Analysis Overview
SHA256
e570807ea164132b6ed35c7a50e80799e0a6195717712d4e304de67d53711ebf
Threat Level: Known bad
The file ChromeSetup.exe was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
Xworm family
Modifies AppInit DLL entries
Modifies Installed Components in the registry
Downloads MZ/PE file
Possible privilege escalation attempt
Executes dropped EXE
Modifies file permissions
Loads dropped DLL
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
Program crash
NTFS ADS
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: LoadsDriver
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Checks processor information in registry
Modifies Internet Explorer settings
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-12 13:32
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Xworm family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-12 13:32
Reported
2024-03-12 14:03
Platform
win10-20240221-en
Max time kernel
1799s
Max time network
1728s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Downloads MZ/PE file
Modifies AppInit DLL entries
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Possible privilege escalation attempt
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ChromeSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Modifies file permissions
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\SET3A8C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SET3A8C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3887.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3888.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3889.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET3A79.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\rescache\_merged\4032412167\2900507189.pri | C:\Windows\explorer.exe | N/A |
| File created | C:\Windows\msagent\SET3883.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3883.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3884.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3886.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET389E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3889.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\fonts\SET3A7A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\help\SET3A79.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET3A7A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET3A7B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3885.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET388A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET3A7B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\rescache\_merged\2717123927\3950266016.pri | C:\Windows\explorer.exe | N/A |
| File created | C:\Windows\finalDestruction.bin | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File created | C:\Windows\msagent\SET3887.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\netrasa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3884.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET389F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET3A78.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET388B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET388C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET389F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET3A78.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3886.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET388B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\executables.bin | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\help\SET388D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3885.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3888.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET388A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET388C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET3A77.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\3877292338.pri | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\SET388D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\intl\SET389E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET3A77.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff4800000037000000ce0400009c020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1024105594" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053cc7a0eed2515479bf31208e699f77e00000000020000000000106600000001000020000000d6f1bdf842e53c33630084efcee886bdf6d86a1670a51a205fc84092ae28cda0000000000e8000000002000020000000ff529a0c145815f918ffcda5e2f6673de46c1b180e18c2afddb5548ce06ab01b2000000054fd7c76493fcd091456998873b2f1f53716aa3d7893419291672ba686bd3812400000006ade0b08effc88f2b789cb78945a391133df44a2ec033ff53e63133f70fe51b4d14860248c8df1f24a63c3d6df2ec3109bca8ba33338c26f30a205f147d3b3c4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ac123d8474da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1024105594" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68707447-E077-11EE-B1B7-CA85FA0F64D0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31093892" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000053cc7a0eed2515479bf31208e699f77e000000000200000000001066000000010000200000008f2b68ee242f09819d926527ab213342ef90ed5c183b222553965693404f1fce000000000e80000000020000200000005fdd3bb9e459cee1f24b27550568dabb29fa9983bb74a8ef186aee282169bb5d2000000079dd7c697e0d6c32e0105b30c8341bdd2c802b2e7b2037ee3c65646a725609404000000051627ae3b3f8c3e98837c910e3216cad58aedf7981c98db86815b5911baf2795710f89d678a9ef54077b83ee447edd3965075803ba629ec9e54246cb9dab56af | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60f6143d8474da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\MINIE | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31093892" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133547240290823083" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\CLSID\ = "{D45FD301-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\MiscStatus | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.lwv | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Control | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character.2\shellex | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913410-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\ = "IAgentCtlBalloonEx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCharacter" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlAudioObject" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\ = "IAgentCtlUserInput" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ProgID\ = "Agent.Server.2" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommand" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95A893C3-543A-11D0-AC45-00C04FD97575}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Programmable | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\LWVFile\ = "Microsoft Linguistically Enhanced Sound File" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ToolboxBitmap32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\VersionIndependentProgID | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "23" | C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\BonziBuddy-master.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe
"C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff991839758,0x7ff991839768,0x7ff991839778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1860 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4012 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4688 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3016 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3052 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6072 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5864 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5744 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4616 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4808 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3740 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.0.1099075557\1358909008" -parentBuildID 20221007134813 -prefsHandle 1676 -prefMapHandle 1640 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2ce7098-9f1c-4931-8945-3b1c5421e1f1} 696 "\\.\pipe\gecko-crash-server-pipe.696" 1760 2281d0b5b58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.1.845310633\134975602" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c92ecf73-ea9b-4350-a707-a1751e6a27c6} 696 "\\.\pipe\gecko-crash-server-pipe.696" 2116 2281cc40c58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.2.2057451923\1961877899" -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 3060 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efac30ba-e9b4-487e-9a54-39a1945d76ca} 696 "\\.\pipe\gecko-crash-server-pipe.696" 2832 2282129ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.3.546792716\1253515358" -childID 2 -isForBrowser -prefsHandle 1076 -prefMapHandle 2148 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f46bb734-b847-4fae-9a92-8714dd8a9285} 696 "\\.\pipe\gecko-crash-server-pipe.696" 3324 22822012458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.4.1120169609\1783134778" -childID 3 -isForBrowser -prefsHandle 4104 -prefMapHandle 4100 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3e96291-5685-422d-bc1e-20b6fb116abb} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4116 228226e3b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.5.194350028\1524679445" -childID 4 -isForBrowser -prefsHandle 4816 -prefMapHandle 4764 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c0f2df0-cb7d-4e88-a94e-253be1262655} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4776 228235e7758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.6.509338041\414630891" -childID 5 -isForBrowser -prefsHandle 4680 -prefMapHandle 4272 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72966b1c-794f-4982-9471-8446324fc843} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4996 228235e6b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="696.7.945698039\776179665" -childID 6 -isForBrowser -prefsHandle 5104 -prefMapHandle 5108 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dd2623e-6269-4592-83ce-17dcabef7abc} 696 "\\.\pipe\gecko-crash-server-pipe.696" 4844 228235e7d58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1528 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1588 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4032 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x348
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2652 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3848 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1852 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2052 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:8
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Users\Admin\Downloads\ChromeSetup.exe
"C:\Users\Admin\Downloads\ChromeSetup.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5468 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6000 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5160 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6216 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6444 --field-trial-handle=1876,i,17665383520416622706,16507167599446754024,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.0.1677577672\1119020498" -parentBuildID 20221007134813 -prefsHandle 1580 -prefMapHandle 1568 -prefsLen 20747 -prefMapSize 233527 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c7f1b0b-c97f-40bd-9ad7-0822a8113cb6} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 1564 20c51cfaa58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.1.2099204706\737008544" -parentBuildID 20221007134813 -prefsHandle 1976 -prefMapHandle 1972 -prefsLen 20792 -prefMapSize 233527 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aedece5e-049e-4f1b-a90c-439bab3d4dce} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 2000 20c46eddf58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.2.576934174\1557043190" -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 21253 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9b9125e-7a90-4014-a805-b0e466b2005d} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 2748 20c5589d158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.3.1757419053\1465612762" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26431 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e4651e8-3da7-4887-8183-e0ef6fff7c4b} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 3540 20c46e5e958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.4.1485248198\1835330830" -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3904 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04eb6981-6d77-4051-b5d7-207d1a8aa1f1} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 3928 20c57443858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.5.762378290\1532611016" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4896 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bebed5f-e0f7-4063-902c-6922072fb4b0} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4900 20c5847f758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.6.2032887917\949408092" -childID 5 -isForBrowser -prefsHandle 4860 -prefMapHandle 4844 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {343fa55e-a5d4-4adb-a6c4-3656582f7dec} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4852 20c58480058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.7.1928573094\1293284734" -childID 6 -isForBrowser -prefsHandle 4528 -prefMapHandle 5124 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86c6e247-bc3c-4c84-b947-2fb283349620} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4944 20c58480658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.8.536270691\930444354" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 5544 -prefsLen 26490 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7439e60-71a3-4458-915c-726abdf187af} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5552 20c582c1e58 tab
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.9.1986624518\870881771" -parentBuildID 20221007134813 -prefsHandle 5948 -prefMapHandle 5944 -prefsLen 26930 -prefMapSize 233527 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35ebab33-b4b0-41d8-8426-46c10c5eea7b} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5956 20c5ac72958 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.10.1937038282\1850310627" -childID 8 -isForBrowser -prefsHandle 6184 -prefMapHandle 5940 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ab2a0d1-095e-4b9e-b26d-eafd402c4192} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6196 20c5ac73558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.11.828168599\1166637770" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5092 -prefMapHandle 5056 -prefsLen 26930 -prefMapSize 233527 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c974a773-a975-406f-93ca-c3017c42e802} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4920 20c56913b58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.12.1389275702\1482006137" -childID 9 -isForBrowser -prefsHandle 6408 -prefMapHandle 6356 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9377837-9d1d-431f-95bc-39a9e4cfc44b} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6100 20c5abb3558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.13.1639246989\379144365" -childID 10 -isForBrowser -prefsHandle 5296 -prefMapHandle 4936 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67765c63-8605-46b4-9621-fd725eeed822} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5008 20c586d8058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.14.1779161168\1251417016" -childID 11 -isForBrowser -prefsHandle 4968 -prefMapHandle 4972 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a906896-2c98-4e66-9fcd-836ad84d075d} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6356 20c586d7758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.15.1974390151\818823398" -childID 12 -isForBrowser -prefsHandle 10428 -prefMapHandle 10404 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e393229-d0af-4b0e-a09b-9aa4dbfa567a} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10396 20c5ac71758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.16.1093348868\366493503" -childID 13 -isForBrowser -prefsHandle 10256 -prefMapHandle 10252 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e38b97a-9b62-4234-86d2-c4a65e45e2f5} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10264 20c5ac73b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.17.575006241\2050144842" -childID 14 -isForBrowser -prefsHandle 10060 -prefMapHandle 10056 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca595f9b-e15e-4377-aa68-a3bc1386cf40} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10068 20c5ac73258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.18.2144037064\175981929" -childID 15 -isForBrowser -prefsHandle 4980 -prefMapHandle 4964 -prefsLen 26930 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1b97488-abe6-4b5c-b230-5926598cedf8} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 6360 20c59185e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.19.878702701\1102747220" -childID 16 -isForBrowser -prefsHandle 5408 -prefMapHandle 5988 -prefsLen 26939 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa853d84-7f6c-4bd3-a5a4-65b7b8e44077} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 4924 20c586d9b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.20.548878788\1934876299" -childID 17 -isForBrowser -prefsHandle 10044 -prefMapHandle 10440 -prefsLen 26939 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19462118-13da-4adc-8e10-8908e11db6d2} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10308 20c5ac72658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.21.29134499\1322343867" -childID 18 -isForBrowser -prefsHandle 10196 -prefMapHandle 5660 -prefsLen 26939 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85670e18-a1c5-4dec-ba37-14ca8f42a671} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 10436 20c5b466358 tab
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-master.zip\BonziBuddy-master\.github\bbabilities2.gif
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4308 CREDAT:82945 /prefetch:2
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_BonziBuddy-master.zip\BonziBuddy-master\gatsby-node.js"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.22.908105103\1763492025" -childID 19 -isForBrowser -prefsHandle 5084 -prefMapHandle 2324 -prefsLen 26979 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {339eadd2-65cb-4243-b635-f3e5af339f4c} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 2648 20c5a287458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.23.405433703\1864608723" -childID 20 -isForBrowser -prefsHandle 5232 -prefMapHandle 2648 -prefsLen 26979 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe8ce077-f6f0-4907-bf23-24fbb4bddb84} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5348 20c5ac71d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.24.1844759870\1046835858" -childID 21 -isForBrowser -prefsHandle 4824 -prefMapHandle 5556 -prefsLen 26979 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35627696-ec09-4e69-a07d-7077ad616ce1} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 5700 20c5328d258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5508.25.932439139\1431688177" -childID 22 -isForBrowser -prefsHandle 10360 -prefMapHandle 5216 -prefsLen 26988 -prefMapSize 233527 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f184417-659f-4fa8-8c42-4879f6ce8295} 5508 "\\.\pipe\gecko-crash-server-pipe.5508" 9876 20c5ac16258 tab
C:\Users\Admin\Downloads\Bonzify.exe
"C:\Users\Admin\Downloads\Bonzify.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.15063.0_none_6fc3bae99f1dce71\WpcTok.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.15063.0_none_6fc3bae99f1dce71\WpcTok.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-f..ysafety-refreshtask_31bf3856ad364e35_10.0.15063.0_none_6fc3bae99f1dce71\WpcTok.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSSVC.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSSVC.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSSVC.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSUNATD.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSUNATD.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fax-service_31bf3856ad364e35_10.0.15063.0_none_be3772f6b91825d9\FXSUNATD.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.15063.0_none_7a7f08f436397aad\FileExplorer.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.15063.0_none_7a7f08f436397aad\FileExplorer.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fileexplorer.appxmain_31bf3856ad364e35_10.0.15063.0_none_7a7f08f436397aad\FileExplorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core_31bf3856ad364e35_10.0.15063.0_none_c6209afdaf9f22bc\fhmanagew.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core_31bf3856ad364e35_10.0.15063.0_none_c6209afdaf9f22bc\fhmanagew.exe"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-core_31bf3856ad364e35_10.0.15063.0_none_c6209afdaf9f22bc\fhmanagew.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\FileHistory.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\FileHistory.exe"
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-filehistory-ui_31bf3856ad364e35_10.0.15063.0_none_5f465bd4c3d3daff\FileHistory.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.15063.0_none_d38595d50ceb30bc\FilePicker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.15063.0_none_d38595d50ceb30bc\FilePicker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-filepicker.appxmain_31bf3856ad364e35_10.0.15063.0_none_d38595d50ceb30bc\FilePicker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.15063.0_none_2aa18c3b5e266749\fltMC.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.15063.0_none_2aa18c3b5e266749\fltMC.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.15063.0_none_2aa18c3b5e266749\fltMC.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-findstr_31bf3856ad364e35_10.0.15063.0_none_3843649b928360ec\findstr.exe"
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-findstr_31bf3856ad364e35_10.0.15063.0_none_3843649b928360ec\findstr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-findstr_31bf3856ad364e35_10.0.15063.0_none_3843649b928360ec\findstr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fodhelper-ux_31bf3856ad364e35_10.0.15063.0_none_4403434aa91e2007\fodhelper.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fodhelper-ux_31bf3856ad364e35_10.0.15063.0_none_4403434aa91e2007\fodhelper.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fodhelper-ux_31bf3856ad364e35_10.0.15063.0_none_4403434aa91e2007\fodhelper.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fontview_31bf3856ad364e35_10.0.15063.0_none_5577e678ef45bf6c\fontview.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fontview_31bf3856ad364e35_10.0.15063.0_none_5577e678ef45bf6c\fontview.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fontview_31bf3856ad364e35_10.0.15063.0_none_5577e678ef45bf6c\fontview.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.15063.0_none_663748d9165783b2\forfiles.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.15063.0_none_663748d9165783b2\forfiles.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.15063.0_none_663748d9165783b2\forfiles.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fsavailux_31bf3856ad364e35_10.0.15063.0_none_bbdc5c1c56a0a003\fsavailux.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fsavailux_31bf3856ad364e35_10.0.15063.0_none_bbdc5c1c56a0a003\fsavailux.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fsavailux_31bf3856ad364e35_10.0.15063.0_none_bbdc5c1c56a0a003\fsavailux.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.15063.0_none_dd77edb228bb5599\fsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.15063.0_none_dd77edb228bb5599\fsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.15063.0_none_dd77edb228bb5599\fsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ftp_31bf3856ad364e35_10.0.15063.0_none_bdff37299158b71e\ftp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ftp_31bf3856ad364e35_10.0.15063.0_none_bdff37299158b71e\ftp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ftp_31bf3856ad364e35_10.0.15063.0_none_bdff37299158b71e\ftp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\LocationNotificationWindows.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\LocationNotificationWindows.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\LocationNotificationWindows.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\WindowsActionDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\WindowsActionDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-g..ation-wincomponents_31bf3856ad364e35_10.0.15063.0_none_acda54383114f33b\WindowsActionDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpresult.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpresult.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpresult.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpupdate.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpupdate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.15063.0_none_4c7cd83914c2f8e9\gpupdate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.15063.0_none_bae6f1b1935516b4\fontdrvhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.15063.0_none_bae6f1b1935516b4\fontdrvhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-gdi_31bf3856ad364e35_10.0.15063.0_none_bae6f1b1935516b4\fontdrvhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-getmac_31bf3856ad364e35_10.0.15063.0_none_1d126ff3dac9cbd1\getmac.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-getmac_31bf3856ad364e35_10.0.15063.0_none_1d126ff3dac9cbd1\getmac.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-getmac_31bf3856ad364e35_10.0.15063.0_none_1d126ff3dac9cbd1\getmac.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.15063.0_none_49a4f8dbda83d75d\powershell_ise.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.15063.0_none_49a4f8dbda83d75d\powershell_ise.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.15063.0_none_49a4f8dbda83d75d\powershell_ise.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.15063.0_none_762b11bba87afc55\gpscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.15063.0_none_762b11bba87afc55\gpscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.15063.0_none_762b11bba87afc55\gpscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.15063.0_none_b39bfe17767c9267\grpconv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.15063.0_none_b39bfe17767c9267\grpconv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.15063.0_none_b39bfe17767c9267\grpconv.exe" /grant "everyone":(f)
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-h..icfirstrun.appxmain_31bf3856ad364e35_10.0.15063.0_none_83dc6003e01c7937\MixedRealityPortal.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-h..icfirstrun.appxmain_31bf3856ad364e35_10.0.15063.0_none_83dc6003e01c7937\MixedRealityPortal.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-h..icfirstrun.appxmain_31bf3856ad364e35_10.0.15063.0_none_83dc6003e01c7937\MixedRealityPortal.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-help-client_31bf3856ad364e35_10.0.15063.0_none_7d2c695b66e56a55\HelpPane.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-help-client_31bf3856ad364e35_10.0.15063.0_none_7d2c695b66e56a55\HelpPane.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-help-client_31bf3856ad364e35_10.0.15063.0_none_7d2c695b66e56a55\HelpPane.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-holoshell.appxmain_31bf3856ad364e35_10.0.15063.0_none_34ae4307b90cabc4\HoloShellApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-holoshell.appxmain_31bf3856ad364e35_10.0.15063.0_none_34ae4307b90cabc4\HoloShellApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-holoshell.appxmain_31bf3856ad364e35_10.0.15063.0_none_34ae4307b90cabc4\HoloShellApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.15063.0_none_d969cfebbd8b347c\hh.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.15063.0_none_d969cfebbd8b347c\hh.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.15063.0_none_d969cfebbd8b347c\hh.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-csp_31bf3856ad364e35_10.0.15063.0_none_f923819944a6f585\hvsievaluator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-csp_31bf3856ad364e35_10.0.15063.0_none_f923819944a6f585\hvsievaluator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-csp_31bf3856ad364e35_10.0.15063.0_none_f923819944a6f585\hvsievaluator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.15063.0_none_11c96e64248ffa9d\vfpctrl.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.15063.0_none_11c96e64248ffa9d\vfpctrl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.15063.0_none_11c96e64248ffa9d\vfpctrl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_10.0.15063.0_none_35b3a50d81f066f6\ImagingDevices.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_10.0.15063.0_none_35b3a50d81f066f6\ImagingDevices.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..devicescontrolpanel_31bf3856ad364e35_10.0.15063.0_none_35b3a50d81f066f6\ImagingDevices.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.15063.0_none_ddbbb06b516e5f13\iexplore.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.15063.0_none_ddbbb06b516e5f13\iexplore.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.15063.0_none_ddbbb06b516e5f13\iexplore.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.15063.0_none_eb8784774de6a9ad\iscsicli.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.15063.0_none_eb8784774de6a9ad\iscsicli.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.15063.0_none_eb8784774de6a9ad\iscsicli.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.15063.0_none_2bd1e3a1cfd67be0\SystemSettings.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.15063.0_none_2bd1e3a1cfd67be0\SystemSettings.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.15063.0_none_2bd1e3a1cfd67be0\SystemSettings.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCLNWZ.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCLNWZ.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCLNWZ.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCPROP.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCPROP.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.15063.0_none_6a97d6c639c6c673\IMTCPROP.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.15063.0_none_43c87849dec8eac3\icacls.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.15063.0_none_43c87849dec8eac3\icacls.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-icacls_31bf3856ad364e35_10.0.15063.0_none_43c87849dec8eac3\icacls.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.15063.0_none_2c028519c752071f\dccw.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.15063.0_none_2c028519c752071f\dccw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.15063.0_none_2c028519c752071f\dccw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.15063.0_none_4b6c90a3d99e2006\colorcpl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.15063.0_none_4b6c90a3d99e2006\colorcpl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.15063.0_none_4b6c90a3d99e2006\colorcpl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12chooser_31bf3856ad364e35_11.0.15063.0_none_e1d96673d71865a4\F12Chooser.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12chooser_31bf3856ad364e35_11.0.15063.0_none_e1d96673d71865a4\F12Chooser.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-f12chooser_31bf3856ad364e35_11.0.15063.0_none_e1d96673d71865a4\F12Chooser.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.15063.0_none_4153431b7e6a9b04\msfeedssync.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.15063.0_none_4153431b7e6a9b04\msfeedssync.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-feedsbs_31bf3856ad364e35_11.0.15063.0_none_4153431b7e6a9b04\msfeedssync.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.15063.0_none_9e5f4352ad06261f\mshta.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.15063.0_none_9e5f4352ad06261f\mshta.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.15063.0_none_9e5f4352ad06261f\mshta.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.0.15063.0_none_5be5810e34f9fd65\iediagcmd.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.0.15063.0_none_5be5810e34f9fd65\iediagcmd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.0.15063.0_none_5be5810e34f9fd65\iediagcmd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.15063.0_none_4b7b603814e3516a\ielowutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.15063.0_none_4b7b603814e3516a\ielowutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_11.0.15063.0_none_4b7b603814e3516a\ielowutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\iexpress.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\iexpress.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\iexpress.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\wextract.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\wextract.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_11.0.15063.0_none_a98130f2e25a891f\wextract.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.0.15063.0_none_730314b2672e2d8d\ExtExport.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.0.15063.0_none_730314b2672e2d8d\ExtExport.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_11.0.15063.0_none_730314b2672e2d8d\ExtExport.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.15063.0_none_7467541abda71808\ieUnatt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.15063.0_none_7467541abda71808\ieUnatt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.15063.0_none_7467541abda71808\ieUnatt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-serviceworkerhost_31bf3856ad364e35_10.0.15063.0_none_f85cac2e43af7bfe\ServiceWorkerHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-serviceworkerhost_31bf3856ad364e35_10.0.15063.0_none_f85cac2e43af7bfe\ServiceWorkerHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-serviceworkerhost_31bf3856ad364e35_10.0.15063.0_none_f85cac2e43af7bfe\ServiceWorkerHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.15063.0_none_0ad609360221e0ad\ie4uinit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.15063.0_none_0ad609360221e0ad\ie4uinit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.0.15063.0_none_0ad609360221e0ad\ie4uinit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.0.15063.0_none_2da12d30354af4c0\ieinstal.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.0.15063.0_none_2da12d30354af4c0\ieinstal.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_11.0.15063.0_none_2da12d30354af4c0\ieinstal.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.15063.0_none_6b7bc361308b8a86\WMSvc.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.15063.0_none_6b7bc361308b8a86\WMSvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-adminservice_31bf3856ad364e35_10.0.15063.0_none_6b7bc361308b8a86\WMSvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.15063.0_none_9234ad40ead4b732\InetMgr6.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.15063.0_none_9234ad40ead4b732\InetMgr6.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.15063.0_none_9234ad40ead4b732\InetMgr6.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.15063.0_none_98e77699f3e6352a\InetMgr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.15063.0_none_98e77699f3e6352a\InetMgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_10.0.15063.0_none_98e77699f3e6352a\InetMgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.15063.0_none_4a45d10e5ac1db0e\inetinfo.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.15063.0_none_4a45d10e5ac1db0e\inetinfo.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-metabase_31bf3856ad364e35_10.0.15063.0_none_4a45d10e5ac1db0e\inetinfo.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\appcmd.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\appcmd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\appcmd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\aspnetca.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\aspnetca.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\aspnetca.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisreset.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisreset.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisreset.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisrstas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisrstas.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iisrstas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iissetup.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iissetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.15063.0_none_21fd4bfdeda110b4\iissetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.15063.0_none_e72dde21b301025d\IMCCPHR.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.15063.0_none_e72dde21b301025d\IMCCPHR.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.15063.0_none_e72dde21b301025d\IMCCPHR.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.15063.0_none_7da85cf8d4de2361\InfDefaultInstall.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.15063.0_none_7da85cf8d4de2361\InfDefaultInstall.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.15063.0_none_7da85cf8d4de2361\InfDefaultInstall.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.15063.0_none_5a954e05bee89c0d\msiexec.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.15063.0_none_5a954e05bee89c0d\msiexec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.15063.0_none_5a954e05bee89c0d\msiexec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.15063.0_none_d12d9b8e26686bfa\MuiUnattend.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.15063.0_none_d12d9b8e26686bfa\MuiUnattend.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.15063.0_none_d12d9b8e26686bfa\MuiUnattend.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.15063.0_none_5d4dca3950bd5bb9\ipconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.15063.0_none_5d4dca3950bd5bb9\ipconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.15063.0_none_5d4dca3950bd5bb9\ipconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-irftp_31bf3856ad364e35_10.0.15063.0_none_67ce1a25b7105221\irftp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-irftp_31bf3856ad364e35_10.0.15063.0_none_67ce1a25b7105221\irftp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-irftp_31bf3856ad364e35_10.0.15063.0_none_67ce1a25b7105221\irftp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.15063.0_none_e8ff03ea94e0988c\iscsicpl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.15063.0_none_e8ff03ea94e0988c\iscsicpl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.15063.0_none_e8ff03ea94e0988c\iscsicpl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-isoburn_31bf3856ad364e35_10.0.15063.0_none_f7468058d209fb04\isoburn.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-isoburn_31bf3856ad364e35_10.0.15063.0_none_f7468058d209fb04\isoburn.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-isoburn_31bf3856ad364e35_10.0.15063.0_none_f7468058d209fb04\isoburn.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.15063.0_none_999dd15739f791d8\ktmutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.15063.0_none_999dd15739f791d8\ktmutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.15063.0_none_999dd15739f791d8\ktmutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-l..nstaller-comhandler_31bf3856ad364e35_10.0.15063.0_none_3259fa94c3558942\LanguageComponentsInstallerComHandler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-l..nstaller-comhandler_31bf3856ad364e35_10.0.15063.0_none_3259fa94c3558942\LanguageComponentsInstallerComHandler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-l..nstaller-comhandler_31bf3856ad364e35_10.0.15063.0_none_3259fa94c3558942\LanguageComponentsInstallerComHandler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-label_31bf3856ad364e35_10.0.15063.0_none_6842e50103173914\label.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-label_31bf3856ad364e35_10.0.15063.0_none_6842e50103173914\label.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-label_31bf3856ad364e35_10.0.15063.0_none_6842e50103173914\label.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ldifde_31bf3856ad364e35_10.0.15063.0_none_31fb19fd41a13522\ldifde.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ldifde_31bf3856ad364e35_10.0.15063.0_none_31fb19fd41a13522\ldifde.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ldifde_31bf3856ad364e35_10.0.15063.0_none_31fb19fd41a13522\ldifde.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.15063.0_none_f387fb9c810fa2b6\hdwwiz.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.15063.0_none_f387fb9c810fa2b6\hdwwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.15063.0_none_f387fb9c810fa2b6\hdwwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.15063.0_none_f883ebc20cc094ca\LockApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.15063.0_none_f883ebc20cc094ca\LockApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.15063.0_none_f883ebc20cc094ca\LockApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lockapphost_31bf3856ad364e35_10.0.15063.0_none_0cba64789bfd5c16\LockAppHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lockapphost_31bf3856ad364e35_10.0.15063.0_none_0cba64789bfd5c16\LockAppHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lockapphost_31bf3856ad364e35_10.0.15063.0_none_0cba64789bfd5c16\LockAppHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lpkinstall_31bf3856ad364e35_10.0.15063.0_none_1a46de6983dae7b8\lpkinstall.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lpkinstall_31bf3856ad364e35_10.0.15063.0_none_1a46de6983dae7b8\lpkinstall.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lpkinstall_31bf3856ad364e35_10.0.15063.0_none_1a46de6983dae7b8\lpkinstall.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpksetup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpksetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpksetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpremove.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpremove.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.15063.0_none_326d3a42a5473084\lpremove.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.15063.0_none_4e7f7ad6cb1d2087\lsass.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.15063.0_none_4e7f7ad6cb1d2087\lsass.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.15063.0_none_4e7f7ad6cb1d2087\lsass.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lua_31bf3856ad364e35_10.0.15063.0_none_b75e366b959a24e0\consent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lua_31bf3856ad364e35_10.0.15063.0_none_b75e366b959a24e0\consent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lua_31bf3856ad364e35_10.0.15063.0_none_b75e366b959a24e0\consent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.15063.0_none_50af37c8f560d163\bash.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.15063.0_none_50af37c8f560d163\bash.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-bash_31bf3856ad364e35_10.0.15063.0_none_50af37c8f560d163\bash.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-installer_31bf3856ad364e35_10.0.15063.0_none_1525b04a87b3edd7\LxRun.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-installer_31bf3856ad364e35_10.0.15063.0_none_1525b04a87b3edd7\LxRun.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-lxss-installer_31bf3856ad364e35_10.0.15063.0_none_1525b04a87b3edd7\LxRun.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_10.0.15063.0_none_39fa0c051f7a048c\MdRes.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_10.0.15063.0_none_39fa0c051f7a048c\MdRes.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_10.0.15063.0_none_39fa0c051f7a048c\MdRes.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.15063.0_none_20872449ae70f822\mmc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.15063.0_none_20872449ae70f822\mmc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.15063.0_none_20872449ae70f822\mmc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.15063.0_none_5563c0977685c595\odbcad32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.15063.0_none_5563c0977685c595\odbcad32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.15063.0_none_5563c0977685c595\odbcad32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.15063.0_none_813120118f809dfc\cliconfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.15063.0_none_813120118f809dfc\cliconfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.15063.0_none_813120118f809dfc\cliconfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.15063.0_none_8fe2a8c1a908d138\EASPolicyManagerBrokerHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.15063.0_none_8fe2a8c1a908d138\EASPolicyManagerBrokerHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.15063.0_none_8fe2a8c1a908d138\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.15063.0_none_a4ea7575b2863db1\MdSched.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.15063.0_none_a4ea7575b2863db1\MdSched.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.15063.0_none_a4ea7575b2863db1\MdSched.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.15063.0_none_db2639cea4666169\MbaeParserTask.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.15063.0_none_db2639cea4666169\MbaeParserTask.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.15063.0_none_db2639cea4666169\MbaeParserTask.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqbkup.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqbkup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqbkup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqsvc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.15063.0_none_f41da0f520fcf339\mqsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ge-capture-pipeline_31bf3856ad364e35_10.0.15063.0_none_f7874c61413dfbcd\MixedRealityCapture.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ge-capture-pipeline_31bf3856ad364e35_10.0.15063.0_none_f7874c61413dfbcd\MixedRealityCapture.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ge-capture-pipeline_31bf3856ad364e35_10.0.15063.0_none_f7874c61413dfbcd\MixedRealityCapture.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.15063.0_none_6badce134411d35c\mblctr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.15063.0_none_6badce134411d35c\mblctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.15063.0_none_6badce134411d35c\mblctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.15063.0_none_c6d59a10fd695c44\FsIso.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.15063.0_none_c6d59a10fd695c44\FsIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.15063.0_none_c6d59a10fd695c44\FsIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.15063.0_none_0d07ce77359b6878\SecureAssessmentBrowser.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.15063.0_none_0d07ce77359b6878\SecureAssessmentBrowser.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.15063.0_none_0d07ce77359b6878\SecureAssessmentBrowser.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.15063.0_none_b49bde28ded2f8e1\ucsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.15063.0_none_b49bde28ded2f8e1\ucsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.15063.0_none_b49bde28ded2f8e1\ucsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\doskey.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\doskey.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\doskey.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\find.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\find.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\find.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\print.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\print.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\print.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\replace.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\replace.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\replace.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\subst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\subst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.15063.0_none_8e30c6e0a0234de3\subst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.15063.0_none_1eafad097b3c26e6\ModalSharePickerHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.15063.0_none_1eafad097b3c26e6\ModalSharePickerHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.15063.0_none_1eafad097b3c26e6\ModalSharePickerHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.15063.0_none_d1b1ac6aac061a18\wmprph.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.15063.0_none_d1b1ac6aac061a18\wmprph.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.15063.0_none_d1b1ac6aac061a18\wmprph.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.15063.0_none_7e3b33e33c38d6d7\PresentationSettings.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.15063.0_none_7e3b33e33c38d6d7\PresentationSettings.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.15063.0_none_7e3b33e33c38d6d7\PresentationSettings.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.15063.0_none_1e8ab3b62aebef6a\odbcconf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.15063.0_none_1e8ab3b62aebef6a\odbcconf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.15063.0_none_1e8ab3b62aebef6a\odbcconf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.15063.0_none_7f41b0a5d17e992b\Magnify.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.15063.0_none_7f41b0a5d17e992b\Magnify.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.15063.0_none_7f41b0a5d17e992b\Magnify.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mail-app_31bf3856ad364e35_10.0.15063.0_none_026c06c18883ec63\WinMail.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mail-app_31bf3856ad364e35_10.0.15063.0_none_026c06c18883ec63\WinMail.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mail-app_31bf3856ad364e35_10.0.15063.0_none_026c06c18883ec63\WinMail.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.15063.0_none_01e35b1fa20d9246\makecab.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.15063.0_none_01e35b1fa20d9246\makecab.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.15063.0_none_01e35b1fa20d9246\makecab.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.15063.0_none_e75e9f9d0b5ad3c2\mmgaserver.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.15063.0_none_e75e9f9d0b5ad3c2\mmgaserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.15063.0_none_e75e9f9d0b5ad3c2\mmgaserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.15063.0_none_bc611a88528e688d\fixmapi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.15063.0_none_bc611a88528e688d\fixmapi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.15063.0_none_bc611a88528e688d\fixmapi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.15063.0_none_5610865856ee34af\MDMAgent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.15063.0_none_5610865856ee34af\MDMAgent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.15063.0_none_5610865856ee34af\MDMAgent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.15063.0_none_aac266c5d4de38a1\MDMAppInstaller.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.15063.0_none_aac266c5d4de38a1\MDMAppInstaller.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.15063.0_none_aac266c5d4de38a1\MDMAppInstaller.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.15063.0_none_ad730875459063eb\mfpmp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.15063.0_none_ad730875459063eb\mfpmp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.15063.0_none_ad730875459063eb\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.15063.0_none_2c0e89d778c97945\wmlaunch.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.15063.0_none_2c0e89d778c97945\wmlaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.15063.0_none_2c0e89d778c97945\wmlaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpconfig.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmplayer.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.15063.0_none_1c7d9c5887e872fd\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.15063.0_none_fc546570fad79187\logagent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.15063.0_none_fc546570fad79187\logagent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.15063.0_none_fc546570fad79187\logagent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\setup_wm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\setup_wm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\setup_wm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\unregmp2.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\unregmp2.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.15063.0_none_bf07a2bb0f599355\unregmp2.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdge.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdge.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdge.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdgeCP.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdgeCP.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.15063.0_none_224b97ad28ee338b\MicrosoftEdgeCP.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.15063.0_none_69bbb0ec140eb63c\mighost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.15063.0_none_69bbb0ec140eb63c\mighost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.15063.0_none_69bbb0ec140eb63c\mighost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-miracastview.appxmain_31bf3856ad364e35_10.0.15063.0_none_3d8834d7dbd2a689\MiracastView.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-miracastview.appxmain_31bf3856ad364e35_10.0.15063.0_none_3d8834d7dbd2a689\MiracastView.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-miracastview.appxmain_31bf3856ad364e35_10.0.15063.0_none_3d8834d7dbd2a689\MiracastView.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.15063.0_none_0064b2c78d23d765\mobsync.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.15063.0_none_0064b2c78d23d765\mobsync.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.15063.0_none_0064b2c78d23d765\mobsync.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.15063.0_none_c36d52a68a42056a\mountvol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.15063.0_none_c36d52a68a42056a\mountvol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.15063.0_none_c36d52a68a42056a\mountvol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.15063.0_none_2898eaeff590ab5c\auditpol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.15063.0_none_2898eaeff590ab5c\auditpol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.15063.0_none_2898eaeff590ab5c\auditpol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.15063.0_none_f0b22df7eb3a6b30\MSchedExe.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.15063.0_none_f0b22df7eb3a6b30\MSchedExe.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.15063.0_none_f0b22df7eb3a6b30\MSchedExe.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.15063.0_none_eb8e17bcd68ec9f9\msconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.15063.0_none_eb8e17bcd68ec9f9\msconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.15063.0_none_eb8e17bcd68ec9f9\msconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.15063.0_none_b6963b2c565532e6\msdt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.15063.0_none_b6963b2c565532e6\msdt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.15063.0_none_b6963b2c565532e6\msdt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.15063.0_none_9758d85423af97b8\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.15063.0_none_9758d85423af97b8\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.15063.0_none_9758d85423af97b8\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.15063.0_none_bcf04010327d02a0\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.15063.0_none_bcf04010327d02a0\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.15063.0_none_bcf04010327d02a0\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.15063.0_none_393a5d12f5d3e91a\mqtgsvc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.15063.0_none_393a5d12f5d3e91a\mqtgsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.15063.0_none_393a5d12f5d3e91a\mqtgsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.15063.0_none_9f315fde27607282\mspaint.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.15063.0_none_9f315fde27607282\mspaint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.15063.0_none_9f315fde27607282\mspaint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.15063.0_none_2b207574eda70e50\mcbuilder.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.15063.0_none_2b207574eda70e50\mcbuilder.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.15063.0_none_2b207574eda70e50\mcbuilder.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.15063.0_none_9f98741fe88ed514\BackgroundTransferHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.15063.0_none_9f98741fe88ed514\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.15063.0_none_9f98741fe88ed514\BackgroundTransferHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.15063.0_none_f5a9a21d2c7306c6\NetEvtFwdr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.15063.0_none_f5a9a21d2c7306c6\NetEvtFwdr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.15063.0_none_f5a9a21d2c7306c6\NetEvtFwdr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.15063.0_none_8136139ab73880ae\NetCfgNotifyObjectHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.15063.0_none_8136139ab73880ae\NetCfgNotifyObjectHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.15063.0_none_8136139ab73880ae\NetCfgNotifyObjectHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.15063.0_none_cf31b229dc87b1a1\Narrator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.15063.0_none_cf31b229dc87b1a1\Narrator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.15063.0_none_cf31b229dc87b1a1\Narrator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.15063.0_none_af245dab572dabc2\nbtstat.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.15063.0_none_af245dab572dabc2\nbtstat.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.15063.0_none_af245dab572dabc2\nbtstat.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_63462ab9ab45c943\net.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_63462ab9ab45c943\net.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_63462ab9ab45c943\net.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_97efccaa8d61e3b6\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_97efccaa8d61e3b6\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.15063.0_none_97efccaa8d61e3b6\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.15063.0_none_7178a19b3012e0cd\netbtugc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.15063.0_none_7178a19b3012e0cd\netbtugc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.15063.0_none_7178a19b3012e0cd\netbtugc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.15063.0_none_2142b4f18a48407d\netcfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.15063.0_none_2142b4f18a48407d\netcfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.15063.0_none_2142b4f18a48407d\netcfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.15063.0_none_fe6a8dff4930a284\Netplwiz.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.15063.0_none_fe6a8dff4930a284\Netplwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.15063.0_none_fe6a8dff4930a284\Netplwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.15063.0_none_70b4cf7730a78bba\netsh.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.15063.0_none_70b4cf7730a78bba\netsh.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.15063.0_none_70b4cf7730a78bba\netsh.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.15063.0_none_18fdca143ee4528f\bridgeunattend.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.15063.0_none_18fdca143ee4528f\bridgeunattend.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.15063.0_none_18fdca143ee4528f\bridgeunattend.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.15063.0_none_2e97707bc6105930\LegacyNetUXHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.15063.0_none_2e97707bc6105930\LegacyNetUXHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.15063.0_none_2e97707bc6105930\LegacyNetUXHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\ndadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\ndadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\ndadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\newdev.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\newdev.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.15063.0_none_228a248d8977d11b\newdev.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\nfsadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\nfsadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\nfsadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\rpcinfo.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\rpcinfo.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\rpcinfo.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\showmount.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\showmount.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.15063.0_none_c5c1f5efcbd6de1e\showmount.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\mount.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\mount.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\mount.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\umount.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\umount.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.15063.0_none_62773c5c2940e6fe\umount.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.15063.0_none_bdf655ee7b62cf8c\nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.15063.0_none_bdf655ee7b62cf8c\nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.15063.0_none_bdf655ee7b62cf8c\nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_10.0.15063.0_none_53dda61833dbc731\notepad.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_10.0.15063.0_none_53dda61833dbc731\notepad.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-notepadwin_31bf3856ad364e35_10.0.15063.0_none_53dda61833dbc731\notepad.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.15063.0_none_802e66b4a8ce74db\notepad.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.15063.0_none_802e66b4a8ce74db\notepad.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.15063.0_none_802e66b4a8ce74db\notepad.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.15063.0_none_dc944d299f4147ed\nslookup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.15063.0_none_dc944d299f4147ed\nslookup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.15063.0_none_dc944d299f4147ed\nslookup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.15063.0_none_3e098bc8ad9cca4d\OOBENetworkConnectionFlow.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.15063.0_none_3e098bc8ad9cca4d\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.15063.0_none_3e098bc8ad9cca4d\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.15063.0_none_5ac8e66dc4f41fb7\Fondue.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.15063.0_none_5ac8e66dc4f41fb7\Fondue.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.15063.0_none_5ac8e66dc4f41fb7\Fondue.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.15063.0_none_bb5aba0e13c80b21\dasHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.15063.0_none_bb5aba0e13c80b21\dasHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.15063.0_none_bb5aba0e13c80b21\dasHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.15063.0_none_5352ed23f360146f\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.15063.0_none_5352ed23f360146f\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.15063.0_none_5352ed23f360146f\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.15063.0_none_ce7f342a6c769cf7\ofdeploy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.15063.0_none_ce7f342a6c769cf7\ofdeploy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.15063.0_none_ce7f342a6c769cf7\ofdeploy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.15063.0_none_dc62da3fc66fefa8\FirstLogonAnim.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.15063.0_none_dc62da3fc66fefa8\FirstLogonAnim.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.15063.0_none_dc62da3fc66fefa8\FirstLogonAnim.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.15063.0_none_1e92236e3c0062a9\msoobe.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.15063.0_none_1e92236e3c0062a9\msoobe.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.15063.0_none_1e92236e3c0062a9\msoobe.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.15063.0_none_94fac2eb5f00ca4b\UserOOBEBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.15063.0_none_94fac2eb5f00ca4b\UserOOBEBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.15063.0_none_94fac2eb5f00ca4b\UserOOBEBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.15063.0_none_f83a403a2332e36b\openfiles.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.15063.0_none_f83a403a2332e36b\openfiles.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.15063.0_none_f83a403a2332e36b\openfiles.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.15063.0_none_7e34a7e5ab829f02\OpenWith.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.15063.0_none_7e34a7e5ab829f02\OpenWith.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.15063.0_none_7e34a7e5ab829f02\OpenWith.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.15063.0_none_777ad383267da96b\OptionalFeatures.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.15063.0_none_777ad383267da96b\OptionalFeatures.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.15063.0_none_777ad383267da96b\OptionalFeatures.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.15063.0_none_f310177e01b1811e\tcmsetup.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.15063.0_none_f310177e01b1811e\tcmsetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.15063.0_none_f310177e01b1811e\tcmsetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.15063.0_none_7d443ad9ecf1cbd0\ntoskrnl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.15063.0_none_7d443ad9ecf1cbd0\ntoskrnl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.15063.0_none_7d443ad9ecf1cbd0\ntoskrnl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.15063.0_none_bbd0aca592bd6ae9\osk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.15063.0_none_bbd0aca592bd6ae9\osk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.15063.0_none_bbd0aca592bd6ae9\osk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.15063.0_none_5206261f1378192b\desktopimgdownldr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.15063.0_none_5206261f1378192b\desktopimgdownldr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.15063.0_none_5206261f1378192b\desktopimgdownldr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.15063.0_none_b481f63064666ea7\WpcUapApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.15063.0_none_b481f63064666ea7\WpcUapApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.15063.0_none_b481f63064666ea7\WpcUapApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.15063.0_none_0853c4529bd43688\pwlauncher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.15063.0_none_0853c4529bd43688\pwlauncher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.15063.0_none_0853c4529bd43688\pwlauncher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.15063.0_none_e76818d92ebb0454\printui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.15063.0_none_e76818d92ebb0454\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.15063.0_none_e76818d92ebb0454\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ionsimulationdevice_31bf3856ad364e35_10.0.15063.0_none_8c91bbc89bdb0560\PerceptionSimulationDevice.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ionsimulationdevice_31bf3856ad364e35_10.0.15063.0_none_8c91bbc89bdb0560\PerceptionSimulationDevice.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ionsimulationdevice_31bf3856ad364e35_10.0.15063.0_none_8c91bbc89bdb0560\PerceptionSimulationDevice.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\diskperf.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\diskperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\diskperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\logman.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\logman.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\logman.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\relog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\relog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\relog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\tracerpt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\tracerpt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\tracerpt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\typeperf.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\typeperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.15063.0_none_7237540a37a3d7c0\typeperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.15063.0_none_1a6f9170b98dddd0\powercfg.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.15063.0_none_1a6f9170b98dddd0\powercfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.15063.0_none_1a6f9170b98dddd0\powercfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.15063.0_none_adc2ec279770e76a\PrintIsolationHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.15063.0_none_adc2ec279770e76a\PrintIsolationHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.15063.0_none_adc2ec279770e76a\PrintIsolationHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.15063.0_none_5c0336e176732c9f\WpcMon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.15063.0_none_5c0336e176732c9f\WpcMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.15063.0_none_5c0336e176732c9f\WpcMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.15063.0_none_3cc172c3143596cf\printfilterpipelinesvc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.15063.0_none_3cc172c3143596cf\printfilterpipelinesvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.15063.0_none_3cc172c3143596cf\printfilterpipelinesvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.15063.0_none_01175375b63af00c\ntprint.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.15063.0_none_01175375b63af00c\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.15063.0_none_01175375b63af00c\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.15063.0_none_c4f067d86940c645\plasrv.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.15063.0_none_c4f067d86940c645\plasrv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.15063.0_none_c4f067d86940c645\plasrv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.15063.0_none_9be63ee70131f3aa\wpnpinst.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.15063.0_none_9be63ee70131f3aa\wpnpinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.15063.0_none_9be63ee70131f3aa\wpnpinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..spaces-creator-tool_31bf3856ad364e35_10.0.15063.0_none_806743e6508512ad\pwcreator.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..spaces-creator-tool_31bf3856ad364e35_10.0.15063.0_none_806743e6508512ad\pwcreator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..spaces-creator-tool_31bf3856ad364e35_10.0.15063.0_none_806743e6508512ad\pwcreator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\lodctr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\lodctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\lodctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\unlodctr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\unlodctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.15063.0_none_091c59b88ed6fbeb\unlodctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpq.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.15063.0_none_c5177aba769d526d\lpr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmEngine.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmEngine.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmEngine.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmUi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmUi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.15063.0_none_92ce01ad7e234d32\PrintBrmUi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.15063.0_none_b7a58a094557495d\PnPUnattend.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.15063.0_none_b7a58a094557495d\PnPUnattend.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.15063.0_none_b7a58a094557495d\PnPUnattend.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.15063.0_none_7b95e107f7fe4a21\PackageInspector.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.15063.0_none_7b95e107f7fe4a21\PackageInspector.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.15063.0_none_7b95e107f7fe4a21\PackageInspector.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.15063.0_none_fdeb9d552c12ff0f\PkgMgr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.15063.0_none_fdeb9d552c12ff0f\PkgMgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.15063.0_none_fdeb9d552c12ff0f\PkgMgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.15063.0_none_a3773526b0c3b2e2\ApproveChildRequest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.15063.0_none_a3773526b0c3b2e2\ApproveChildRequest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.15063.0_none_a3773526b0c3b2e2\ApproveChildRequest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.15063.0_none_063fa71d3876cdbb\pcwrun.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.15063.0_none_063fa71d3876cdbb\pcwrun.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.15063.0_none_063fa71d3876cdbb\pcwrun.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\perfmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\perfmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\perfmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\resmon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\resmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.15063.0_none_ad1d9764d9c2a978\resmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.15063.0_none_bec1449b872a26f6\PickerHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.15063.0_none_bec1449b872a26f6\PickerHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.15063.0_none_bec1449b872a26f6\PickerHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PATHPING.EXE"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PATHPING.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PATHPING.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PING.EXE"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PING.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\PING.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\TRACERT.EXE"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\TRACERT.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.15063.0_none_ba457e40c8a981bd\TRACERT.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.15063.0_none_f9f50ac2838d283b\DeviceEject.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.15063.0_none_f9f50ac2838d283b\DeviceEject.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.15063.0_none_f9f50ac2838d283b\DeviceEject.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.15063.0_none_0e779bcaf5563fd6\pnputil.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.15063.0_none_0e779bcaf5563fd6\pnputil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.15063.0_none_0e779bcaf5563fd6\pnputil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.15063.0_none_7a29d7ed3b015cec\powershell.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.15063.0_none_7a29d7ed3b015cec\powershell.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.15063.0_none_7a29d7ed3b015cec\powershell.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.15063.0_none_96267e4211f788b3\PrintDialog.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.15063.0_none_96267e4211f788b3\PrintDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.15063.0_none_96267e4211f788b3\PrintDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost3d_31bf3856ad364e35_10.0.15063.0_none_f84efaddd7ac3203\PrintDialogHost3D.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost3d_31bf3856ad364e35_10.0.15063.0_none_f84efaddd7ac3203\PrintDialogHost3D.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost3d_31bf3856ad364e35_10.0.15063.0_none_f84efaddd7ac3203\PrintDialogHost3D.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost_31bf3856ad364e35_10.0.15063.0_none_45b8a69fcfd72d8c\PrintDialogHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost_31bf3856ad364e35_10.0.15063.0_none_45b8a69fcfd72d8c\PrintDialogHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-dialoghost_31bf3856ad364e35_10.0.15063.0_none_45b8a69fcfd72d8c\PrintDialogHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\splwow64.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\spoolsv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\spoolsv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.15063.0_none_e75f7c5afa577e7e\spoolsv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.15063.0_none_bbe663b4ac5f809e\w3wp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.15063.0_none_bbe663b4ac5f809e\w3wp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.15063.0_none_bbe663b4ac5f809e\w3wp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_38dad110cb33e151\proquota.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_38dad110cb33e151\proquota.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.15063.0_none_38dad110cb33e151\proquota.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.15063.0_none_c8e2de6b6854073d\provtool.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.15063.0_none_c8e2de6b6854073d\provtool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.15063.0_none_c8e2de6b6854073d\provtool.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.15063.0_none_7b9c596abcc179e5\provlaunch.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.15063.0_none_7b9c596abcc179e5\provlaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.15063.0_none_7b9c596abcc179e5\provlaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.15063.0_none_a60f9982853b9f8e\ProximityUxHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.15063.0_none_a60f9982853b9f8e\ProximityUxHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.15063.0_none_a60f9982853b9f8e\ProximityUxHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.15063.0_none_0f14a5b4a7919f86\quickassist.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.15063.0_none_0f14a5b4a7919f86\quickassist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.15063.0_none_0f14a5b4a7919f86\quickassist.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.15063.0_none_42a80d36637e324d\reg.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.15063.0_none_42a80d36637e324d\reg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.15063.0_none_42a80d36637e324d\reg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.15063.0_none_ccf9db72e2edfd53\Windows.Media.BackgroundPlayback.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.15063.0_none_ccf9db72e2edfd53\Windows.Media.BackgroundPlayback.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.15063.0_none_ccf9db72e2edfd53\Windows.Media.BackgroundPlayback.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.15063.0_none_6c257c3cb63101f8\rdrleakdiag.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.15063.0_none_6c257c3cb63101f8\rdrleakdiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.15063.0_none_6c257c3cb63101f8\rdrleakdiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..pdate-oob-component_31bf3856ad364e35_10.0.15063.0_none_feaa67e4dd30b715\rdvgm.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..pdate-oob-component_31bf3856ad364e35_10.0.15063.0_none_feaa67e4dd30b715\rdvgm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..pdate-oob-component_31bf3856ad364e35_10.0.15063.0_none_feaa67e4dd30b715\rdvgm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_10.0.15063.0_none_0ba1e8fb38f0aa68\RDVGHelper.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_10.0.15063.0_none_0ba1e8fb38f0aa68\RDVGHelper.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_10.0.15063.0_none_0ba1e8fb38f0aa68\RDVGHelper.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.15063.0_none_4107792cae6166b7\raserver.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.15063.0_none_4107792cae6166b7\raserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.15063.0_none_4107792cae6166b7\raserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.15063.0_none_5452c60eca787254\SystemResetPlatform.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.15063.0_none_5452c60eca787254\SystemResetPlatform.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.15063.0_none_5452c60eca787254\SystemResetPlatform.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.15063.0_none_20edd7ef9e21d8cb\rasautou.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.15063.0_none_20edd7ef9e21d8cb\rasautou.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.15063.0_none_20edd7ef9e21d8cb\rasautou.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasdial.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasdial.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasdial.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasphone.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasphone.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.15063.0_none_805aa901e17ffc08\rasphone.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_de-de_a369c67176801422\cmstp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_de-de_a369c67176801422\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_de-de_a369c67176801422\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_en-us_4c5a9c6a655e1fe7\cmstp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_en-us_4c5a9c6a655e1fe7\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_en-us_4c5a9c6a655e1fe7\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_es-es_4c25f94e6585118c\cmstp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_es-es_4c25f94e6585118c\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_es-es_4c25f94e6585118c\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_fr-fr_eedd6f4d585727ee\cmstp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_fr-fr_eedd6f4d585727ee\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_fr-fr_eedd6f4d585727ee\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_it-it_d90565942f890d6c\cmstp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_it-it_d90565942f890d6c\cmstp.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 568
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_it-it_d90565942f890d6c\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_ja-jp_7b2ae4a122a41f47\cmstp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_ja-jp_7b2ae4a122a41f47\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak.resources_31bf3856ad364e35_10.0.15063.0_ja-jp_7b2ae4a122a41f47\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\cmak.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\cmak.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 568
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\cmak.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\rqc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\rqc.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 568
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rascmak_31bf3856ad364e35_10.0.15063.0_none_21a039cab183985e\rqc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmdl32.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmdl32.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 276
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmdl32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmmon32.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmmon32.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 568
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmmon32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmstp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmstp.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 568
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.15063.0_none_703418aa99544657\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.15063.0_none_958fd3aaec6fff19\recdisc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.15063.0_none_958fd3aaec6fff19\recdisc.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 568
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.15063.0_none_958fd3aaec6fff19\recdisc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.15063.0_none_39a68a4ac47c2e57\RecoveryDrive.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.15063.0_none_39a68a4ac47c2e57\RecoveryDrive.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 568
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.15063.0_none_39a68a4ac47c2e57\RecoveryDrive.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.15063.0_none_97272707ed69b8da\recover.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.15063.0_none_97272707ed69b8da\recover.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 376
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff991839758,0x7ff991839768,0x7ff991839778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 1488
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.15063.0_none_97272707ed69b8da\recover.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.15063.0_none_1d6a15a7f29f9ce6\regini.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.15063.0_none_1d6a15a7f29f9ce6\regini.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.15063.0_none_1d6a15a7f29f9ce6\regini.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedt32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedt32.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 576
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 1448
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.15063.0_none_05428e9e14a75fff\regedt32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.15063.0_none_896af68a6852519a\regsvr32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.15063.0_none_896af68a6852519a\regsvr32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.15063.0_none_896af68a6852519a\regsvr32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.15063.0_none_5ed4a96b3e219375\RelPost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.15063.0_none_5ed4a96b3e219375\RelPost.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 572
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.15063.0_none_5ed4a96b3e219375\RelPost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\msra.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\msra.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\msra.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\sdchange.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\sdchange.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.15063.0_none_486bf0653ab487af\sdchange.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.15063.0_none_914941045ced5588\RmClient.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.15063.0_none_914941045ced5588\RmClient.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 568
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.15063.0_none_914941045ced5588\RmClient.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.15063.0_none_d81b08ba2532f621\Robocopy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.15063.0_none_d81b08ba2532f621\Robocopy.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 576
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 968
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 --field-trial-handle=1896,i,8559896787128850513,13758554455641061040,131072 /prefetch:2
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.15063.0_none_d81b08ba2532f621\Robocopy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.15063.0_none_e0486c662566aea8\Locator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.15063.0_none_e0486c662566aea8\Locator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.15063.0_none_e0486c662566aea8\Locator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.15063.0_none_aecde74979873d40\RpcPing.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.15063.0_none_aecde74979873d40\RpcPing.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 572
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 1920
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.15063.0_none_aecde74979873d40\RpcPing.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.15063.0_none_70fc227d963c1c0f\runas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.15063.0_none_70fc227d963c1c0f\runas.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 576
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 4656
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.15063.0_none_70fc227d963c1c0f\runas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.15063.0_none_e9192ac8e3b94c4c\rundll32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.15063.0_none_e9192ac8e3b94c4c\rundll32.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 576
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.15063.0_none_e9192ac8e3b94c4c\rundll32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.15063.0_none_221fe8572e1b8efd\RunLegacyCPLElevated.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.15063.0_none_221fe8572e1b8efd\RunLegacyCPLElevated.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 376
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 1588
Network
| Country | Destination | Domain | Proto |
| US | 138.91.171.81:80 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 138.91.171.81:80 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.39.110:443 | clients2.google.com | udp |
| NL | 142.251.39.110:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 110.39.251.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| NL | 142.250.179.170:443 | ajax.googleapis.com | tcp |
| NL | 142.250.179.170:443 | ajax.googleapis.com | tcp |
| US | 104.18.4.175:443 | global.localizecdn.com | tcp |
| IE | 18.66.171.113:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 216.58.214.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 3.162.143.129:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| US | 8.8.8.8:53 | 10.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 3.162.140.9:443 | assets.website-files.com | tcp |
| US | 3.162.140.9:443 | assets.website-files.com | tcp |
| US | 3.162.140.9:443 | assets.website-files.com | tcp |
| US | 3.162.140.9:443 | assets.website-files.com | tcp |
| US | 3.162.140.9:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | 129.143.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.140.162.3.in-addr.arpa | udp |
| NL | 216.58.214.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | remote-auth-gateway.discord.gg | udp |
| US | 162.159.133.234:443 | remote-auth-gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 162.159.128.233:443 | discord.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.19.218.90:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.137.125.74.in-addr.arpa | udp |
| NL | 216.58.214.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | imgs.hcaptcha.com | udp |
| US | 104.19.218.90:443 | imgs.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imgs3.hcaptcha.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 104.19.219.90:443 | imgs3.hcaptcha.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 162.159.133.234:443 | remote-auth-gateway.discord.gg | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.19.218.90:443 | imgs3.hcaptcha.com | udp |
| US | 104.19.218.90:443 | imgs3.hcaptcha.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 192.178.17.96.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:50552 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 44.237.149.213:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:50559 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 162.159.128.233:443 | discord.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 104.19.218.90:443 | imgs3.hcaptcha.com | udp |
| US | 104.19.218.90:443 | imgs3.hcaptcha.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 162.159.128.233:443 | discord.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 104.19.218.90:443 | imgs3.hcaptcha.com | udp |
| US | 104.19.218.90:443 | imgs3.hcaptcha.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 142.250.141.94:443 | beacons.gvt2.com | tcp |
| US | 142.250.141.94:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.141.250.142.in-addr.arpa | udp |
| US | 142.250.141.94:443 | beacons.gvt2.com | udp |
| US | 142.250.141.94:443 | beacons.gvt2.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 162.159.133.234:443 | remote-auth-gateway.discord.gg | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 11.127.203.66.in-addr.arpa | udp |
| NL | 216.58.214.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 16.125.203.66.in-addr.arpa | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.16:443 | g.api.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | gfs270n081.userstorage.mega.co.nz | udp |
| LU | 89.44.168.213:443 | gfs270n081.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.213:443 | gfs270n081.userstorage.mega.co.nz | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | 213.168.44.89.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:51548 | tcp | |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:51554 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | consent.google.com | udp |
| NL | 142.251.36.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| NL | 142.251.36.14:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| NL | 216.58.214.14:443 | plus.l.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.39.99:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| NL | 142.251.39.99:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 99.39.251.142.in-addr.arpa | udp |
| NL | 142.251.39.118:443 | i.ytimg.com | tcp |
| NL | 142.251.39.118:443 | i.ytimg.com | tcp |
| NL | 142.251.39.118:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.39.118:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.251.36.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| NL | 142.251.36.14:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 118.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 172.217.168.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | udp |
| NL | 172.217.168.226:443 | googleads.g.doubleclick.net | udp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | udp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | adservice.google.co.uk | udp |
| NL | 172.217.23.194:443 | adservice.google.co.uk | tcp |
| US | 8.8.8.8:53 | 198.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| NL | 172.217.168.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| FR | 151.106.4.82:443 | bonzi.link | udp |
| US | 8.8.8.8:53 | 82.4.106.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d36ee2fcip1434.cloudfront.net | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| NL | 172.217.168.226:443 | googleads.g.doubleclick.net | tcp |
| NL | 172.217.168.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.206:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.206:443 | www3.l.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.129:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 129.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.250.179.174:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.250.179.174:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.250.179.174:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 142.250.179.174:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| NL | 142.251.39.110:443 | play.google.com | tcp |
| NL | 216.58.214.14:443 | plus.l.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | 10.121.82.140.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | bonzibuddy.netlify.com | udp |
| DE | 18.192.231.252:443 | bonzibuddy.netlify.com | tcp |
| US | 8.8.8.8:53 | bonzibuddy.netlify.com | udp |
| US | 8.8.8.8:53 | bonzibuddy.netlify.com | udp |
| US | 8.8.8.8:53 | 252.231.192.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzibuddy.netlify.app | udp |
| DE | 18.192.94.96:443 | bonzibuddy.netlify.app | tcp |
| US | 8.8.8.8:53 | bonzibuddy.netlify.app | udp |
| US | 8.8.8.8:53 | bonzibuddy.netlify.app | udp |
| US | 8.8.8.8:53 | 96.94.192.18.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 162.159.129.233:443 | discordapp.com | tcp |
| US | 8.8.8.8:53 | discordapp.com | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 162.159.129.233:443 | discordapp.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 216.58.214.14:443 | plus.l.google.com | udp |
| NL | 172.217.168.226:443 | googleads.g.doubleclick.net | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| NL | 142.251.39.118:443 | i.ytimg.com | udp |
| NL | 172.217.168.226:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.198:443 | static.doubleclick.net | udp |
| NL | 216.58.214.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.250.179.142:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| NL | 142.250.179.142:443 | encrypted-vtbn0.gstatic.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.142:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-5hne6nzy.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-5hne6nzy.gvt1.com | udp |
| NL | 172.217.132.166:443 | r1.sn-5hne6nzy.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-5hne6nzy.gvt1.com | udp |
| NL | 172.217.132.166:443 | r1.sn-5hne6nzy.gvt1.com | tcp |
| NL | 172.217.132.166:443 | r1.sn-5hne6nzy.gvt1.com | udp |
| US | 8.8.8.8:53 | 166.132.217.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | 129.134.221.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | 96.134.101.95.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | 96.134.221.88.in-addr.arpa | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.39.110:443 | clients2.google.com | udp |
| NL | 142.251.39.110:443 | clients2.google.com | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | udp |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 74.125.137.94:443 | beacons.gcp.gvt2.com | udp |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp | |
| N/A | 127.0.0.1:58090 | tcp |
Files
memory/2492-0-0x0000000000DB0000-0x0000000000DE2000-memory.dmp
memory/2492-1-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/2492-2-0x00000000015E0000-0x00000000015F0000-memory.dmp
\??\pipe\crashpad_3712_QUPWLVRSMUESVKZX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/2492-14-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
memory/2492-26-0x00000000015E0000-0x00000000015F0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b373f15c3cc7ce88f86ec7999149cbff |
| SHA1 | 4e69b9bac216dbe41f03aa89e9a509441ca33334 |
| SHA256 | 19ebfc3c19af4dba19d6066554dfe367244b2569f225e1ba2630cd0822230b90 |
| SHA512 | ec714009af1ca8fc3a0f151a0787fe18ce990053ac6cbcabee85ad18df91f8f21050df7c84963bc90ef2e8cda5b7599434fa139b8292f33ebc90e9a49af6aa6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7dfcfcafa771e9fce608056e94f1eb47 |
| SHA1 | 5a96d91e325e3dd52a6d8b32d54118c679136eed |
| SHA256 | 2ec9e16ca7095eeae0ef51420bac0c373becefc49955c05f060f42bf60807f70 |
| SHA512 | 12426a92012ea182b5aab1ead3358784f58cf78f9f61952f1cc2b50517b45806d93d8eeef84bcedeb184c4c6c29079ab456bd6cdf868d1466c7e8733a1583556 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7e9f878fbb0557384c96c0a614c87941 |
| SHA1 | 00b5d6be4599b82d2b93b734b79c2bdc2cea8370 |
| SHA256 | 5e2d60a7ffb2813554200935fbc0727cf059a63a148d84ee1225387f19d5a967 |
| SHA512 | 31c4d6bc398d36b7e09208bb5c8beb8a644f76c14feb0933fd7d6d7a040ef053b9f54b90bb586a7de65cbb00ab79bfb63d029ee96421897f2549e9e08df11ca2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ab96014e74548e8a8114127290273e80 |
| SHA1 | fa130236cf2c776f877961042d0914eafa087dc5 |
| SHA256 | d0023d117aba55aee3ef0f0c73dbd0e726af16778c7205258a3ea6194112e12e |
| SHA512 | 2abad537949b99a4ab6cacbbe322960595bc1e49e371b27fbd105340f316a1402736d768f31d6e80c58ed0d0e87da27d8c0c8414cb04989ed7118719f9af6e9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | f5b4137b040ec6bd884feee514f7c176 |
| SHA1 | 7897677377a9ced759be35a66fdee34b391ab0ff |
| SHA256 | 845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6 |
| SHA512 | 813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a1e00c5f6316834d7927dc6d82b3a56b |
| SHA1 | f266af06afb48df98a0a9eec4d6c5677254c73e8 |
| SHA256 | d95684527f1be59ecbf23fa2d99e3faf925728d2b1f390306afb797482bf028c |
| SHA512 | e90fd4653afe21982e26a6a71ec4f3dd5873ff3f9c990d49bbb213966db08feec575cfbd03ca9f79798eb90e6bd0a782ba69f43dc9b8bfc743b0b4fafe644066 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a34fb5f3796a08d11594d2471f59fcc6 |
| SHA1 | 0fa2ea61f0f01cc45016e9791475747b155938fc |
| SHA256 | a40cb3074d426d713d9b334bb04a4737e1808fd477f2aec2b4a7af882cb2177f |
| SHA512 | df9ab0392a30511a7fcd8b6f1295f144aa433682739e957297425ad0035da02cca6a2aa62a5e7d77b57fc13c76613489e4f965ae1b0776e9bd47cbc13c169eb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 95a5def9be34ef0c30dbbdd3887f197f |
| SHA1 | fec54695126b9f3051211a0230d59fa76b9f718e |
| SHA256 | 24169035e616bc096a91094ef10e0d0f8027c1b93a4fdd8a07f96a4c1595427b |
| SHA512 | 0ca34cde019c27b79444931ba1d423606b4a8893b432682b3c4efcfee58cc912ab4838d8f21b81f63f8d090cb4468f711cd006cc6a5acdddcdca8b4e9271da31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a8352c0476046daabb8618b7d980f533 |
| SHA1 | f3a831f7796f391e8c19a773795039634fd59077 |
| SHA256 | d15398431a20c3359974bde060f220ae96516701888ce63be019cf75b5e41919 |
| SHA512 | bb55a43a8fc4f29016e800ead8427ee8d438d1e908f7caaee60a2abb81adec58282e6c1da8ffbca1a4065a36b2fa625a660f4b66534f68b7e21d7ce729742a87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e381cc5d3a2b80b17b1f2000a7cc08dd |
| SHA1 | 8821ebaa2753e2b6ddd6bf861af6f2d13371928d |
| SHA256 | d9b4df30dd4732cbfa0e36d82876f3b88c8086da722e7d17eb7e484d17b17a0c |
| SHA512 | a34fe02938bdc6fb482627a4f7100da28336d2875d16a30f1bd77e083bad7970a62b38f6144dc3423da2bdfd8139ba8f79615e546d39f08842aa807a24eff0c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cc4eaadf62d59a15b886b49e2437b65c |
| SHA1 | 1fc4ccc03c66a60a471ce9f4d72bf9331230e3d4 |
| SHA256 | 8b70341527942aa6f9a885be902202a3bcf36e01f4ec85c08a38985f5e32f276 |
| SHA512 | 00a48b596685552b12099e0b286b4fb34f8b674748ebb78dabd1fec03a76bc00d94d86634e901e430ce5f010a4eafeb6b9e2d61a965bf98db9f589845c372c57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f857388481fa8df0ce5771ed69f69a5b |
| SHA1 | 907cc69e3b30491668e2cdfdd9f167eb10c954e6 |
| SHA256 | a054698abcd42f32ebd2c489f15bd4363124c6b9f98e9cc169c2e186f57d6b69 |
| SHA512 | 2a61109224fb182a6da33dcb7f7ac80dffe3087780306702b242d4972b9529dc65264345b3dbdab8f92863d6b11393801bb6c5ffe57c34135b2a2a623f83c5f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584cd3.TMP
| MD5 | 3df16609b9f7377301896e3aaf233cb7 |
| SHA1 | b40d51ea64419d60eb7574dd0ffdaecf493e58d0 |
| SHA256 | b4b4fb2cc4499fe9752c6d9ce0ac810c537c2a7d9469cbdf923e7640b612b194 |
| SHA512 | 278764237a3df1e93c0b6463cb505af18a57771ab674b2b5db3ced702ab38f97b740725ff8853e72a4c7eef8f1ff640b7574f8277c8ed5c494d63dec8cc5b706 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2cbfc893e1fa45afdc966b27aee37dcf |
| SHA1 | be2d4a74b5318e6a29933a0db9c0637a57900b49 |
| SHA256 | 13d254772766e39ea018958896c6d40612fd4440d94ff031410fe89a561fa080 |
| SHA512 | 068e95957cbeb79ad979f0cde3408ec51be85e894f9b77cd34e7399e05832d0667b28572ff91f2c76db6d6a2a46614d0a7a3d6f9acc5e669428c72d8c04f6c83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5f7e0526ed3629bede345acb25a9bc31 |
| SHA1 | e6cdb4c1f5d6e18041d74edbf6141f8e735ef515 |
| SHA256 | fcc09c5d04a46fb10fd3d1923ae3948aedd77cab3244032dc6944ed86a060106 |
| SHA512 | 2ce101750c8e1c1f9cc4ce228f6c8db5688bdf621fb4671933eeae1ec967cd6a24943a2d932295563dd7e155e5a2accdf2b6733bcd57bd86ad5e0ba6d3630de5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7cac21600952a83d1f2187e40a266de2 |
| SHA1 | 8db8b3ee2d3fbf98f1e161c2844725e0cebf0fed |
| SHA256 | 4e07106f4469decb0648ed08fa7901a4a9636ec1632937e0a93c9874d04828ca |
| SHA512 | cd68fa0ef7f93cfae154f90838d123a02fa3d7cf40ae106024abef3f7bb91f9b88c95e13e619a39738ab3ee01617c0c3aa2f5414399bb595cc5c4318cfa2a626 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a443dc4bd90039dabfd57ec1f14d28f0 |
| SHA1 | ea28051c5fb8f840ef54f66ea55982bd7825884a |
| SHA256 | 875dedcb3a2ed29b8f8eab0e8281782000c07260d7ac9e98e81ce215190baff2 |
| SHA512 | 849eaeac9459a0325ebfabbc29a574e0e11ca80f09dc6693da2b9bcb2d8201ea8b5239dade23dd0086401a1ede67792d4a21d68ace76a2e3bc0d28915f44773d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1d4ef3e5bec47e010e3a521a74f57165 |
| SHA1 | 9262d2c11b0f55790725bac45fc81afd1ec5f476 |
| SHA256 | c5f8b726651641ddde33b4dd80ec9cd25c0098d1192dceea85e373d12d4a5d70 |
| SHA512 | 510135c9e238a00d0a0a179ebcea6297d7ad297e2897c36ac569123f70da601a31943e99a0aa8d262bf8fb8cb6a2b10e4244ff6299d14ff2cabb81655fb5867a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aa49602c85d5d1285c0ae72cc6eadebf |
| SHA1 | c13794e0bd3bd99bc9ffe7b18be60e2e2bf3dfac |
| SHA256 | fca9f72c6d786a155046bc3c2b455593b1f9d27caec46bd88477d0a3f347a088 |
| SHA512 | b2d470f3544f4faa2204aaa859a584fcf656ab57397b5d877a54d76898b139d9ef1555373420821ab41021cfa1e42a40def54fdcb56d13cb5bd50500c9a1d37f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3e5ee769110d586b819ad994d81c6792 |
| SHA1 | 5fd4237daf3b92029c8da0ca7431ef84556a2796 |
| SHA256 | 6faa8974efa55a2e498e5efd067adba111f035be8595c3f471a5ec931ddd59ed |
| SHA512 | 36d0fbb97d0e490e0501b0960c547b10f5a3ec624c6cf5b2073e09d7dea6734d0fcdfbcfddfd9e5ddfef9978c1c70285f41e10bd9bd4a3e14f13c32056144f44 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5765d3ed14c5ed8647d2614590a39c65 |
| SHA1 | 7b02cdabfe25ce3aae77fbc16a3fd7990df00b9a |
| SHA256 | 573f9d9791397b87d19a1e897c064f8c6515b92cdc97cc17523b330c05044e7c |
| SHA512 | e05dc61f6a0beab7820bd61f06e70f3fdf2537738475b26c1aa7b387991f44616c61c2b62dc452565e47cdbf2f8a24ab7b9db638c1cbc6410dd970f25188fbd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 30be9fc9c53ab4e7945e17c8017c0406 |
| SHA1 | 616004bc43aebb9be362104598067f73aefb7184 |
| SHA256 | b13c61a03b1cfa5155aa682687cc20ff6f371354416afe0fa6cf1d262b4f4306 |
| SHA512 | 2ee90e11382e68ed06608052548d68b59cd1ca235a398895ecaafdd5a2da21f8dfd38c58db82969f986be30f56d2ce2c272e379eeffbe43c9b002bde3be3b001 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6cf0cdf0bd61d53a1c0b5fb99e1169f8 |
| SHA1 | ab7b9200d794a2a75ac3d3fb79ec81864f40e082 |
| SHA256 | 8c70b3939e146838dfafcc02c81aa6e95ed2dc9a5578d2ffcc9b3ad454d596ac |
| SHA512 | 71a431b2f3784fcd9c91f9bb7505e7bacf0f7c39ebf84b5f9781212f3dc9e85908c6b107b4104e88b20507b7cb425c7f3f0e444af45fc88e713d92f01a6457b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5aa7b913c1ff2ba8b51a8f461fe8ab41 |
| SHA1 | 3c899f9efb210e8ab00e5ec038e3be75de27013c |
| SHA256 | e29208f74220bc8a1f4ec5c50787e4d4d8ed7590046581a95ff5682595b9c506 |
| SHA512 | a6a2744c28932f72d833a1bbd79b0bec371b4f27f2e9e2f0b53745f2b37ac50887ebec5b10ed726f64d0720eb7cbbf33d11db2b060d6286affcd227c19fbb155 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3c04a289b5adad266048874b0416ac7b |
| SHA1 | cd9af009186946baee4dcbe25788bf31899f8691 |
| SHA256 | 7f51755a1a8191bff23090a7ddf5294ff2338f11030df75ede6cdeb8dd85bd3d |
| SHA512 | ba0de991693679a449d1f0a348aba97b5fb6cd25115878969a512807e0d12a73b2bd59369e19b651518fb8f23cd9f257c1d96a7c33a531c08c609e823a45743d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9fe7b4adc52ab2f295f0a8d9a86e1825 |
| SHA1 | 9e9ac4a12d81167a9e2b27d6955f63ed682cc534 |
| SHA256 | 01e432c3ddb58f8d1574242c1e0ace69dc6f05433eab4efa4ed6b8b4f077fac1 |
| SHA512 | ce338940b17691e91bc4bf01b69b618ce7f4c950e74bcb8553b64d95a379f14772fb3966d2f6c3586f5d14be84cd17ff8abf4bae14fd266844e841fe24c01b51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 500497d8817c60453c07c1cf274cc546 |
| SHA1 | c66bc91080066fc4623a07c22f4e9580a10b2beb |
| SHA256 | 52b89282d2fa4b934564b1f8d8d7d18a472bee646369b8b3d94c13b5226ba36c |
| SHA512 | 4b9abb4a376aa975bc36493c8d52d8f317e57164294eba050e8567b95cd5164a8076a4fe394e2916d82ec1e3b06559294d3b2bd3310459d03db39029ca800391 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\220a8403-9f17-4897-ad9c-1873f9850760
| MD5 | 7611670c49efa511dd8be78dc22e32a9 |
| SHA1 | f1111ee6f512cdd7e745e79108a4d42f271c6ef1 |
| SHA256 | 66e2a4976a98fe6af352e65be8b43b34fc60f39ddfbd0f1a4febbe2cbfe78f99 |
| SHA512 | f6047d19433331ff90be51fcc94c82545787cc89a950cbac08ae28c672a2be92940f0b7374910c62e7cebfd62491ad74be8659baef19180fc15fa093939644a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\be91a0e6-76f3-4d5a-83db-c7463fa1e156
| MD5 | 197825ada5b6f1910199cff46f4b0c37 |
| SHA1 | 8e555cf25f82df1369341424eadc368066f91d49 |
| SHA256 | d758dd73c3d81069894ba94fb4a5597100fb6f9c654b83dac00c3137f2b87443 |
| SHA512 | 810706312aa7c14fc42336718b03ad7ffc4a048a6ac2ee8b4d5d06aaaf9209140b295c5498a68a50cb4a11e94d2d015388120392fab4b567700187e36aa1fac3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin
| MD5 | e3c392f52b2a0d923c02280098db8587 |
| SHA1 | fc27236a914cee76d5cda733819870c480b4b03c |
| SHA256 | c2362133750b85e08c3496d5d2c18bd979fc8c430040c3d141ddadd2fe55f38b |
| SHA512 | 6d9b3f6eae4d81dbec92c507e09400541f30fa306b8d55abc8259e2cbcd7231239e61115cac3e07d6297214414e02d15f64eea322f9ccef89d52903ae661d353 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js
| MD5 | bc13ebf91e8b38689341dcccf911d17b |
| SHA1 | 2408047e1d72a367078eecdffea00d5358d7b484 |
| SHA256 | 3a4b5bbdd5a5411f3b22b46f1beeaa3826d09394136a2958da874026df7e78c0 |
| SHA512 | 8a7e1eeaf4774b1b3d1fff82c4bb4dc31f3b7bfe943f643e7e44e0a84868d2bed1e28a2ce95d9683ee1f3430b00b646916ef292d40cedf002234a47d7c71b507 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js
| MD5 | 55a73fcf7a64e75e520d36df8b202941 |
| SHA1 | c489fe124a13c1d4f76b1e83cf2101f5191fc567 |
| SHA256 | 368de062f2344dece13870aae34ff7cab9f81c144454cf74c85f2061ba6b248d |
| SHA512 | 49e2b77be19ad0febbf69e207d8017a42bc332cbf93230410940e10e7dd78da567123b5656a59d9a99f95490a926694587c4f5817f5f341db829ff709f1a0ff5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0df48a24d68313171eb841e5616731f1 |
| SHA1 | 8cb4c1368c8f6f763846429228b2338a39c75e67 |
| SHA256 | 4d65adbd0d8ccc2d945154df0b10a4c51e7d9d6624adfd6975754c669863b103 |
| SHA512 | 9ffa84657691124ce40b1fa9aac6e0985c00b8ab8346f411fe1139a9ae3e4b07cad1c7673f972a49afe1822dc07d2cbc4309c76ae31a6bdd16409ba7798a0bb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 34f1c4c196a51102c4e03bc7dd8bbff0 |
| SHA1 | 2c86b3c4d19440f385a7e69d23a8bf1af1707a56 |
| SHA256 | a1fdaacb7874d5f610394179162dab6e489857e3048ffd02af19b1583a9e9635 |
| SHA512 | 3761138e1e660c053a18a5dc0afa4453d57d29a82d8810355aa8db57e023f7c17f3145a8224bfab73fd6f7826abab2c86f1e04bb0917f9dba2ffe8081e9c7d72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 701f5ccb94c70df629c048ddd2086535 |
| SHA1 | f95569a106b25b97d570888b4d75ad8bfab52497 |
| SHA256 | a22032494f15a559d0ab640ed32b1a39fa4f23ddc478eee1b3b77a26a5ae4925 |
| SHA512 | 294996853cb9714185413dabbab548a3ef4d64ce4c4db3023bad191c279b7a8bcc71f7170ff85479ab827b66eafff572eba6e327879598ae9ddac150baaf4b45 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore.jsonlz4
| MD5 | b3d44b956d8666e2c62c547bfd858a4d |
| SHA1 | 25980e00a31ce80dcbc04b2cee4ec7efc881055f |
| SHA256 | 881640cadb75dcb412abea1459e041e566ed6030e2b395a222d8078ac469f178 |
| SHA512 | 2f281365fc8e9a66b82e7311258e722f876875b2b7191403a4e4068c561a2ffa324f8d5347518cce545ba1d583c56f4eb3835eb6320849c74a05d459954de7a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 863f1b2731263ce06a7fbdfba3576146 |
| SHA1 | 22eb85b90c984bdc2443cad9c0c4a1355da41dbc |
| SHA256 | 0890b94dad1b6f9a2b498ce0ea550d05cb0ea613145da910a31e3ec134fa1bf8 |
| SHA512 | 725014aa2c133d7475d8b1ab7abd6595203c60458e798457ac532560b6a4166e7f84be6f1d928e0df9dba63ea07ece5ef1246e1f6b7d745eb92c3c0dd1d87295 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
| MD5 | 2fc881b72289153635453d8e5a0bcf04 |
| SHA1 | ac3275ed83eba7102dea1f3b850869c6bc3c4d1b |
| SHA256 | ff02fe3f18fcc7f424fffbb7cc5310fcc1c45fec41894a3bce11c0f7ff52e345 |
| SHA512 | 46a9698c180eed4946806ca4dcb4eadf06b24bc3b9eb66cc6664bbddf448653008c29671984ef125308bb6867fda212ed901f2438feb09d5954c845ec61b0d9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | 4488f44d1af9f8da3a910e90c3ab3a92 |
| SHA1 | 5aacefb5d92ec6d2fd9c4141df489f2dc5c24a62 |
| SHA256 | 3d9a24e7927820fc46e73cf1d18f2acfc824906cd76418d47087c031c9d8074b |
| SHA512 | 15a2e1265cba84c297993cc14ba8a0e946e635a820520b57a84d38f799795f4c48f481c41a0384afe2dac156553086c00b71b309b4eef14b194c8672ef919011 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 69eb04b75ae17ee3be08f7fa17142833 |
| SHA1 | dc794e8cd9f262726613a7617a85a1dd3810b073 |
| SHA256 | f4216a2933106146ed23401c63d4ff54f02a52d4568070c33a6f46741968f77d |
| SHA512 | 716585c936834418570fcad5cbe8ef7489b603ab23e94cb5f76a66e998da609200f6587a569f07da50d5470066b9df542b60c2715b2aa3dbcc4683e204d311e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 45cde1a71212f3b01da14f87b1da6f49 |
| SHA1 | 2b5659c0255d589ff551b157138ce0b8b7b9e952 |
| SHA256 | 6d26475f8e177e28bb8dff201c36ce6625076b2bc1e97589587b150bcd65ae29 |
| SHA512 | 9b8a05f4714c74b5bd95328d0c95c27043b20d9b10b6c03c5edee482819bdb62354246fd747808355e34328e39dea1bb073a24d0d6afc11251cf7e814c2f0a77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ab04ba61f97be33dc1d74216789a1385 |
| SHA1 | bc43bd66aa5fc8a270cdffd7541c7fafad050b7e |
| SHA256 | 65979ca1860546b7b5cb5b46e3b0c2f37454cc419300e27ffd398ee681ed7f39 |
| SHA512 | 7e0996ac490c4c353da5ee8addede9f0ccd93a78ae7526f0c61fc2244fe80964ab8bbc90cb5027b44baad5a72a39b67fd1c984ffb681b06751008cdbdc9b451b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 109c9e486dc09f66b9c1a88f78221378 |
| SHA1 | 9f636301ab6c90038529cce2b0db4cdeca357cb1 |
| SHA256 | b088d991e2fa7f419e308bc2b503ede1df5d0dbeaa593b6e63348c40f29b3cd6 |
| SHA512 | 666dff8114a51edd9ccc1b0d3085b81dbf443071ae66e932edbd2a9a9d72aa49d48426babd3d304fe5f6c42afe92d0ca01db131b069f32d848570a2a09ca4b88 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ec7655a27eccc9ab25ea68f1d636b61c |
| SHA1 | 5cf3b35e82379b234812b3f4026f90ac59bbb2b8 |
| SHA256 | f823cb445711e0c1777b4773c4128ff82961be35b263e8768d2d1d97b25b5c50 |
| SHA512 | 4ff31ab901b76c4707b7c4cc720de53da3c990d661718352cc78d6bceac50ff3b0dab8f5b86aefa061055a1108f920a3bed5f983b4e4af4fceeb5ae64eaa6787 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ba347a913853a00d8d97b47f0fe70b6 |
| SHA1 | 7face3db242289c74ba3bcf762ac2ef6cc7d2379 |
| SHA256 | 6fb77be673d04a1568127c79ab22a79a863eda972ada53be057050eb8169a04b |
| SHA512 | 1ef64c4ad945ef6ebdfd3ba3632746188e5a6ed76e5c0f4dfbd5b8b886fb8b084cc4d3b53f98e567460cc2511d4a7f887e6c9e1e9744b9326f7428c98fee25b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bbedf5bb0d9589cb624a2b181b700705 |
| SHA1 | 6642f39ee2919af46c5ff2238be6a1b0d10cb528 |
| SHA256 | 597d75a93ae173e47a43a68fe783b84910bbbbb495d188bb42cad98de3e18d1a |
| SHA512 | 0d7c14bb6c18027043a6b5a92fe20b93f44094a3b14b41c3f40c9ba664dd5f47045f32cc4f967be51d63085deec50484a87feed5c96b3ad4efaf72a67c8ce458 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ceda25729141c6b3160c5fc0ae062610 |
| SHA1 | 7ad7542718c1932ce1e9601f2e81751679e5fb72 |
| SHA256 | 396d2fb82bd5189627c5447a7510b756a7b47d631256c7546fe9f162158a3825 |
| SHA512 | 2f0b05daee5d579238d62963eabc34b0e2c80527b3765e7974020aa2bda7cdc1e31039f62a84ecfd436b33d2bacbff0cde0888f3d7c267df00227c47e8ced178 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 70a51d67768261cbf76a77d64fac56bb |
| SHA1 | adba153c4d07ddd9cd7e55baeadad2160df55a28 |
| SHA256 | 7cbb5c1ec77216c627ce628088d70c915153d0eb1405b455faccd3d2d4ec6a08 |
| SHA512 | 71946628a13b00ac7ec6252bf60f3c3388d79bda16837e58f37a7c1b69db98b920091585c4fce1785436ddb67463165e6f847bf7787d822bd9ba2e45c9845838 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 099ce1317515d23b15d47e6c190e71b4 |
| SHA1 | 5123dcf1b8e0ebfdae1d7cd5c5d65fbbf0b22882 |
| SHA256 | 0cf091e62d159673652c898dbf53f4ddea6b9e9f3df92d7c3652f9c7eecd04dc |
| SHA512 | e56a7b8215f715645796be8356704ce766164c7548e20fbb658bfc5afd52f3a13724c5ee7da5c1322cf499efb9d6d77d7f92cab8b7708941e5865ffc9a0dc606 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 3bf7d36ae099881ed9e4b960c9c6fc92 |
| SHA1 | 34a0948c83a6c7ee4315bfef32288968e4ec5669 |
| SHA256 | 0cf6723517ab6c5b878a7349f05bdff516906ef9b10a7415c51ff1b710ef2692 |
| SHA512 | 84b21b03b5b3652761e478135cf4b5063a5fb60d79b3373fa7c56b38ef401dda5e357100498d033b4747f23bda41b79c9097abbe0a1e34713ab5f04e8ef2c38a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 734935bd65405d03177550638fa79391 |
| SHA1 | 4024e59661f4e1bc98849383d3a60b9d0ce54d55 |
| SHA256 | 63c3443736a2bfac4968219037e0fe1d3379308b3741e9ee7229d1101027bcb0 |
| SHA512 | baf4f12f13571a51e6057b762743d03b96db1c80054dca1dd1808b4c092e553aeac677260a7c27f0d6e74a4df4f39414ccebd9c8f4f530145e95b9e2c807cf73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5a50d1e5a5dce29a74f5806ecdb3ca7b |
| SHA1 | c9f1ee7a5646e68441a117ff148f737fc5f1e2e1 |
| SHA256 | 9bc01b5a4121af081a497598816e283e32719a5fab5b51f87fb119b818d70a60 |
| SHA512 | da4c654349c52dd22dbb16e1febae7376687f40eabdb8034ccf84a1680dc25dc794e14170123bd017988505496a74aa26e80e2c0732d10982b2fc4b824b4b229 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6470c81ea9e5c05b961bd67548ab3202 |
| SHA1 | 8a92d481cc06ee88863d7df3396835bff060c1ff |
| SHA256 | de7b060f9e9805aa8adce327aa424de66ebd4aef47d7792de8b40b42ae156a89 |
| SHA512 | c43e8b7f3a76dac75f295d5383e3468c5833dfde6f38d47356943c3aa8d5194b0afe651d0808a6726c857959f2fb627b061798774a35c0d10051265e3120d526 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b0c8080d766e87c92d8ad68d0a19b7a8 |
| SHA1 | bd34cd76541493bb4ddf03b0ba36fe45bb8a1c1d |
| SHA256 | 43875b6415beb69e4ff6d1048bd39c22984220fadacaf8a5a9761c9750ad5d03 |
| SHA512 | 6d5796cbc9c6d5f45865867266901f428c789be74cb6be3f0016c90e59abcbdc993d7821037a7723cd0b163b6b0ec4b6d79640f8ec07886e62dcaf45051bda20 |
C:\Users\Admin\Downloads\ChromeSetup.exe
| MD5 | a93bf31d93120072394ce27fc50409b2 |
| SHA1 | e85cbad5a29af6e40d3f5dc7cf6675f90b5414e5 |
| SHA256 | 34b81c2b57f0caf79ff795a8ca976d7c7f7602cfed73ed67d75d524f4d7316cc |
| SHA512 | ea15cc1b0a298f4375f7b14ec4bf35d8095578ba2bff71c3025d03945faa14a8b1129e6ed89d1260d4c28c1467be1652e41301b9c280265b35b5c59c07178eae |
memory/5952-1176-0x0000000000DE0000-0x0000000000E12000-memory.dmp
memory/5952-1177-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d0105a8f4534688d9cb3f12390682af |
| SHA1 | 89a39377082798f126d14c429f3105f3a9aa35f6 |
| SHA256 | 0b608f5fcb1c0f862625d5d461a69797b564a6a64735567ee3c8ef458c29934d |
| SHA512 | 070e7e7c9515453b86c6e7fdc1a60a1e6e3d27ee54bf831ed0a74d1ef3d880fa22f46a084b54683c8ca34fe297279c8afc20bfc6dc823be42d2abb6258d4fdab |
memory/5952-1187-0x000000001B9A0000-0x000000001B9B0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe61564d.TMP
| MD5 | 4aaefb3f7cb9ceb8f331de2038e5bfe5 |
| SHA1 | 6a1999a65583fb3e0f53d75b043c78448319ec18 |
| SHA256 | 7f70336c3e4b7adf41e5abce397b8ddc0aaedefc37bac646a631ae8fa609c732 |
| SHA512 | 2af6aff1858ded760f263c2d578f68860333b4b4b4e418e860823a08d9dffd1c0c10863ae6f2e67bd678c8e3443815e2b0c123b8a8b4e67b831301185d0e5109 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | dc896b2ca02c2ecf7faa8b64c9558317 |
| SHA1 | cbb8a821ca0bc42e38166f62acc60e13f0bd6ead |
| SHA256 | 87b2207a9b7f6872dcd6fcc715111635dbe9458ff285b71ea92ae5009caf4f67 |
| SHA512 | d5017943097db4ab975385cabeee800918c9ca9f4d4eeeb2ee901fa9c9125005c3c888d5ce1e297d68f4c03081d9743d8700dbda7514d67c4fc1d51ec327f508 |
memory/4536-1200-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d1977aa02734617348e03900c91a151 |
| SHA1 | 711b767b867eec734c3bdb6129f2c762af8a9f18 |
| SHA256 | 32a6dbb17f1ed0bcb849a5e7fe23b38c87430fa84b487077a2e9c2ca618e1a43 |
| SHA512 | 426bec49713e233199d9ca3b7cacb4dbef570a9b64081f4b0849642ef825fed37a47810ec6a2ab64592fb180ff2c3f0a076401ad0308c4a87f20cdf60394a044 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d4a944bd966c9b9e3ede71d4d0ecfb84 |
| SHA1 | ffef3ad8fd744feb7910389214db8238215bd38d |
| SHA256 | 0901251092e8ad7b696f1df149f6cb29e3b513012f51894301ee08b094f9ea8a |
| SHA512 | 9619d2c309f53121dd26eef531cd82da8f84f5959b0415b787b57385d459cd913781efb59c8c354328fe677e33477f003e5adc5391729f5a7a3da8c2163f973a |
memory/4536-1220-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5952-1221-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5952-1222-0x000000001B9A0000-0x000000001B9B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ChromeSetup.exe.log
| MD5 | 16c5fce5f7230eea11598ec11ed42862 |
| SHA1 | 75392d4824706090f5e8907eee1059349c927600 |
| SHA256 | 87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151 |
| SHA512 | 153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc |
memory/5344-1225-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5344-1226-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5484-1228-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5484-1229-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5392-1231-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5392-1232-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5540-1234-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/5540-1235-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
memory/236-1237-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9fe54edd4513dffcf5886481a74a470d |
| SHA1 | 73dfcdd2a4659fbbd2b0dfa87bfb7882b697b8e3 |
| SHA256 | 593fb05bae1350ff70b3d4fd8f23b6b1b9f704c501b2354079be6354c76e724a |
| SHA512 | ee7ea03e468830c2046ab6f9ec40c2e2f035125c4d442597e827970a160b9669dd9b67109de948c47aea1f5f55eafaced1cc179bdc0abafed4e07223720adc16 |
memory/236-1247-0x00007FF994480000-0x00007FF994E6C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 09fadd379225ccb98fc7cea8bf868223 |
| SHA1 | ceca08dbcce027b46a56fe2b36d8f0450428817d |
| SHA256 | 0749ef1ecc5de76d78758374768b33f9a15afecb073a80a8193938fd90d8e6aa |
| SHA512 | 91318388eb6dcb8a0875b9ebe11cf9b067da36a0138fe66073a1c28a124f114626fae0f8fc8ea7146d2fb7246f36b91a97b06d2e991f57282c2e30e74d591ac1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f964c3ff182896891b81b778c9b5a4a3 |
| SHA1 | 09d09d0d3bfb80751a537f2116627ec761b4e8bb |
| SHA256 | c87bc1b0ee7d15e972fa6d12f87c0e88082b60c709746c52ea379956fd1cdaa6 |
| SHA512 | ba60bd4e5fe26e4163507613ed4d4dc8524ce2bc7a3516dda1b0b0d4bfdd75508e823ce38e6143615446eb7adef5974c2904f7a8aead776b2ac71dd3a9b40a20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8ad4ab6db9ae65e81b32ba70188d491b |
| SHA1 | afb2a097dd61e963531954d07ae495ac0c1a52ac |
| SHA256 | 09eecb26e1899edeba5864a757131cbbc338d486719d45515f7f9798f7267078 |
| SHA512 | ead7b1963bfd852e6a15187c5054096b551d296f7c38333ce468af75c627dc3d9b173541464e8c8cbd101f5cab52b158c2a37cb3a1a2eace24937c0440a402ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 97c3377139154a306bbce9c6b40c897e |
| SHA1 | 89c6c0ead8e1af12b1fa7475ba16dc9f3bc234a8 |
| SHA256 | bf86777d3365d90345da8031514655b73c4cb0b06977225404449da0c01e01f3 |
| SHA512 | 90290651174474d2c45ee84a996272b037d7d7f0b4fcf758a7994ba068d0b3a99b862962abed602d85aab70798e587ebb40fefecf2e43fcf46bf1b5b24df9cd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | b82ca47ee5d42100e589bdd94e57936e |
| SHA1 | 0dad0cd7d0472248b9b409b02122d13bab513b4c |
| SHA256 | d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d |
| SHA512 | 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b7276d8c8b87d627ebb4b1c965fc3581 |
| SHA1 | 88a3cdd1c740d84e0c011ff3f3e431605bbeb3fb |
| SHA256 | ccdea191fab217d0248e2748efd0b061af6cd74cc2c83f8225873d1548192b2c |
| SHA512 | 6f8df58d15072380f9b848aa046aa8208fe61529cbbe215785add741fa32783e4eebada12e4c90e96eda8822525ec6ea0705bb935218fb7947e92edf3391c85f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 22c97b71a3827aae46a3a59e1042b535 |
| SHA1 | a28caa68d403ac9e28525596c441ecefc0231505 |
| SHA256 | f9cac0c3591f00b277087955b34ea329236af5d4691a6dba951750d3ad1be32e |
| SHA512 | b90cb90b0cb37b185ca7259588dac2e878ce099fa0948a851c3c8b30fa3d9677d016d2f421124b3bef75b31c2e2a614e20657ce16e59393282e5c031265938b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 50520851af2690019d8e14533e67601c |
| SHA1 | 328c0c2da89fa6b55d0226ab22c003aec80b1c9c |
| SHA256 | 391846ebcfcec1c2e36ce3eaba503fd708c9c84046003df790ef5c768d8ddbc4 |
| SHA512 | 3e97e83a21d37991744ed86683a9a99fea326dc5bb6f5072f0a2af2b2bd9a9fd5f607c36c347a7250a61bbba733f55d551f22d79b27e89030f4f56a8cc42b084 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac9f7fe4b4d06c85bfa80998bd312ad7 |
| SHA1 | 6e08866a5ae3c521d9928046eece30cff0936833 |
| SHA256 | 679cb2638d9a1c4ba767da29bccecbe398401c657a21aaafdadd81dee6a7b853 |
| SHA512 | 4ac04d38d29999714cdf02c257484290c865ba05146bcc5181ce6ac0d2bc4f90dcacb3a24396541271ec0a23681bf3ac676f715093d2ed468c6e5881a17fb368 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a266facf6799f79372357728d57eb257 |
| SHA1 | cfeafe255198e626fa265c863708df750f38a5dc |
| SHA256 | a910e66bdb8ba7bd50e170e7d5605b6a62e78be3ecbe264c31f647a8b202aa00 |
| SHA512 | 8c004ab634e503d8f5583798bfda34c3669db755be9aa29c307992f4697c04522960eac18a51973eaea2aa5fe700a2500999e8940d4ac2b6eea8421ab4cf0fd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dcde8e1272f51b87fbc89b741c9c7e03 |
| SHA1 | 1a3b02bcadf66effc17378c2d0d2bf72d574a419 |
| SHA256 | 07a280f64406c30f34885ffcf2654e3793f281130aad31b0be44366abb39ea23 |
| SHA512 | 8b6bf5434beb6c50e7ef53d9d841ccb8e656506974047a4d99b3feb5628e3d200da21e3d8e61f1ac320742e53981d4f76243cd15342330c1db5534870635a294 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe3e703e527990885c9f948547d913fa |
| SHA1 | 6c2a285cd31bdec1f1c88b33a7faca6ce1468d9e |
| SHA256 | c4840e52bded737d07ced1907b5d7d80430321355009d4417198cff29423778e |
| SHA512 | 55c05c62864f33f9cbefb0ae008ad1ff3fd07d1684f9772750fe7b9fd353234d673c7bd6b1a7cd4eddef6e7364efab2c35e16fefa02e585a7c0aaa26d8764e66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7e57bf48dbce8a364b0ee9c13d97e9bc |
| SHA1 | 2366d7be8254932a4bc64d27eed51317efa8330d |
| SHA256 | 31136c6f463fffded2a0f6a28d957d13cc4659978811de54193c8491e6cd1c11 |
| SHA512 | d80b32e53ec44885113f8e5c0806450c1071a72248881534d13335433d772ad74bd4a3939b495c042a2cea4e290fe3fd8a93871ade75c047a8e926f655c68e1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6e60e30e2d08e0fe62215108e92f37f7 |
| SHA1 | 933293766693fb98aa31638b394477dfd6b95306 |
| SHA256 | ac64657c93ddc9a0e36aa8a3230cbf654343ac449437811d829efe008c8e76ee |
| SHA512 | c1e2bdddf33d104e28ef63cbffc197fa0295f9b6239c86b83a00945cb0e99828c25266b0cda7cfa388e5703105454a19af96f365d92a65ef6320d0d5d9d1a99e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 7aa572445a9fce7ed26fe949ebf25b3d |
| SHA1 | 48d27e2885dbf2926399338c57430fc49844bdb5 |
| SHA256 | 0b078ef54f84d7d4b96c8f03db0706ef648369a4365619497db2a24474e27a6f |
| SHA512 | 13d75ce3297a282932cc3e3bd0207fa52cc460bbfd6cb633fa21790bdce8e510e1e4d3e951cec621e1364fc83cb36079421d1f8c9cc15d9e26e62c2c95c6cbe9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js
| MD5 | 463a53a7b63376700f5599a549fa0a76 |
| SHA1 | e036ff6c450eaf4325085595807af0f80dfaa64b |
| SHA256 | 7cdb7a2d43955dd5c1ff29984434c16bac74314530ed21c3017b1db8bdac4c2a |
| SHA512 | 7e7900185abcfb95c93a5b86a01b65962379ec81a7d24e3a5baa743b674d1bf83d821ff0befb69086ed31bb357d3c37194bcb41c35233757226be9b01f1e9edb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\startupCache\urlCache.bin
| MD5 | 7fd12f28c8c6bccdfef0c6f07035c946 |
| SHA1 | 29aec522be7334267f86316d8431b8e7c94ffe73 |
| SHA256 | 8344a21a4323d5a7a3e429557ce7c3c06bd37349b7108ca29624419110859858 |
| SHA512 | 216e321aecff15dea96ae5faa8442b48b55e4ec5327242ea31757814df126d1f39d8a2a1f6cef236ceefcdf016ff36287a91308541d54c07f2d3e45e336cfa29 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\addonStartup.json.lz4
| MD5 | 240ba8559eb2129c9de23ef68fb49e6d |
| SHA1 | bc37cc5e3dbe368918d503e4304aa90006fd99d7 |
| SHA256 | b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec |
| SHA512 | ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\xulstore.json
| MD5 | 13886164df60e7af87b06b538a9574ee |
| SHA1 | 442c3cb38eca82a899d54c344c4b8d83a1088b16 |
| SHA256 | 9d33e61ab83cd1293da7679287cdc74762f6df2433f6b2303b5fa6d9a8d175cd |
| SHA512 | d311ee089878c1baa373e260ac424f3ae47190fc15e4e21eaf2532cd671131a59fb68826cb5b4269abd1a86ffede22f28d35468f3a470d4da0d0ad8fb81608ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 831e3ee49b071bbb89245990cf1b87eb |
| SHA1 | a9394cbf8d00a901585987a83a61d2a6b026b4f1 |
| SHA256 | 5b2161b2865019c85dfd3f1c92ddd58ca6fee88602a3db1b79a0212a0dbaabb7 |
| SHA512 | 29236cb55d97fad8091fc2b2a2d0d75623f9ad7bdf01645c10290bfa01b7425ed416b568fefdbfd8829722808b72ce5c13e2d651121458d9da27bbc3ef5840bb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\SiteSecurityServiceState.txt
| MD5 | ba3b0b6a3b8cf37a4e559b2309bae6ba |
| SHA1 | da15dade71694ced73eab3b5a7f741275340070c |
| SHA256 | dc3ce2439eebac11670d3a766cb98e833031753b6fb83d29f580c2c3d6e6f191 |
| SHA512 | e5c43b4576dce652861eff71fda9b0b2441bdc3e484c8ca3ea0ac5f6c2208577de173efb4dd6068fbc5e2c1b3ce6da33a95de2d5f03771f9b264149a55dead21 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 9e612608bb0688b82c39d3e2421479ec |
| SHA1 | e1df47af2cb5179009afcfda4ce368eeada5f834 |
| SHA256 | 63cf3736f70c2b90eecc61a2348b310c4263ca39339de18ba5ffffd06abaef80 |
| SHA512 | 0dab6cd2dd9bff2694e7c3a6bd3c8935766339aa95d887e313b91f7bdd7d3a273c13693a9c95c1ab72562ae02c04c0498f3338fbc8a05d55ddb5a2dcd2f7a5a3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C
| MD5 | 906e4f19acc66fa8d573efbbd14d9d09 |
| SHA1 | a88cb8307b48372c65086288b6ebb89a070297a8 |
| SHA256 | 9665bac469e9eb7c807e9ae125b85cb0e584d5d942816f1258169cfc1c64b92c |
| SHA512 | cbd7873dbcb7913f4245e99d747abbb3828783d8553c2c89e173f338b36bfddefb2c83357c3724db2032be79f2fe0283af2d38e8aece66a6bfcf572c60f6351e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 685eadb4131c6d54daa8f1ed37120244 |
| SHA1 | 294fd029b8645fbe32fd048e7a9a3e2094692165 |
| SHA256 | feab459d997a592c9df29f97bfcc940ca8cd250661b426378b12aab707d6ce92 |
| SHA512 | 0a0eedbb48310be147c3ac864419eea6056cae980f223d1a18f917bafe3ffd8f58fead9ca73fa211560244fcf213394db7d81adc5fb918e3ddb114e3dc40572d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\0d3d8eb8-20e9-4ea4-b47c-245f77e91c17
| MD5 | fd92abc1a6b8a89fb55902057f4ffb23 |
| SHA1 | 4c6f2067cec03b51dbd44e9677a57a3997a190aa |
| SHA256 | 889e8a826479e543b14d130c4477be5338c47ef0b83f7359a7aafa7bcbad7e2c |
| SHA512 | f284006bb3c0f671e8adc7175260260a7432a6163d7e91089778a48fa6d35759774508e44f1aaee0f2636f4acca31f71f7a61d449e6afbbf3ce07d54fbe5e24c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\protections.sqlite
| MD5 | 49397db0486dc59d607907a086f40c9b |
| SHA1 | 08742ce9db9569062def08e99eea8470702feb7d |
| SHA256 | 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4 |
| SHA512 | fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin
| MD5 | df9060c3deaaf3db78b6629b0dc6e77b |
| SHA1 | 7f00077629aff76464e4570d21aabe0c944c6cc3 |
| SHA256 | 0bf8834f533aca73e4bff7d8431e92a1a1e95818baf9cea85a2d60c8ed41dd49 |
| SHA512 | 026a1d62730af000f8e046794c31d137fb31a178a5d2873534f2133c65390d5180474856deeb8e6ee4d32258b8b74058a25ea7ef8cafc97f03e7489b10103d14 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 707a2f6781129ff295593ec3aa6fdc3e |
| SHA1 | 2b3980b4832c6f0b3faba5ff9729d9c83a8ce7ff |
| SHA256 | 19582fb265bfc2b39f23dc619fc4f73d9ef5a3b33a70e9119d1da9c83fce7d48 |
| SHA512 | f697ef9b2cd3ded4f9c6f39a61577f6b5f6fccc9a960fe63897ee0b77153f7fe1aec462382604785b904afd400c8940daa112673def82f8b6d43737c37cebbdb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 61bef4d4b7affee4e2d51e33f5a16d48 |
| SHA1 | 286d1b064b5d334ed7079edb9dbac613c164a938 |
| SHA256 | 31d0f5898235e9bb6ca25eb2a09295ff234fbb113234e7a51276d1b511350b0f |
| SHA512 | 1340ea1fd1f82d32cba08f4ac218faf6d8836e75f83180ca8db9beac820d65572a165a791f22bea2225ab8efd003d63de8725dde982436e4c247173d9782dde2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js
| MD5 | 4feedd0ba330c4cb5c08a357268d4f91 |
| SHA1 | 08747276d6fa239b2b1b3300e4430f4f4ad5f265 |
| SHA256 | 23ca1678d986618fdbe8ff42b4473c5d9b5791ec1c0125f2561a0e72e84aed3a |
| SHA512 | 30a16ee0cd7a8d724cc16e5e930fa9e98e750a50d3508daf30d7f028626234acdff8604132bc3e562df028c6d5c7617fa748c67c9c23ccad56ae286bf876fce6 |
C:\Windows\INF\netrasa.PNF
| MD5 | 80648b43d233468718d717d10187b68d |
| SHA1 | a1736e8f0e408ce705722ce097d1adb24ebffc45 |
| SHA256 | 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380 |
| SHA512 | eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ae9bd98a60d711c2143bf4c7ea49fd7f |
| SHA1 | ba7b9be8951a64acc7772a34cc895038b0d0c2d9 |
| SHA256 | 876d90275a225c9ad261c74420589fe064920ea8e0da4a11c38de922405fc42e |
| SHA512 | b08a32d94247776fad1430b98f0a89928d2ef11e7f11c4d59812c32e0a1da0548213bd6753804fda02eb081a04ab3a48d176862a44e37cd9f273a5f6c25fcb3d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js
| MD5 | 62cf72f305a7c9d7e91c6a5634fda102 |
| SHA1 | 122b39315ed01526815e188eb0d656253ecb4fa0 |
| SHA256 | 91c226f2f15c80af21a9cea6fe03f021237e6f1d7347a26046c6a9087a7e5ceb |
| SHA512 | 4c135a4103bb9e0a9c842bec35a499be809407388e7741971d8ab458be33c50cfe2f73e91fc5c245b45a96241dd5d4eb4b5b1912ae682fb9d7a68f4d3ad0ee12 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1744413214e9952cea3cddfa7b71ae4c |
| SHA1 | 160e9b5e48571829503f9de5af238ca7bca75a82 |
| SHA256 | 3d6893c46ee5b8033281f25ee4c4fc0b0e711d29533c1a03ffbd851533ef2f7c |
| SHA512 | 2f8df9c89b327de33e45b65cd9d0fc1a6572a5b8f9226f36868ee279497841167d38594925c0d629a01ef62b7b7ac8b33fe5770d8553ba630cf7f6a5e112a99a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ad41e4800bacf6b79c79460c948b88f9 |
| SHA1 | c9eda2c3c080c3e5948cda2c90e59d0c3bd618c8 |
| SHA256 | b82a62ad58cd415f4480030339c93830e68b74ad8fee701f6519491e3a342bf4 |
| SHA512 | d1018bb537f43792a7e70097fdfb973f86799733b68faa67b56863dac6eaa8ef4a64e8d99ca5f87c4e7a0f5b61ffbc085f27c114e795558ac23198b3f51a72ec |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A81C9E234266FF148A256F35BFDE7248FD8C97D3
| MD5 | e60b1f2b07de7852471205c747feb7c9 |
| SHA1 | 543f52a6f6e937eb7f1292fe75a5d6bb8447e60c |
| SHA256 | f00d2dbd297ab39fbfe3722d69713ec0fe2cb364071b349b8e2fb3010e70739c |
| SHA512 | 726502347a82ccc0859ef90e9ff9ef1c58b9628ec7a29bbafa052671dfb532caef36c4472d4c4610823f422bdd25e96e32db25da9989c7b2067e3aae809d287c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 12ae7bc2664a5adf326489395a46f9d9 |
| SHA1 | ef357aa7f21c13d468b54e78dcaf0ed1431a30f9 |
| SHA256 | c5e78d5a0f33f2a29e7cd3700c42dd238e5c5b5f727c9b9dec937678974f081c |
| SHA512 | 03a2c57e06c3cc0f4fc1fd21542db32fa97f8e3bb2c6616ab40b9cdac4fb0e5f3c12c39c56e9bbe5d65b57a302dbab994df2931fb73243197c626de7d289b1e4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\4425
| MD5 | b01b6679488828fcf3dde3551203333f |
| SHA1 | 1193377e642770e4f3d54f6b8afcbbef7303a3b1 |
| SHA256 | 3ea4de45132cc83b70c0c9b4e5cd39c3da2e3a3fbdac1302f6f7776dc4ca64ba |
| SHA512 | 2e62df1c63f3b76a8fe0bde1790cacee6eda0973befc2c2f59f2b05baced38f4bde8f0fcc5fd2012c6043a410ecce1bd07759752a9d6d890b5891bdaa6ce08a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 04bb7a843cb28634453f847a24482ab0 |
| SHA1 | b70a2aa8661fe050cfff8a342ff8b68a50bdfb8f |
| SHA256 | 24febb9630584d9ecfc75956a3f4aed4277711b904d1b50a6c89eafb6b375d38 |
| SHA512 | f5fc0a52090709baf67faa81538860ecb9e9685fdc877fd1699a4ee7fdfedce2f77d8eb811e57d19134cfc18a441a7d93e3ac278b34cf075aa3c8b300d525f8a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f63bb850941b4d97d53a31454c1c7814 |
| SHA1 | af0b54454fbfc1b9d0075eace7a8e5ba19fb4354 |
| SHA256 | 0c15252ed5182050cdf6f94e84adf82ca5e5fc917d1a5cc3ba6dfeff228be14a |
| SHA512 | ac70758422a14622659cbe40fb1ab7cdd43260570c3b44f1f819c595fd8d75c8a5ec5e50f16758ad21fc8de28664de475251425891277ac3b61128c92b3417a0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\52DC50D724CD8CB66E810A1FBCD3A2590B75E5CF
| MD5 | 8b25b1e4f85f0d6733fc03e28787e073 |
| SHA1 | b71a8987c5aad1d43b073f7314278b74ea932d82 |
| SHA256 | 6bf86ec6b324dbf0897c7f3a91930f80d92f9cca3297f072e80b9d32e12ed3e1 |
| SHA512 | 03c3b6f8c70dc10b88e8c584ea14614172c53c227f0b7c235973e1e43047949fcd4bdcd72a8379a7272a7030115b11a396e4e693d48e5da9e4851150b9011c60 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2232182701SeesravbiacteaWDosrgk.sqlite
| MD5 | 5b66fd7d49a21f0eba386cea523aff25 |
| SHA1 | c09d078bbc09731dbd100628db516e3be776428e |
| SHA256 | b30595143be2b263aa1c4f21be3c40082a04213e3ef03ea221d5f2f07c4fd9ef |
| SHA512 | a3dc9e5fef0f76a76ad25b963bda1d76960fa1b1e96f17380e492a3ee6bd52036819d2dccfc835909df9156c1661657bc25d5d7dd1f4418873eb62584178d4b7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\11040
| MD5 | 26e0d95c217c4a2a779800dc48996491 |
| SHA1 | 236b480ff193af01dc7b430a0f0560e942bd5417 |
| SHA256 | acbf01d60cf160d77bc2186e0ff9c718e0cc0210ec4cf30b861aaf6c815605ba |
| SHA512 | a660afa8b1ed98dee6a9920847ff6b1062b1c6008324544589a745ad4cdc810e326f7b5ec646d8b075674cb098d194753773af3531464a5a3d9b01557aa3509e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\21994
| MD5 | 6c679c09f0b63c78b54a93df7cf1408e |
| SHA1 | f013eb644c07cb04716a032cb885893d742fcc3c |
| SHA256 | b25de8648f06cc29753e5e63a95cd699c8c95907fba44d53b45f51e54a83b34b |
| SHA512 | 8993e4580940a403eac97867b0a046736d95dde706cb67a9d1fb4e418411dc9bb2b84e6876c6886d340947458bb0b0a3f8957694d1f5304443bbf1ff7b0dbee3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\2661
| MD5 | c02ed0412464f84f216850f8faedc9fc |
| SHA1 | a5badaec79c18344448c234fb4c307705afe5d81 |
| SHA256 | 5600defde739aea98dc75e57f1227dd271d5dcbcf179df480442d8065457fadb |
| SHA512 | f0230c60e71f2357ad83bbd7a79167310a2266f68dc9de3ce9232de4ef68a271eedd0a0fd49ae35fc8f0b557b95b4dff7782d9a5c2140299ca8ee12a07a46592 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\16131
| MD5 | 9ff506e54f7158e5610a298a6ecd67bd |
| SHA1 | cdcc988ef524830f566020fc8e4eced5469d9a46 |
| SHA256 | 3c4a41d99294c6006bedf08cc39d8fde3d81b8f538697f9479edd228bfe74f89 |
| SHA512 | f92a9a3d03215bcc7eea7aab5d18d592ccec29a9377c794eb20414652ec6659eb3e18b55c5230c4dcf14b0cb4873d69b6258e6f52cba6d255299b2c87edc13ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e447b64d671c8a0de07c8e398940a5f3 |
| SHA1 | 749c70b4ffc918e372e942fca6ad2e1456e52e25 |
| SHA256 | e514ab3243d798d3a408761f8e0af5f3a41a812f93f16a6079637f63c1d5f637 |
| SHA512 | 59cb97a6f3002d3dbe8a0b83731398eaf40a4a6f7abc4bcf4bf8bbc650dee19f4035da5895e5389d544201caa263c52a4f4f89993c79c251a9f24046c41b0204 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\11824
| MD5 | d6a26848f7d2406ecd118dc3ea8afb5e |
| SHA1 | fe6cbb012ff41b8909782e0f68fc3a9529e42229 |
| SHA256 | 1f1372f0d7fbb3f7850f3fece39b7c36d5deeb4f47775dbeae5360680fd305f5 |
| SHA512 | 53259213a5c5480d8bd1a4c54d8c07ef2b2057c99a4ba73618aadf007b004e75e940838bf95ad8973e2378340626127b14f26335df34c5399cd537772bc96d66 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\30857
| MD5 | 9d9f91c3458101be4b786e38e2d3be9d |
| SHA1 | dbfbb9db37a13ae72dd685c464797497373ee9fe |
| SHA256 | b6d9a3ba11466d3feaacb7165ca5aaa7bbfa29d6d7adc37eabee027fce72e35f |
| SHA512 | 4ab6a5a63c3ab49b3fe625fe434410236e93242d74f8c71f85dc53f353f4bdf05ef4f54184e9e9f39ff6628fcf2a4c3d69126e0db16b65f8b95e6f907afa176b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\27591
| MD5 | 698d3061ab39a0922d15e14992991516 |
| SHA1 | 46e7b2658f3647639105b9edde4489b840e64d29 |
| SHA256 | 56e48eadbdff84a2cda16c334f20dc2db298246a8665c27658de0ae36bcad07f |
| SHA512 | 9bda02b39789e9d288d12f1547cc03e2318127256061f8052c2c9c282ede3ee533eef485ef956f1ef909b8b2fd6950e73bd501b9758bf683291b1206ff19bd79 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\DC187FE54FE710997F232E6D8F638C11AD9A82A3
| MD5 | 0bb19602056dfc6e4148f6e0feeaf2a1 |
| SHA1 | a6e13f0b212d6fff90e21d0083c3e1a51657cf66 |
| SHA256 | 9f5cc0a2a2150ca29dafc8cc25f04ac441f66a9c5c26dff417f7f060cf4d5ef6 |
| SHA512 | 3e129da0689c40c3b6288347f02e6f9588bc7d3217690d2aa62c4c0183093dac6a2e2cb1c4d5ef07cec4896584c6872820942ae91fc1d9c02da0b516f05232bc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\C877D66E1FEE4A8F461A686ABF9C6C60C7D3DFA5
| MD5 | 27aee2170fa5bafeaa26b7a751a93f06 |
| SHA1 | 595c103fc879bbd0958ea427be49c64519444d91 |
| SHA256 | ef88b65de3a0d6d4465941a8dd180275967e093211a3ebaa0fdac93db8b132fd |
| SHA512 | c30518087145249765896ce2f026e659598f56508cbe76a59af15a8d6d92615c9681df5d04bc426f1de046b0aa5a8dd37f3a8d8a03a698ed318f48d5ab8a4a78 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\2600
| MD5 | b49b65a9cf8504f95c7e540d4f53ae72 |
| SHA1 | 4ddf6af621cd32947529d9e96c2f5d72750a8f02 |
| SHA256 | f75426b749a4e4451b6b293bb62a1cc238dc4fb29b407d327609552981579bf7 |
| SHA512 | 8d4f79b17004da530e65711c7bdb7f13bf2c67be5c804a6c749795239b7f238a7c2a6309c634b64eb4ba8ed355dc342546b8abeaec1e80c708ec93152ae0409e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8
| MD5 | e255f47d46b785b7802cf7f1bdb15c9d |
| SHA1 | dee2d41d9681a6f269a9783f2a70ba50be028662 |
| SHA256 | 11b59b4539a1da7b4d81f5c99618afe9da27427bc49e201ace7a91ad119a94d4 |
| SHA512 | 4983c29e1c178bcaa2b1d5d211d6333b4d78dedde4456b4ac7cb4903f66d94f36d2fd30a3b1088340614751f01a6d3e06d484840bd3f764448fd24f497d2ad33 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\2186
| MD5 | 5948dcbfb4e09906be11d4d8ad2f7106 |
| SHA1 | 4fe1abb2d0e709edf56129a2658c56ab54e17835 |
| SHA256 | 54798272db0416176ba0c3fdbbf43d33243b204a19876caf33fdda85250ce2de |
| SHA512 | 3ce4c497bef37e8b23cc52184d00ee880a1df80fac1bc543b37ac7657e6aae0aa3d77c692a7b6a52cd753e97a15957339b25132e6c0cf29f80f7b80c6502a1c3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\5115
| MD5 | c71c137ba8a6ee8793016c535e239d22 |
| SHA1 | 6c8bd6651a5ad8ceb790f545d2564e6635762df2 |
| SHA256 | d0f8fa3ebd0b2c262c8aba353db6724a287c597db556cb8bb2ad7b79ba273cd4 |
| SHA512 | 4b1452d2751cd002aafa6503a28e3bf0fc52e07ab9a1e7519e47c8e5534750279e32d6d9a384d1c8cb025a90d292c53fde69f64e677c2c78b1416f5de1866581 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\25765
| MD5 | 0797724e46172a37d2befba68a421ae0 |
| SHA1 | 96969cd77f8629560bf5c74eb1905277b2d49ab0 |
| SHA256 | 5e0de22fcdab3e12fa0f1eb3dbcac0e24f3cd3f6aedb1dba1f8b500e8db880cf |
| SHA512 | 1f262710c3986b5fcda5580881fd2dd6be9315afa2c87ddaafaa570404d14b99e096de9ca7b2fe26dc60b152529b1511cf30d5d20e85652f223a1e1cab1251aa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\27796
| MD5 | 5a11c29fe32027793adfb48bedb71b9d |
| SHA1 | c69722eae19f680c86d0ef62e28628148ce91ce1 |
| SHA256 | 48dbf9df05ab418ab18739265e0e27c308493cb6569d1aa4e5976c6da10d7ae5 |
| SHA512 | 9303e4a325e8b7400cfccc72a807250428f030610f5032735d938c6a276b583b0c9d0494da070695d396c50a34b2b5c3c787b19a2caaf5d46163ab62365f048a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\FBC042FB2FCEFAA2003FCE2B476862CF5DEED816
| MD5 | a297a161b757d2bdf197203090530613 |
| SHA1 | dd35184bc1595068f1c8382b2e0584b9f094e6da |
| SHA256 | 7b67d52e14dac3ffc731f74d3a40e0223b148410ebe50d416bdb6e7f2f20decf |
| SHA512 | f3a45759069edbfdc7244177532a402940388cfab31737cbeca0d2ab49de9f33a517e6ee096a624243f7028c3f2ef9028f2e3905634767e093c959286045fe72 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\D11B9A2B8549A432F2C447A448471D7A283727C8
| MD5 | bf3be08aabb6cb95665e744359ece431 |
| SHA1 | e5cd33999528cc04ef4f1e9698057b0788d4d1a5 |
| SHA256 | 082471dd7c7b9e1b5ba8622aed01b2089e34753561db33184483a4b02ba67752 |
| SHA512 | b3f24bbfb8802924b644144cab6e5c219e65d1caf5404eab2f693c3667b07b463992bf3a40454e9ab2e0816645f846a22c90de9bafe04176b544a4610042012f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\19163
| MD5 | 7d7d45d0b3f3544d264ef412930f4e56 |
| SHA1 | b76d960abf0f6f35c7a0f2b5df6f752e96c6467a |
| SHA256 | 54cf124fccd2c5060c8aa906a721dd952e363624f2efa4045db30a503e0158dd |
| SHA512 | 9dee67918b5bc65805c0d15c2904508abf0266665967b28f80027b37b694c14aefd59b347acfde5761b18195ff26ea48b125ea293c30db29a8307d6c310a47f3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\E619D502D0DC2B10837AD54328D8DD4D36017B24
| MD5 | 48fec75e9b6dfbb851ef531b43d95c10 |
| SHA1 | e24d0aae59f98850401dc5dd943017a5465e31b5 |
| SHA256 | 0fb900c36b00e2fade356bbf8e3e3e1a038a7aeac9a2e7a80eee86e2b1f34173 |
| SHA512 | c3327e8fb7ec570d9bd70026543998c538e23ce718f992a58f2e7077f04b68376d299f981f6a8d610de9657c9b730bf2b69dc033d2a041c40a7328dc8cf2a3e3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 94920963406c4319abfd6f251939e411 |
| SHA1 | 02755b684f1110d652225b452ceb9c30fe8b369e |
| SHA256 | 177b548efdc023f9bf6cbe36bfd23539e218d284e60a335852dbb20c2e69d6b7 |
| SHA512 | 1ee59970638abaab13bde37b28f418cd81697b495ed95f4645682b46569ce7faf528da362fd336ebd473db7cc69f3a05e2223791a4315b997e791065e4daa6c7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\9A64E8724C1211D2D90AA8801B0A6333A4BB18F8
| MD5 | 6e8eb8f51955bc970a8e3e8f2b6abd15 |
| SHA1 | 1de80d1677b84ef57bd8eb689f6f89aa51a869f8 |
| SHA256 | 7c367ea5fec244515f64b320a740f4580512fede37455ba135b95919267eb552 |
| SHA512 | f6ad9f4c49bee0c601135073e5a935924af2de0be7f99a5b3ae02e0ca25ddc6075f937719ae7c4a5c1a7102a8090ad67a9bf0dbf31ed8947f469ed0a925e7e3c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\208C84025BCF634523BC7E8F87BB4CA4F01C1EF0
| MD5 | 2fc411be5115088857857f0e3c98b6f4 |
| SHA1 | 601528c05582269d769a84d1534602c5029b82dd |
| SHA256 | b60a74fd50e07f571906b9622cee593f2ab5dbdf93fac80da984afc2b6f109f4 |
| SHA512 | 49f3073cb801ccd1d0937a9ef65822705953bf6c7cd15e2b6330ef7a9ea265ac87c0c25456f43645b161872a4fc877a4fd9d0b61651b4014d55f49d504237232 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9006
| MD5 | 32f6dc5eb75eefdf0e1b4fdcba18ff96 |
| SHA1 | 9b28b946e58819fd318a53985215c2fab124d432 |
| SHA256 | 5bb1c5709ea228b976191221b0a046d27cda75ffcff562ab3ff95b4e9c594c00 |
| SHA512 | 4b5f34fd4f3c981f59271e95b6064b33060fd28c3eefa8d6b851f59c3a277464e2c77451cbe768000db0d099b91443435633b2fec9bdb1f8d2c0052b12005154 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\14346
| MD5 | 4495074a3798ccf220ff4882dbc933b9 |
| SHA1 | 5670c3970a04d38be4ed39b875008751b4b658cd |
| SHA256 | 8d9fe002418631044b3e73f322d12776d23234f6ebdf6874a4fc135a041433fc |
| SHA512 | 4690d778e429921d46a82c71d475ba9759927f50fca6953c74e5eae94fd31d8f89c2b6f7fae0776b7bcd71e66555b2a7926954e2f1f0b05a91c62b152e508f69 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\18242
| MD5 | 3476157683f5ab29a4917b7b8f425c15 |
| SHA1 | df4e5e9f50d89cdb3c342a77c009d78327137229 |
| SHA256 | 8ee36c42a80fbdd500acb95a0022edd4824e9c3a02df80f36687e7cc7d2b706a |
| SHA512 | c69e87a27aeb7e804b54827b3d75ccaacbca009a4197b40a0728fdefd5f281f8cb766be6048bf8160268d43eebe9fa0426fee0b39b5aa087009f63bc93dde3aa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026
| MD5 | 134c3b2d9dc6c1b190b52f8ca3dd6136 |
| SHA1 | 6dc981a381a9b998f4067203ef881edd5506db16 |
| SHA256 | 806b6cf82c56c7966550290a2cd4bd7eb556ba0c14ebfeeb59c880cefd825776 |
| SHA512 | fd57dcc1bb49de9faeee51e8fc2750b09877961b482d88da3dc96d389701b0616e4154d474ef614665d298e89c8aacf4cce6ae010e7e98c108154868e328daa8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9f8016da9b58223b637cf605b1a65852 |
| SHA1 | 6546c674070c02a6d2af98882a12edae4966a7ea |
| SHA256 | 6ffb060668ffa822cb206c417c999fd23b7acf01b015d14531a74a262dc633fb |
| SHA512 | 22abe77af4fa6ca1fbdb57e8e09c23fab75b6051cb161634a840fe7257e4e7b3f2fd071d00760288fbd0d152058561bd3da64df15f17e5aac1be123712274a71 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\29032
| MD5 | 7d83c11107c9dfcb4dfc9004f5ed069f |
| SHA1 | 1269667b307455dbaf0f030573f74fce5073506a |
| SHA256 | 1f77bd5084bbfcc588d1b80955968ef63b2ca18dc90fab81e858e89d6d5f8b5c |
| SHA512 | cfee1578c19fd4da756e7ff14e1c8b93edce8fb09e5a5c3627dad521ac44c10045f7d429f8af0aceec0e33785bf703ff5b740286bef7168322c45529e340e0b9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\16790
| MD5 | 7984cd41bf7328a00d44678d9cdbd716 |
| SHA1 | bc4adb8332c20d5db5dd2ea882aa5ae8c1c40ee6 |
| SHA256 | 2943b6701a5167ab5ad5a91ee3fec0c6f4062a9f939a77e26685bacf90bffdc9 |
| SHA512 | 83a08a42b71f401c8a17daec9a597f2cff5fbc499c5a1171baf2121657bbc7200218968b3e81bf23cd97c6cd3d53e43e0d449e406573610343f6ea967dc207ad |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\810
| MD5 | 4a6e286940c87c08eb73402edd76b9f7 |
| SHA1 | 260173e3344be1a4f67d60a8cb953569941e5bcf |
| SHA256 | 66e44bdd4f1b73d0573945f4af8b0b4b844cb0a582bfdb3023f98ceac5520ccf |
| SHA512 | 1994f525b081b26839120d35ee60430ec946ef2e558158ee4a8e127b83eab6abfa3b8b4ab04e6e6c524f62fc6f8bbde582fcb662c16c0a2bf6df26005d4512da |
C:\Users\Admin\Downloads\BonziBuddy-master.csSHAYEs.zip.part
| MD5 | 74413fd9206eec5be4e3c7149e8be71b |
| SHA1 | 18cef36b3b675ec1e8dab4f7c0b27c9d09ad8905 |
| SHA256 | 0fa5c73b1d774484a1720f34d3a6fb5c6383582ebc2c949af27d6a9acab3976a |
| SHA512 | c64a12f6ef11d685c810e0482b3ab65813aa01c865faecb58ab9ee8c13405f0351c73aa5b1db953833fe21efd6772c22e499b7a5a77baff06a902a53f1689350 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c820ec167f0b42f063e9e86dfa3ed39f |
| SHA1 | 1c09ba754c37eda5b5968526604fb67a11dc708c |
| SHA256 | 18381218e0f7a48d7004e0414ab86d770aea1d0a2aa0f40ec476db66054e1b7a |
| SHA512 | 09b061f604b49846de2dcb43b461abcee14951473520e4e4b27ea33ebedd2c3f32b4334212698686cfdb7881b670e2e1bba91298f83c475e4b51daa7ec6e2c19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\22aed011-6ff8-41bb-80ff-a2963d67a88d
| MD5 | a6741c8f7b72b8112e3bc67ad9dc19d9 |
| SHA1 | e13e24ee50f861a1de8cda96a831513766b239f0 |
| SHA256 | 62a1a31338af63ce3ac47c6c37ec3adc8afea315e7293376454030882dd88efd |
| SHA512 | 2387b82bc38b0f28673e10c5f6aebe28cc35f5569c5ba3f59cb90674a9abcc6f3d3443e0aecf7f0ec7ac0020c260c541f65578644c0d0f7d968c54b0b8023181 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\85754da2-29a4-4462-8c2a-59fb9f50f5ec
| MD5 | 46083d5d6f941a863d94a0356b270e59 |
| SHA1 | 45ea0b21ea4684b36a3a0cddd714333b51d323e7 |
| SHA256 | 35e13a34ecad2b247d1228c1d3ac577636e4fd600d62d776c43418b8488c3d6b |
| SHA512 | 98670f58d5a69c8f5dc41cfcfcd0b7f0e141a7d17d868def92fa44713ac9104e42101c0030c31e55c04e831e6e5102cc46c4930527bbbcc6053199b7c479afc6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f0d5043f5a3c98085839fd3f0794e7df |
| SHA1 | 4dd0fb348f195a28ca2be86406c92134cd24e1e0 |
| SHA256 | 362de62b1a8474a5c7aac862230d3ad86b59168d349b05d4f9720e8d84089a57 |
| SHA512 | 9116b714883967414ed2460cc97b1b5a3893a5249c494c6fe93d5bc0a791f62aa06faf4161f58c589c76cfa8bbee80e789305cb261efe7b07bba1204a3094e2e |
C:\Users\Admin\AppData\Local\Temp\~DF0BCD5E8EEEB51288.TMP
| MD5 | 5a08eb5df02d3fd7e91a0bec36251445 |
| SHA1 | 171ea61eb1f9863e409d4bc640367708e1e0c714 |
| SHA256 | 579db4ed9096eb1b01aacf7a2cb88d9c1f143f8928b8d60204e42ceaa4cdf946 |
| SHA512 | bdb9c7f6f141a79f21b5f2f49c82f54365c0bdabdd2545f7355409a429d0dfe0eee6e28329ba086beb4c38041842b5a91a81ad77582c8b234144bf6f0044409b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\32222
| MD5 | ce31d6023f09a8c473b4264a9819996e |
| SHA1 | a7d23421b63e58891e558f9d3d74b9f3dd1bb603 |
| SHA256 | c90ec473f0305bd78437f9a6b4975f457bddab9e2fdac4e429b54085aeb903d8 |
| SHA512 | 78fbc5705e147265f039e25d47478188e006c8f61465d7df82126130fb4d818c00c29c24bafcfd7a6b571799f6dc7d10f36437c25e500fe577ddc0b5e55df946 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\24143
| MD5 | 9e40a47c0b0aa210627f446df97dd591 |
| SHA1 | d96985ee551fd7e5f2f60ae027abba4ffa5ce777 |
| SHA256 | 05d7aa6139f318efea62ebf99cbed515bc37816c62213b1e918bbdd3ad20698a |
| SHA512 | 64ca00d3f81afa25624c24fe590f5c0781a50e3cb5d1fd970750f9c8c5a99ac455efd910543cd87eb1934e5cf95695b277f647271897dc321602b09439659650 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\30338
| MD5 | c14083f42b89e5be324658970a3b9c74 |
| SHA1 | 07eda9d20f594330640ae13ead721fcc3537b371 |
| SHA256 | cf9260a41a502c4746409bc422e503eb60fae5fa62285c4fce41b87021723b4b |
| SHA512 | 6784a14478528c39d3695e8d1e0a1aeb6c5c0f4f7dafdabbde6ef5bf789cdd31c6b42628651515ec20afcc2cd531503e6486f136ee7160eac5f69c3ee2afe68d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\28088
| MD5 | f9262a1e264889e2bfe2017724c3480c |
| SHA1 | 8660bcb07d46180a56c8905f6c7cdb86724923d1 |
| SHA256 | 3358f252ffe8b615111058e9d37fa002282da9d7527c3fa7fb57f4cf94ac04c8 |
| SHA512 | 00a3b03bf5b2ebea21a6f6d27d8172da69a559b71ee8fdfeb78bad8aa5b40acad81d67f6adb064ee7ab6bdf1dd1523c089997eaf17096bfa7cd9f1341a9d448f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE
| MD5 | b70007038833fbe2e62a8780921d7f3d |
| SHA1 | 012e99da5e9470d682f087a86bc5571e58df08a8 |
| SHA256 | 977457102e9bcaffcd1b94dabbfeccd29cafc218250a323b92cee153972c8a14 |
| SHA512 | 1b4e02d2569cf0b01e51f0f17f6937384f4be9ad0d9d75adaf07032ebd1f692792abb71204be24a92aad3833982f0c2b4a175b0fde19cd84778467cd4b31607a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\8CC28CB66FF7A9A0291587833D7EAB5881A6E993
| MD5 | 4edd1ea7896c1ceeaf66d86ec33b7225 |
| SHA1 | 40cedc7bd8545bd5e7ab8543787021da0b76637c |
| SHA256 | 8d61d3cdb3eaf3d6f528c8fef191533e4cc26f1e9fef4e74dd78cf05fb47640c |
| SHA512 | 703c6364dbe1acdaf7ba3f73f002fd40f8c6e0b9b0841c14cdb64a303f440aaf216a77802be7f3fa2abcb8b9ab4fcf1451d3ce8537be30a4f413e7d1b31a962a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\AA9BF27E71250D09BBFB7F2AABCFE51E4D4CD187
| MD5 | 4bdf28e916c9e7a8fe8383c813c51eb6 |
| SHA1 | 072a51af196d39c677a5b09461bdd96b6b9b1911 |
| SHA256 | e46307908f9541c04328a865ddb2e4dfe9510459df679d6af7596596c25627c0 |
| SHA512 | 7f7d5bcf1a00a88458fa35b9de6a264340f789e7feb8d9b00979733edabe9dade418e58053e4b0c56cd4a276018c3fce34b6b3559f6390dfc647d39fa2a9fd5e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\ECC3BD59412EF800159A3A1EC14F0A77FF913CE8
| MD5 | fb3fc71e102474a2ae5c3ce3bebb9ed3 |
| SHA1 | ccb879c5158115eba567f7b084573f9ebc7bf2e6 |
| SHA256 | 8ad339723a939df6e35670f85dca5ec769ae251b75992298f96c57f3268adaf9 |
| SHA512 | 740cbc85f2d49b2d5e6bf2024aabb9afe962b51af58408a3f9dc02824076c28ef19e8b61fd9ffda78d7454e1715f962f3f97519bf08ff04c79904443dbd2f103 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\C40A671DDC0E0D1E51773C34A7BCCB0020C7FC14
| MD5 | 27a1727a6d5be3be06946d271e309e3e |
| SHA1 | f57edde94465c8edb01346fb3fd60ec356abbd0c |
| SHA256 | 6fd5892d028c048fe62d5145caefd4bd16642838e82e71a037f5f91e20465afb |
| SHA512 | c69ca68d50a0096d784c8ded00670cec242f29869baf5038e444f5b1d279674800d34af85b15b70c04247840fc49ec1f7d77cfbaefc00db6872d9c0de7fba50a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\0430F7679082E5C9E37DAEB9E7203105F9DE6E1D
| MD5 | 082e02ff6119817c2a6ff2874f288c43 |
| SHA1 | 73d249db4f1a8664371c9ca218868278c9813ccf |
| SHA256 | f0d2b72176164778431ef2ad7054f294fbc88c37b8a3523b1bcac9ad7b24e598 |
| SHA512 | 2ab6bd2ae25b422f53fa11cda8d43eb34bc91cf725f9120b1630cb24441f5b4d4828d4b114dfcbde2b344a319f03ada4a49c59fcee2d7f58fbb8ecbc9526164f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\DC8A1DAD028AB77D5CA52835694336803CF7EF10
| MD5 | 6a90ec373288e107321c9e123369f155 |
| SHA1 | 1b3906a65f74b9f874cd111767eaf74bb0291246 |
| SHA256 | ed8dafed2284562b8386043c6c89d9f14488e3e780b4cb2b4ba284c1b9df43fa |
| SHA512 | 09aa0ad5d3e1b0f50bba2d187ae92920873abcbd4a4775ec0f01b4739e34304ff509096616ed683d50858cb451254b68ffa6b118926e5e418efee306520351f4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A9CD5DF22D46370F6F1959092BFCF5F2851A2662
| MD5 | 30296c6b50c43599792888e779597071 |
| SHA1 | 71a8f2c1cfefe5ac612b6414f8d42f192142cb9f |
| SHA256 | c8e8722ac88398d1998c2217551539e793533e99a1077f46e823d2d8e14a5b74 |
| SHA512 | 3ad177952e87725ab950f69b662dfba88d2349e493cf6a82378b282334e81ab474f24a3e4ec464a48e68288ec09e96e71ff4ab21b1f3488ddf051e3c4fe7e67e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\67C899E255FAB3E005640983DEF132290EEAF453
| MD5 | 118ca5bb92c3d35a4db59e21ff8a4c1a |
| SHA1 | 65b2c0f53d4f454fa94fd65baa7410e08a266588 |
| SHA256 | 5554ed3811770b1bf48410894cd971e081dc14fb3e67e8475952d31834842ea5 |
| SHA512 | f2f822426ebe15ad0f42f5df47e7fed7d0723315f01bbf9d274bf4dfa72eae91cc41e62060ef7d6e983e371f9bea98c3fa3c1db7c9886141b8a5763f1444a7e1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\1FF4F1FD80623A3AEAABCD6503E241DC2F3E2291
| MD5 | 238912eb327e0fa5232d41c25feb3c80 |
| SHA1 | 42706d12e6efbee570526d48ae23ed8153585299 |
| SHA256 | 9fb83d3f350677b64e0ca88cccc9a336a84eefccb6111717d751396b9bdd6642 |
| SHA512 | 3fdd640536503474d8fe5d4491da970a4dd5972a1b3aaaf7abd8a4ba9ca5e80fc37a41a18edab75457c1ea325f8aed05808d5b11f3faa2907259697e0b9e9e18 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\175FC1F27DF5030D57F8D0FF3A5E0CD7039CB332
| MD5 | 801079106097876cb064e5955dec2cc0 |
| SHA1 | da7afdb26a3d19068e403401ae241aa0c672347e |
| SHA256 | cca54ef2c50d1b3c525a34a09688d5b18b567841ed9804d87af1aaca15f109c2 |
| SHA512 | 6f266568a7554aa8d8276856e3920931de0b1076137f1f94f0e60ab4fe2bc12d95aacfab2a6e99ca9d80f8a3d49020106e349ee8363aa0e59aac015d13f8fd4b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\61A78EA45604A0A23BECE0A69B0255A2DE19B805
| MD5 | eb02e5f68fac312922af3b59d7fc1f44 |
| SHA1 | 52834921e5ca099f286a5624d3d99dce0de2191f |
| SHA256 | 0059238668fcf21632c00d90f8de43100647602f9f15bc55dba993711f33ce44 |
| SHA512 | 048b5d8f1c3ae5da842c703cffe86402fa3bf6950cfb2df4519f33b41051be823729725aa2ab0c555b7a2ebc6146fe7f8648fd7b00738058804c5e9260b4e490 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 949d84791a60f625e3b70ab1ed6b5da1 |
| SHA1 | def48878465fda09d5061a1e6ae007307ec4ebd7 |
| SHA256 | d0cb42778e8f20da52828abb43fdfe6a00623b56e2b4b7fa33c3f9401775d009 |
| SHA512 | 1297fbb96fef45deba0ad81efaaa4935308029dbeec13bf45f527958dc29e4c6929aabeb388b5d53e5e9f019d761c8f35175a6e964d879fb32cb4fb68ac68126 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\jumpListCache\SxPk0PvcVCNbCCciQLnZfQ==.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8a6e6e3526b26200cea10c29137b20b5 |
| SHA1 | 2d29ddfada07ad277c1e813dbcdce8342bbcef7d |
| SHA256 | 5e9f0e6f79d46704f4b6eed632fd1ecc6aefc283cdb2c1b0805b41f9afcf9a9e |
| SHA512 | c16e3aee87bf21eee8ff82a54baf379219fc3d2e8e6ab7b7778febfa57ad7bb375f2abfb1ed47d6de0f7fccf5e233397bb5838b58be7c4db325f9569dc9fd0ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A29388F5DB059DBFE3C6D4ACB2CED35D1353E915
| MD5 | 6e5d65d054aad55d3a80312a9ec47139 |
| SHA1 | 90c11672444cba4178d184d8b7b5ca35660abbfa |
| SHA256 | 8a18dd131d2dd40c04085d3d6461d7bbc8094501aa3b51c3ba8c6b7747f594cc |
| SHA512 | e98f76e06814f8150f1fbddcf6c694314c636a32dd4d46c62fd806e85a810200cecd4fbc547ade974991d11740c4f232f300cef276271e7343835b85bd933a92 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F
| MD5 | 6e28633deb4d75f90f133ff6926b637e |
| SHA1 | d2e1d4c3e1af78f14f2f9d4c926be6954eb3237a |
| SHA256 | 7d13c8682297924fcc3e6ef4c2fd02aa7e7186e9bbf4ed79e8d371b254d5518e |
| SHA512 | 9daa4aebfec91b1ccf6cc348b533f05e42d7842034790c67442232c122be0541b15d272b9f3924f27e66dd374c63ba47c155cdc8fdb1066ce14ad1ad7ada19a2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\15094
| MD5 | 6057843d599bcc37e9c3b82b5251958e |
| SHA1 | bb9fc1968e502c96bcd4d9648d03e182df490d29 |
| SHA256 | 992598bcb4aa2985c0eb1ca566385381b0a72cce0dbc2f2bf9bc4a4ff4df1495 |
| SHA512 | 9bcd03105c13b142622c461418efbade106a800053509733722e23fb56b476d6dc2b7a109c5336dee7238db1b7db2ab1225df48ded6ba4849c38d1f3ebb1583e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\4578
| MD5 | 0263b17fc6eece0e456fba0979c4d0ea |
| SHA1 | 54034590b728df8988ede1c546b2fecd21c7ac40 |
| SHA256 | ede9543a0a83ca748d8f3c11808d51ffca02ee0cbf7af177403d1224434da643 |
| SHA512 | 6d0c2451734f4d2db363b9a91e26497c6a996fcb193cfc44b1411d550421e1ea6eed0b9d2565a6a6e0e8d83d70d5d1a78dddb9281affedbac1471754735b1d49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\8451
| MD5 | 8a608020239a779a306dc3c078c1cf1b |
| SHA1 | abb0ed684044020b86d2f19f515990d86e4c9b71 |
| SHA256 | f8338c5185a01bfe61b4ca364ddb7d23d8d1893f92d456831aa15f1f62f06f9b |
| SHA512 | d7900e5df6559e424b91c7078f927633371dfe7f81f5cef442f345532c57e7c1a5cd2bd73e6827ad77c94533ba3888e4477f9ef328590b50a57e1e0b7287fdca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2c55adab95ae359cc3dfb8a1087cb4ea |
| SHA1 | cefe7178af578dfd53ecf39d8f1292b4799368b3 |
| SHA256 | 1945396def145038bcaffc320caea1399d8784a909e1a427b7fb7ce7f6d27b5e |
| SHA512 | d07edb901c42d4bc5cde196fbfdc91509768a45b143ffb1c4ef643f0aff786baac805df6ac0ba9a44da82add311ab1821a777c1db35c7b490d7ed7e7cbe804de |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9892
| MD5 | a87ae865b5a52e4283e44d0bb972d0f1 |
| SHA1 | 4071ff9dcf38d6842a0a1d17bc78782cad473683 |
| SHA256 | cbc66fb81a896aaeb162bd7bf79db378913f45816bdae3aa874579ff0f099969 |
| SHA512 | 8bf80c0e9a311dc7e6386cb3bbd84273a082e50605d3292885d772b17d861a8b1265b6a27481402beeb2eabe4b20a6807de61aa672cdc75c2c6dadeea4797262 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\F460F38EEB86AAA3F2FB98CA4FB94A62D6EC0DFF
| MD5 | 6616d4c727246793fc044ef488398bd0 |
| SHA1 | aa9338d0909e1dd871853962a5d93ac1fb77b38e |
| SHA256 | dbf67173ac7e607f13f91ed05e647c02b5aa93582d4677eed656ccff41fdcf77 |
| SHA512 | b5f76f0dfce7db80fb094af184550ed5c4117a9acc389b7a90578adf81fc21863ae5ad12c539b6fa46ab80e62924c3df9e75e34514eeca2ddfa898af528028d4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B
| MD5 | 17c299f1dfca4813aceff4541d9fbca0 |
| SHA1 | 2239d97b1c03477a21527b272b3f777759c778d6 |
| SHA256 | 941cbbad43406195e9a3dea36de1ca36610c77db7dba20dffc3034c2c0afe96f |
| SHA512 | 3ddfb5dfc6f9196ce003c86f2e75fd67d1c828d5da5476a89097aa5bd8982cf59dfd1d14ae6f1436531cabe1e3e4f476e8d7577ac89b01943f6bf5cd4913a621 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\51A07BE55B1DDF58CE5FA5017F75B228788F50B6
| MD5 | 123bb19f6cf114d78b8e54b8fb76172e |
| SHA1 | 63e0eb3a4427347ccab86c7842c6d47b4e83ea2f |
| SHA256 | ace990da2167e0af47a4d2edb567010b419ed1bb7a25cd04e4b02cb99f40d7c3 |
| SHA512 | bd2b32420f2847490f0b62f7cabed435e1ee87e21ac0c225c71301364ae7316482c12a20b91425bf70c9978dd6e1b9c853ab099822cf45c49278f5c656a1e8f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\7D392A66986D1D9F40A8D15A3B14398C1756402C
| MD5 | 7e81d13f88838a717a07c5b270ada6bf |
| SHA1 | d464813e75e32d8f4ada00c1300025b1d424ddce |
| SHA256 | 32497ef529afa65923c861947ae71a7cdc1cd10af8dccae894dbdda1b68017b1 |
| SHA512 | 01467e71390b1522c2249f87742eefe93031d4ec26873d1a0198d9f15a9df3069598c7b27f5dbda5a6728012df91efcd4a6d702030aaa4aaf6d2ba30acd2c765 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\03E630A9C89267E2D5226827C869A4081E15B69D
| MD5 | 2e5a0103f1ca1a8d11f245a2dfb171b0 |
| SHA1 | 8c8be94519808aca7ee6fc6a7b88fcc6072599cc |
| SHA256 | 9f36e3fdb87775d4da955ba5f43264636a757c395c288aa9638d5e83a4b3c97b |
| SHA512 | 94c95a7277e3c951d7082b05cd6b266e94adf6700ade0cadb08e1b82c46aa9f64a96d8340883206fc584fa1d6f01669eb0307c12eb0d4bff01b80bcde3b293eb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A3278E98BFE23FBA69EDE5E7EB2D02FC58E6DE07
| MD5 | 45f620c544497cad23b5cdde089d28b2 |
| SHA1 | fe177fb2e08edb4eda836d859893aa57e0828630 |
| SHA256 | 1a8b854d8298d8c69ccce6d380ea10b942efb531f71c698643018d9879e056c3 |
| SHA512 | 039bad415b1bdd657ffac400cec702c17fed05776b6bd313aa937b6179f16b07bd2d99f392617c57cd4620e7539aa66a2ade57593354f827db3f86ca3b095af8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\70D12BCE1442B63F8FAC6EEEEAE17D0905807FE1
| MD5 | d6c05edbebffe47f77628759f00fcdeb |
| SHA1 | aff0ae302d992fcf940546f2f1f8b8774f72b4ec |
| SHA256 | 351f09e6a0d881b69107ec03b6e17e054a43f462e19036130f26ab823665555d |
| SHA512 | 19754dc07cd4576baaab22eafb6f0b5b10c7df0634b16b0d768a4cede54fb4f3adb4bec3ec9c3f7ff7898eb5f3e2af8835a8370f893a70cb1862cc963eb5b73a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\2745
| MD5 | 4754fd3fa185ead7dfc79d0ec0b439d1 |
| SHA1 | 25d1bcd43a092d0836529724ee88ba3b05cc785c |
| SHA256 | d8859cc4ef5b98419ea4cd559401af4375a51d72a1b197befc4c2ac4d1584bce |
| SHA512 | 59117b922ff5f7148b96ac43d2c9ac73e760679255bf34b85761ae36c3090a419538149b7decd62c868dcd406ae3995a5abdc5b81e609577891d9c0d35fcde29 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9164
| MD5 | be4299ef261321fa422f4fba9c5fa486 |
| SHA1 | 5c2959ec9259cb2fca7d04b9e9541f0af9883357 |
| SHA256 | cb8dadad43c527f941f5b9dc1b7708024041ab355a1646e520efc5aa3bf38c7a |
| SHA512 | 855f2b560242094bf537a6296f2caa7d009c35d89b37a1527db22981ab4d6abfe5cf68f0f99d3f435b0a94dd13814aa73b36332fcb31392e0775845aba10a92b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\16415
| MD5 | ac01ee9de5b1b122294bf51f8a652e99 |
| SHA1 | 3db7733743c2f4c6b16e32a55c32ca77b8216ec0 |
| SHA256 | c0ae967486edca59a72f16928e93dcdfd6d11537e21e3790f7fd54caa88a6e69 |
| SHA512 | 04a0b63718badb8a84eaa23b079525cc4bae3a8c1ca58bbc3f28ba1537565e17fcf17418672295e1b1448928a8b0e459a4fa3cf0e1ad93ccc432fe7ee5d96496 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9322
| MD5 | eec0e3f8b3cecf7438324f97388bf47e |
| SHA1 | 4956bf84877b6b6515ba49d37e8b6611ef239acf |
| SHA256 | 7127e3576bb94947e30582a3673dd0b8aedcadca8b870113a1c43f6989f4a583 |
| SHA512 | acdb955e5dce107fc84acb844cad0dfe52e0de46b01361a8eb13f0eb4489763b5f72a7d85fdf73eeae39119c7bc3f5ac56569ea55370ebe9781828f786ab9e96 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js
| MD5 | 2e746ed485edf56362c254d2d75e90fa |
| SHA1 | 83a02e58b2e536ebc710486f882c422904aae763 |
| SHA256 | 367e98fd1d9f9fa21f89cea1b4e86cf98e172c13841530fc3ef02bd2826bcbd3 |
| SHA512 | ca9f859e8e9fadacebb431393fc8854f0e6afb500a24cbd197fd1565e0b7ec7b67ab9d857a1f9566cd539be3570bbfe38644738feb4878c3617198cf304b22fa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js
| MD5 | d385d299101c0ad321c239db3fc3b9bb |
| SHA1 | 8703d2855aa8c02f188890ada515403786ea9e30 |
| SHA256 | d9d93e129a0f8832a8020ce2358a93d46b9856ee6a254b56d1a0b136664f98ce |
| SHA512 | c2617db0b7e5cfa372546c90a9965fb6eb447782000e58b28a3c530bf1eb1b2a1fede6c8537dce08b42a0f5f97b175d4f039d4eed516091ffb13a8f0aae06bc0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d8aece256db79d998c76be9b05994f16 |
| SHA1 | ed61caf21e65595690fab22e39ddc3a03fd05496 |
| SHA256 | e67f9137bd7608e19b9ea369d386308350344bfefd5df8a5614c55cf92a6a669 |
| SHA512 | 1dbab8f83989ce4f5df5810fac5a5626d6d803e8676a3a649315b8c696405a7638ce0f4d14ab0abebb5367b80116d953c022a5b5b7c35e26313048d7c64f1bb8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\B2ACB154D5026C7929D340EC4FB3531EFD79D77C
| MD5 | 1ef2cd9ee38e919e01ca647cca04a870 |
| SHA1 | 31042b8dbc385cd99ef9ed88b579bd284ccf85c4 |
| SHA256 | ce5ffe9cfa89a5c7ad18ec5aeca8129709a898383623ab12950017541658d921 |
| SHA512 | 460e56b54704943ccbbe36a700b63f61d5df7f818c0c9666e8c58440b39a98234731a20996db0d99e4ac505e2a538bfc90122286f8b3ab29d3fcaad2a9b31767 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\FCCF9F0E55F8A5EAA3AC9784D9197A9389F2018A
| MD5 | 481ab28509a29178c01eda81e405dae2 |
| SHA1 | 06065630f7a2f228e13d2e5f49aa4df3bc96d313 |
| SHA256 | 9c39cc9df2fecc6adad555c701f7128f9fd90793004eca3c7bac2dcf730591a6 |
| SHA512 | 83a92a51de136e92830faea4687016d20d279e735bf49f69ee41b4754a02cd494828e98f5529472ab1cf8d2612d55961cdb55c1b1558aaddd9d059f3e246b14d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4725dbecba1254e6e428933258ac7344 |
| SHA1 | 90201bce6dc48eaaeee6f624f5367cbb6369ce1c |
| SHA256 | 41ebf63360aa6037045b1b8d26ac69ec2ffff834ebe1ebe934f251dc13491d9b |
| SHA512 | 044cf67186f2895a5f579fc62efdc8129bb6d92331d9be1be0e2386171db33d7f797e87351c45d6e9f8357115e46b657ae8fd7443bdfeb7f759412997efd93fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d30541b95b242804373a55137a503f01 |
| SHA1 | b70cc1bb80bde677b1bb35d44789c38541d60b4e |
| SHA256 | bec4821343fd83952703c4ccec57c31e6365e771831bf7977d5b63f1464fead3 |
| SHA512 | 62f111431d100a359a033cfba29ddbb05693b41ee45c2cc5744ffa63b13675747efb90af276784259d5a952b783e8db3e31d0310bcfb60a503584b35b2bdac96 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ad412eb7af4c5807287d18bffb333aea |
| SHA1 | 3f6a1d842ced7ac3aca6d30923641806ce6bf329 |
| SHA256 | da12992ced81a651f70fb07f8b0d001ecd02149b8f9458fb8f6d9de234931acd |
| SHA512 | 46846ee069b060cc90725da12098d839f0ef00eaaaeb1e83121100e6acf23e3de60e60cd8aed864fbd036fa5f3911c79f6a3663e4fde16a9c7267fa92ed83e39 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js
| MD5 | 015d479a611c39823bb2faa592434f42 |
| SHA1 | dd44b6f9b5378c8cdb2a2279a18f9d571520267a |
| SHA256 | 3800caa5f6247dd45c9247544a966d522c7985f64225a8ea50f94a5b922058f6 |
| SHA512 | 5633f19d1887b1b22ee86e1c98ed0cf4f9a71b56e157ad8c96f194ec9f41689fa8a9e002256c3898b75283ad536c2d87a3a9a4c9c4f550ef47bbdedd0cd0a50f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 699fcc753eda7a507af87c7ff412197c |
| SHA1 | 167572b3d84f5a6f1f230ceaba7292a5fc14df8a |
| SHA256 | 81e759f6c474000d1c7ba06c52aefaae3e309728e23cae10e02a4504cb9dc22f |
| SHA512 | 736a26b9f336130f5919a49cae862fa5dbbf5d34a1ea2afa5440c643dd8f957e3cd8265e32ea3391651e3d9dc3c0de68b7f17876108c23e8e5708b9733322daa |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9ae243496cfb48736439c604075fe5b4 |
| SHA1 | feb724d0e006ab7d512bb41c2583f5aacb2ac067 |
| SHA256 | c0a320a606c991c79c3b7b041741f3ed6f217b971950fb9e53b491ad9ee3dea0 |
| SHA512 | 4b73a052d0005c9871ca9c7acd6604f40b9ef69cc46f8c2c2cbbf30ba75638e0bda3e8cd86a7637056b1b58ede98e7be2b844b5ad0e2f6e6b6340b09670ea384 |
C:\Users\Admin\Downloads\windows-malware-master.7OC54znl.zip.part
| MD5 | 9efb77a90faa8fb926430574bf4a9f42 |
| SHA1 | 1311863ed0d7172cc9b869e175e2ac6c3a224b60 |
| SHA256 | 1959b8b94d112c15a700fbf8e514315e7ebf7512303d902031c175931449dfdf |
| SHA512 | d4b43d5da72a337e7c65501ba4cab033442dc506e06d1bfd3bd2ae8d5e1914b83f82d50e10441da9ea03e420baa5d291172ea08c75099d2392ead93a156af566 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\0DE9FB5C7CA5471CF31BA52F40296DC937FAB323
| MD5 | 1264348a277e9157a342a5ed63467e3d |
| SHA1 | bd0afb5c5ce49bbb15494f445c9caa89d3270314 |
| SHA256 | f17f5268fddd5c28987bc84a8e2de09e3dc704bd2e692286e343a0e0fcb98590 |
| SHA512 | 0a9ae34f26901564774917956c17d3c229aeff91c6385a6ada251691cdc5b3db563de4b58dcc6384419ee62f11ca1084c96d3e654e9617e05e5bec18fd6d4912 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520
| MD5 | ddfd81a106f66a80de981edfea0bc952 |
| SHA1 | 8f15ed516359c738eb0146faca232b853ca15101 |
| SHA256 | 90b67b6add5a8f91796a2750cdf053c57ea46420b5fd0cd1e951abfda4068469 |
| SHA512 | 229ad7a2953adf21ba395c236810cdcffb415bbcf446f5be926f5dfc1d04d30969485b5f94ecc2210f27c9ed80478fb86dc7b3cedaf46fc95f4e59a435f57ad2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\7BEC118E9178654B061CCB804B21F0586EB281AD
| MD5 | 1398d203f1b1beb7b58dee37c895a7ff |
| SHA1 | 63ae87fc70ee7f4873ae69a31d709620e68d6148 |
| SHA256 | 98476a3a1317027b3f6c45af434ee7adb9fa5c9084ef334c58d27d8dabc6a558 |
| SHA512 | 795705e6752e372c3082343b5eb48889cc0c42e26be177dfbff824f08877bcb0475e070cc0418c4cdf20c6ab666b972a64908efdc3a61546ba377cfc51e4ae27 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\83034475DCD175EA116CE1FF243C16C26D56582D
| MD5 | e0fb26fd07f5838a7b6afc7a6bed6927 |
| SHA1 | cdd3fae43654e4ad03a5011886174207d0c40ae3 |
| SHA256 | 69abd4a94ba1f0af57aad57b5db5e2a12581aeec8fd3eec7710fef3a2d5a977d |
| SHA512 | 72e82fea16872abdf10bad005f9d64c99d43c40622d88e86bfd491874f4b8cc19b55d0ae8123795b47aff25f44b76c9b4856803a9599070fa8551f5c6d819bd5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\BBD958D5D1B2696B058F510216BC1019BCACC3B2
| MD5 | d61ec3c206e0d47609b3565e01ea798d |
| SHA1 | ff633857debaf34745b02d7cb665293d57799adc |
| SHA256 | d46fc13c8c4982d27f413c6cf1ddf80e307d8a819cb274c0be5f0b1d9c7e8f53 |
| SHA512 | 7873ece0189b9ba3526690cc6ce4680e96c6672cf464917d4949ab4ce091b598fc319a37693153f9875af8a6e4a9a7da8f02cafc617bbcf377c410aececa9160 |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | fba93d8d029e85e0cde3759b7903cee2 |
| SHA1 | 525b1aa549188f4565c75ab69e51f927204ca384 |
| SHA256 | 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764 |
| SHA512 | 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d42eb46f915543dad1a52b0658932739 |
| SHA1 | 38122261238de7180dc804bccf1e7ce3e4ec4d93 |
| SHA256 | a3a77642e4771877ce6fed7366f60cf4e6fa2b1adcb6931b0a2afae519a5345e |
| SHA512 | 3ab9205b3d987a2d8a434129bd552be280aeec060bd1eccb96c8779708e45b2f0c1f64eb643b45e6d9e716d08f397b8273ac1d44f4517e3eda9d5fc4a3f84d7d |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9087b8eeb8d2184f1c25368d03389b3e |
| SHA1 | 09284ac47bc72c3570fc40c85208a61a5275e7f5 |
| SHA256 | 43f9feb55b59c21ff41360e8bf0db5b52b20b0af2bdea4328c6eef55b94e9f44 |
| SHA512 | 881ca40675f223c7d2467cff43e34ea2fbd1e80e2652abc6ce35c1e44ffd267f809f13aa32e207f39a28c84c3a5104adf72bd1286f7d51eb279c9dc274cc68e7 |
memory/96-4236-0x0000000002C00000-0x0000000002CAE000-memory.dmp
memory/668-4246-0x00000000768B0000-0x0000000076A72000-memory.dmp
memory/668-4243-0x0000000077230000-0x00000000773BE000-memory.dmp
memory/668-4252-0x00000000772A1000-0x00000000772B3000-memory.dmp
memory/668-4250-0x00000000772AA000-0x00000000772BB000-memory.dmp
memory/668-4248-0x00000000767B0000-0x00000000767B6000-memory.dmp
memory/668-4274-0x0000000077272000-0x0000000077284000-memory.dmp
memory/1772-4275-0x0000000001EE0000-0x0000000001EE1000-memory.dmp
memory/5340-4282-0x0000017FD68A0000-0x0000017FD68C0000-memory.dmp
memory/5340-4287-0x0000017FD6A20000-0x0000017FD6A40000-memory.dmp
memory/4508-4329-0x0000000077230000-0x00000000773BE000-memory.dmp
memory/4508-4333-0x00000000767B0000-0x00000000767B6000-memory.dmp
memory/4508-4331-0x00000000768B0000-0x0000000076A72000-memory.dmp
memory/4508-4358-0x0000000077230000-0x00000000773BE000-memory.dmp
memory/4508-4359-0x00000000768B0000-0x0000000076A72000-memory.dmp
memory/4508-4360-0x000000007726F000-0x0000000077281000-memory.dmp
memory/4508-4361-0x0000000074D20000-0x0000000074E5C000-memory.dmp
memory/4508-4362-0x0000000076C10000-0x0000000076C26000-memory.dmp
memory/4508-4363-0x0000000074040000-0x0000000074199000-memory.dmp
memory/4508-4364-0x0000000074FA0000-0x0000000074FC1000-memory.dmp
memory/4508-4365-0x00000000742B0000-0x00000000744E8000-memory.dmp
memory/4508-4368-0x0000000076560000-0x0000000076620000-memory.dmp
memory/4508-4371-0x00000000732A0000-0x00000000732A8000-memory.dmp
memory/3872-4385-0x00000000768B0000-0x0000000076A72000-memory.dmp
memory/3872-4387-0x00000000767B0000-0x00000000767B6000-memory.dmp
memory/3872-4382-0x0000000077230000-0x00000000773BE000-memory.dmp
memory/4508-4379-0x00000000748A0000-0x00000000748F7000-memory.dmp
memory/4508-4378-0x0000000074F50000-0x0000000074F91000-memory.dmp
memory/4508-4377-0x0000000073CF0000-0x0000000073CFA000-memory.dmp
memory/4508-4376-0x0000000076B90000-0x0000000076C09000-memory.dmp
memory/4508-4375-0x0000000076770000-0x0000000076795000-memory.dmp
memory/4508-4374-0x0000000076A80000-0x0000000076AF7000-memory.dmp
memory/4508-4373-0x0000000073D00000-0x0000000073D20000-memory.dmp
memory/4508-4372-0x0000000000860000-0x0000000000871000-memory.dmp
memory/4508-4370-0x00000000744F0000-0x00000000745AD000-memory.dmp
memory/4508-4369-0x0000000076390000-0x00000000763D5000-memory.dmp
memory/4508-4367-0x0000000073C50000-0x0000000073CE3000-memory.dmp
memory/4508-4366-0x0000000073E90000-0x0000000073FA8000-memory.dmp
memory/3996-4415-0x0000000077230000-0x00000000773BE000-memory.dmp
memory/3996-4417-0x00000000768B0000-0x0000000076A72000-memory.dmp
memory/3996-4419-0x00000000767B0000-0x00000000767B6000-memory.dmp
memory/1264-4450-0x00000000768B0000-0x0000000076A72000-memory.dmp
memory/1264-4451-0x00000000767B0000-0x00000000767B6000-memory.dmp
memory/1264-4448-0x0000000077230000-0x00000000773BE000-memory.dmp
memory/1264-4479-0x0000000077230000-0x00000000773BE000-memory.dmp
memory/1264-4480-0x00000000768B0000-0x0000000076A72000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c647de5e7f13046b645152e8c4151344 |
| SHA1 | 92fcdc9a2f7724bb3c9a47229a18b528484f9f31 |
| SHA256 | a656523c8af68afcc3ed5d32534d9e4dda3cfb4188d242b46468f77a4f84a552 |
| SHA512 | db3fdad4f599a9b126c4d82817e2228c97d35fa8dc80d5d846c3c8e57a52fac6b35a36fc638457cc4ecbc0627c04571019caf60b9c1d5167b33f67c4b77c53b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore.jsonlz4
| MD5 | cfd9733286d31aaf130a8b976a280cb3 |
| SHA1 | e172f7b934019824db45cbaf8bf457181b764f99 |
| SHA256 | 5cf5a3b242282647d7a3713a86f422f5b337e208a7128a368bf2d69a76ab212d |
| SHA512 | d1f8e992d5b60b17c8167af7d6c0c3797a5a0ec829ec1f4ab2d5a8cefaef24bb37c6425a98d85554a21f0190e379c4b24941e7d7f5e7f24596a65fa242460eea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionCheckpoints.json.tmp
| MD5 | 2ad4fe43dc84c6adbdfd90aaba12703f |
| SHA1 | 28a6c7eff625a2da72b932aa00a63c31234f0e7f |
| SHA256 | ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933 |
| SHA512 | 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js
| MD5 | fad818d0271b64851b5e6565be7420dc |
| SHA1 | b111704633a83d00dba75e075cd3d31150455ec8 |
| SHA256 | 36b54348a9032f631db51b3f6caf63795049949b8c778f6947dbe130013a6ddc |
| SHA512 | 17f1e01f9440a81cfc51f756f9bd3d48fcf5d221c7d1dc0a10c3af3d52b9ff6b050640decef20d69805164a0fe2b30bf3b7b480bbb73c6cbcff5d9884af28885 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 604e290878e949acbdac32af5befa8b4 |
| SHA1 | 39e56d4541aeffe8fc1fb8ec47a8789a156f25c1 |
| SHA256 | 411499d3f73c368d4683822d6265476d61dfbe7794c2f5f08e3da2f677d27814 |
| SHA512 | 27c0c941d8a8bae367958da1a1ef7cc43a2ad99c7fbcc708712131d6578fcc15b91d5b56a4131e436e0fed1fc96f1e87f775d6662296e2746edb1e347f7b0014 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8c9b521aac88d9b3de2d9fdfe67248ed |
| SHA1 | f2fb55a7238eea41ea1aed821f64c33ab0952116 |
| SHA256 | 824a7f74e7dec38a6d72519a05c449f645927c5275e69d52dd34d0cf7f554864 |
| SHA512 | 8ede27ef23cbaeb7df53472252a353543d07e123b0b71a67e067f02b8c08b5a5b8454d00877fac4106dd1430b598e2e36c38d44a976b251501b0000885bbdd99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dada7b84d38d32213001c67009c1731e |
| SHA1 | 25d978efe908c05dc3c2b398cf22a3bab9f159df |
| SHA256 | 5b314f6ca45c1745d9949a02ae6c9eec226a6eed30d75501a0bca32d2715fce3 |
| SHA512 | 16e95c96f9b762ee65df0d7f8d7bb8ec39f7966d5e5dc91a0979a9b7075276bb0df1c39e961ba941a3fe70a1b7ac7661f18c5b3aba7af71162904a9a471c8678 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae27791b9ee82ce0ed48149c72b5ce3f |
| SHA1 | 94d1396c458ed7e002fcd066aa25da06cd42d7a5 |
| SHA256 | 5eb1b022270e5e907d1560f13140938c4597bc1513ab36e37ccd11494d2f64d2 |
| SHA512 | 5bcb53acd920796b84d375ec52214d80de01a25d527bb9821e51aaf1b0f89e1fd2be26d2b3ccdff1329f3491c6c4f7fc1011787b01061353533e7e50285a6a83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 69095f0f9eb33d4b5f7febd53b5e89be |
| SHA1 | 88505cb0dbb9dcdb5b53aa5bae8cbbca61fa3bbb |
| SHA256 | 4d91a25123650adf1a0f93cdd325289162e849101b94883950a680249cc208d2 |
| SHA512 | 2c351e061464ad3eff764ca45e671fca018821ac768ad2920bedcff738ac97878db427d2ef658ca9fb7a2dcc40a27489f142d86858d3b484cdb3ba34cb782627 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 61805b09a785264caff12ea601731b7f |
| SHA1 | 1e40e77074329f7f0944f6a36c343ff38a4aca0d |
| SHA256 | 7052362a9934b7b84bb0a33a5cdbbd54ac09381ec8d16a473b01377bafda4730 |
| SHA512 | 20c16c1b521610fbf76e9fd26407d85b8b7d826368752669f2c74f24b51928aef24f30829247a40e177f5a4663c495f8bd88d68fc0abd031610e91f2137d97a1 |