e85e0cde3759b7903cee2
SHA1 525b1aa549188f4565c75ab69e51f927204ca384
SHA256 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA512 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d42eb46f915543dad1a52b0658932739
SHA1 38122261238de7180dc804bccf1e7ce3e4ec4d93
SHA256 a3a77642e4771877ce6fed7366f60cf4e6fa2b1adcb6931b0a2afae519a5345e
SHA512 3ab9205b3d987a2d8a434129bd552be280aeec060bd1eccb96c8779708e45b2f0c1f64eb643b45e6d9e716d08f397b8273ac1d44f4517e3eda9d5fc4a3f84d7d

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9087b8eeb8d2184f1c25368d03389b3e
SHA1 09284ac47bc72c3570fc40c85208a61a5275e7f5
SHA256 43f9feb55b59c21ff41360e8bf0db5b52b20b0af2bdea4328c6eef55b94e9f44
SHA512 881ca40675f223c7d2467cff43e34ea2fbd1e80e2652abc6ce35c1e44ffd267f809f13aa32e207f39a28c84c3a5104adf72bd1286f7d51eb279c9dc274cc68e7

memory/96-4236-0x0000000002C00000-0x0000000002CAE000-memory.dmp

memory/668-4246-0x00000000768B0000-0x0000000076A72000-memory.dmp

memory/668-4243-0x0000000077230000-0x00000000773BE000-memory.dmp

memory/668-4252-0x00000000772A1000-0x00000000772B3000-memory.dmp

memory/668-4250-0x00000000772AA000-0x00000000772BB000-memory.dmp

memory/668-4248-0x00000000767B0000-0x00000000767B6000-memory.dmp

memory/668-4274-0x0000000077272000-0x0000000077284000-memory.dmp

memory/1772-4275-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

memory/5340-4282-0x0000017FD68A0000-0x0000017FD68C0000-memory.dmp

memory/5340-4287-0x0000017FD6A20000-0x0000017FD6A40000-memory.dmp

memory/4508-4329-0x0000000077230000-0x00000000773BE000-memory.dmp

memory/4508-4333-0x00000000767B0000-0x00000000767B6000-memory.dmp

memory/4508-4331-0x00000000768B0000-0x0000000076A72000-memory.dmp

memory/4508-4358-0x0000000077230000-0x00000000773BE000-memory.dmp

memory/4508-4359-0x00000000768B0000-0x0000000076A72000-memory.dmp

memory/4508-4360-0x000000007726F000-0x0000000077281000-memory.dmp

memory/4508-4361-0x0000000074D20000-0x0000000074E5C000-memory.dmp

memory/4508-4362-0x0000000076C10000-0x0000000076C26000-memory.dmp

memory/4508-4363-0x0000000074040000-0x0000000074199000-memory.dmp

memory/4508-4364-0x0000000074FA0000-0x0000000074FC1000-memory.dmp

memory/4508-4365-0x00000000742B0000-0x00000000744E8000-memory.dmp

memory/4508-4368-0x0000000076560000-0x0000000076620000-memory.dmp

memory/4508-4371-0x00000000732A0000-0x00000000732A8000-memory.dmp

memory/3872-4385-0x00000000768B0000-0x0000000076A72000-memory.dmp

memory/3872-4387-0x00000000767B0000-0x00000000767B6000-memory.dmp

memory/3872-4382-0x0000000077230000-0x00000000773BE000-memory.dmp

memory/4508-4379-0x00000000748A0000-0x00000000748F7000-memory.dmp

memory/4508-4378-0x0000000074F50000-0x0000000074F91000-memory.dmp

memory/4508-4377-0x0000000073CF0000-0x0000000073CFA000-memory.dmp

memory/4508-4376-0x0000000076B90000-0x0000000076C09000-memory.dmp

memory/4508-4375-0x0000000076770000-0x0000000076795000-memory.dmp

memory/4508-4374-0x0000000076A80000-0x0000000076AF7000-memory.dmp

memory/4508-4373-0x0000000073D00000-0x0000000073D20000-memory.dmp

memory/4508-4372-0x0000000000860000-0x0000000000871000-memory.dmp

memory/4508-4370-0x00000000744F0000-0x00000000745AD000-memory.dmp

memory/4508-4369-0x0000000076390000-0x00000000763D5000-memory.dmp

memory/4508-4367-0x0000000073C50000-0x0000000073CE3000-memory.dmp

memory/4508-4366-0x0000000073E90000-0x0000000073FA8000-memory.dmp

memory/3996-4415-0x0000000077230000-0x00000000773BE000-memory.dmp

memory/3996-4417-0x00000000768B0000-0x0000000076A72000-memory.dmp

memory/3996-4419-0x00000000767B0000-0x00000000767B6000-memory.dmp

memory/1264-4450-0x00000000768B0000-0x0000000076A72000-memory.dmp

memory/1264-4451-0x00000000767B0000-0x00000000767B6000-memory.dmp

memory/1264-4448-0x0000000077230000-0x00000000773BE000-memory.dmp

memory/1264-4479-0x0000000077230000-0x00000000773BE000-memory.dmp

memory/1264-4480-0x00000000768B0000-0x0000000076A72000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c647de5e7f13046b645152e8c4151344
SHA1 92fcdc9a2f7724bb3c9a47229a18b528484f9f31
SHA256 a656523c8af68afcc3ed5d32534d9e4dda3cfb4188d242b46468f77a4f84a552
SHA512 db3fdad4f599a9b126c4d82817e2228c97d35fa8dc80d5d846c3c8e57a52fac6b35a36fc638457cc4ecbc0627c04571019caf60b9c1d5167b33f67c4b77c53b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore.jsonlz4

MD5 cfd9733286d31aaf130a8b976a280cb3
SHA1 e172f7b934019824db45cbaf8bf457181b764f99
SHA256 5cf5a3b242282647d7a3713a86f422f5b337e208a7128a368bf2d69a76ab212d
SHA512 d1f8e992d5b60b17c8167af7d6c0c3797a5a0ec829ec1f4ab2d5a8cefaef24bb37c6425a98d85554a21f0190e379c4b24941e7d7f5e7f24596a65fa242460eea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp

MD5 2ad4fe43dc84c6adbdfd90aaba12703f
SHA1 28a6c7eff625a2da72b932aa00a63c31234f0e7f
SHA256 ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933
SHA512 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

MD5 fad818d0271b64851b5e6565be7420dc
SHA1 b111704633a83d00dba75e075cd3d31150455ec8
SHA256 36b54348a9032f631db51b3f6caf63795049949b8c778f6947dbe130013a6ddc
SHA512 17f1e01f9440a81cfc51f756f9bd3d48fcf5d221c7d1dc0a10c3af3d52b9ff6b050640decef20d69805164a0fe2b30bf3b7b480bbb73c6cbcff5d9884af28885

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 604e290878e949acbdac32af5befa8b4
SHA1 39e56d4541aeffe8fc1fb8ec47a8789a156f25c1
SHA256 411499d3f73c368d4683822d6265476d61dfbe7794c2f5f08e3da2f677d27814
SHA512 27c0c941d8a8bae367958da1a1ef7cc43a2ad99c7fbcc708712131d6578fcc15b91d5b56a4131e436e0fed1fc96f1e87f775d6662296e2746edb1e347f7b0014

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8c9b521aac88d9b3de2d9fdfe67248ed
SHA1 f2fb55a7238eea41ea1aed821f64c33ab0952116
SHA256 824a7f74e7dec38a6d72519a05c449f645927c5275e69d52dd34d0cf7f554864
SHA512 8ede27ef23cbaeb7df53472252a353543d07e123b0b71a67e067f02b8c08b5a5b8454d00877fac4106dd1430b598e2e36c38d44a976b251501b0000885bbdd99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dada7b84d38d32213001c67009c1731e
SHA1 25d978efe908c05dc3c2b398cf22a3bab9f159df
SHA256 5b314f6ca45c1745d9949a02ae6c9eec226a6eed30d75501a0bca32d2715fce3
SHA512 16e95c96f9b762ee65df0d7f8d7bb8ec39f7966d5e5dc91a0979a9b7075276bb0df1c39e961ba941a3fe70a1b7ac7661f18c5b3aba7af71162904a9a471c8678

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae27791b9ee82ce0ed48149c72b5ce3f
SHA1 94d1396c458ed7e002fcd066aa25da06cd42d7a5
SHA256 5eb1b022270e5e907d1560f13140938c4597bc1513ab36e37ccd11494d2f64d2
SHA512 5bcb53acd920796b84d375ec52214d80de01a25d527bb9821e51aaf1b0f89e1fd2be26d2b3ccdff1329f3491c6c4f7fc1011787b01061353533e7e50285a6a83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 69095f0f9eb33d4b5f7febd53b5e89be
SHA1 88505cb0dbb9dcdb5b53aa5bae8cbbca61fa3bbb
SHA256 4d91a25123650adf1a0f93cdd325289162e849101b94883950a680249cc208d2
SHA512 2c351e061464ad3eff764ca45e671fca018821ac768ad2920bedcff738ac97878db427d2ef658ca9fb7a2dcc40a27489f142d86858d3b484cdb3ba34cb782627

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 61805b09a785264caff12ea601731b7f
SHA1 1e40e77074329f7f0944f6a36c343ff38a4aca0d
SHA256 7052362a9934b7b84bb0a33a5cdbbd54ac09381ec8d16a473b01377bafda4730
SHA512 20c16c1b521610fbf76e9fd26407d85b8b7d826368752669f2c74f24b51928aef24f30829247a40e177f5a4663c495f8bd88d68fc0abd031610e91f2137d97a1