Analysis Overview
Threat Level: Likely malicious
The file http://, was found to be: Likely malicious.
Malicious Activity Summary
Modifies AppInit DLL entries
Modifies Installed Components in the registry
Possible privilege escalation attempt
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Modifies file permissions
UPX packed file
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Windows directory
Program crash
Kills process with taskkill
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Opens file in notepad (likely ransom note)
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-24 17:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-24 17:55
Reported
2024-05-24 18:23
Platform
win10v2004-20240426-en
Max time kernel
880s
Max time network
1051s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Modifies AppInit DLL entries
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\D: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\SET1F3B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\SysWOW64\SET1F3B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\msagent\SET1B83.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\SET1B96.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET1F19.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B7E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B7F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET1F17.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\help\SET1F18.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1B95.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B6D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\finalDestruction.bin | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File created | C:\Windows\msagent\intl\SET1B97.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET1B94.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET1F3A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET1B97.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1B82.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B93.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET1F07.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File created | C:\Windows\msagent\SET1B81.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B82.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1B93.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B95.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1BA8.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1B7F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\fonts\SET1F19.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1B80.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1BA8.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET1F07.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B80.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B81.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET1F17.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET1F3A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET1B83.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1B6D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET1B7E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\executables.bin | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET1F18.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\help\SET1B96.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET1B94.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000" | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000" | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000" | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\NRVP.exe = "11000" | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Users\Admin\Downloads\NRVP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610475811291204" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0\ = "Microsoft Agent Control 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server.2\CLSID\ = "{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ToolboxBitmap32\ = "C:\\Windows\\msagent\\AgentCtl.dll, 105" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575}\2.0\0\win32\ = "C:\\Windows\\msagent\\AgentSvr.exe" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Programmable | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ = "IAgentCtlAnimationNames" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtl" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server\CurVer | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlSpeechInput" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server\ = "Microsoft Agent Server 2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\MuiCache | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus\1\ = "148628" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommands" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID\ = "Agent.Control.2" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202 | N/A | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ = "C:\\Windows\\msagent\\AgentDPv.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" | N/A | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ProgID\ = "Agent.Server.2" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\FLAGS | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\ = "{D6589123-FC70-11D0-AC94-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\Version\ = "1.5" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlBalloon" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://,
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae238ab58,0x7ffae238ab68,0x7ffae238ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4052 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3104 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4036 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3744 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4464 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4484 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2960 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4768 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4580 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1544 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4780 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1748 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4720 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2992 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3852 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4844 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4352 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1472 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap31675:84:7zEvent20287
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4112 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4856 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2948 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4100 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4620 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\AddStop.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\AddStop.bat" "
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\AddStop.bat
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MrsMajor 3.0\" -ad -an -ai#7zMap12165:84:7zEvent27932
C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4172 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4100 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4804 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5596 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5532 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6016 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5976 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4848 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5552 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5696 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6008 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3744 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4040 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5944 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5728 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=3016 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=5164 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4900 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x32c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5148 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=5568 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5524 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2852 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=4404 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5520 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4860 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5896 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6332 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=6184 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=5160 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=5672 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MrsMajor 2.0\" -ad -an -ai#7zMap21788:86:7zEvent22312
C:\Users\Admin\Downloads\NRVP.exe
"C:\Users\Admin\Downloads\NRVP.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6080 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BossDaMajor\" -ad -an -ai#7zMap6716:82:7zEvent22514
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=6680 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=6612 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6020 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6932 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=1648 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=6836 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=4680 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=7064 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=6676 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=6880 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=3092 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=6380 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=6624 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=6408 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=5756 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=1156 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=3992 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=6344 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=6296 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=6248 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=4596 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=4632 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=5920 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=6852 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=4916 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=6184 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3028 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6788 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6760 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6096 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:8
C:\Users\Admin\Downloads\Bonzify.exe
"C:\Users\Admin\Downloads\Bonzify.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\TpmInit.exe"
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\TpmInit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\TpmInit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\TpmTool.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\TpmTool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\TpmTool.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\tracerpt.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\tracerpt.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\tracerpt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\TRACERT.EXE"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\TRACERT.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\TRACERT.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\TSTheme.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\TSTheme.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\TSTheme.exe" /grant "everyone":(f)
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\TsWpfWrp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\TsWpfWrp.exe"
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\TsWpfWrp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ttdinject.exe"
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ttdinject.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ttdinject.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\tttracer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\tttracer.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\tttracer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\typeperf.exe"
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\typeperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\typeperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\tzutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\tzutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\tzutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\unlodctr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\unlodctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\unlodctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\unregmp2.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\unregmp2.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\unregmp2.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\upnpcont.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\upnpcont.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\upnpcont.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\user.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\user.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\user.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\UserAccountBroker.exe"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\UserAccountBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\UserAccountBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\UserAccountControlSettings.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\UserAccountControlSettings.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\UserAccountControlSettings.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\userinit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\userinit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\userinit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Utilman.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Utilman.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Utilman.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\verclsid.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\verclsid.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\verclsid.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\verifiergui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\verifiergui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\verifiergui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\w32tm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\w32tm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\w32tm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\waitfor.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\waitfor.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\waitfor.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wbem\mofcomp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wbem\mofcomp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wbem\mofcomp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wbem\WinMgmt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wbem\WinMgmt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wbem\WinMgmt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wbem\WMIADAP.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wbem\WMIADAP.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wbem\WMIADAP.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wbem\WMIC.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wbem\WMIC.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wbem\WMIC.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wbem\WmiPrvSE.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wbem\WmiPrvSE.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wbem\WmiPrvSE.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wecutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wecutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wecutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\WerFault.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\WerFault.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\WerFault.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\WerFaultSecure.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\WerFaultSecure.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\WerFaultSecure.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wermgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wermgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wermgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wevtutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wevtutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wevtutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wextract.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wextract.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wextract.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\where.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\where.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\where.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\whoami.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\whoami.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\whoami.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wiaacmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wiaacmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wiaacmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Windows.Media.BackgroundPlayback.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Windows.Media.BackgroundPlayback.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Windows.Media.BackgroundPlayback.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Windows.WARP.JITService.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Windows.WARP.JITService.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Windows.WARP.JITService.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\winrs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\winrs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\winrs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\winrshost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\winrshost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\winrshost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\WinRTNetMUAHostServer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\WinRTNetMUAHostServer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\WinRTNetMUAHostServer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\winver.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\winver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\winver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wlanext.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wlanext.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wlanext.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wowreg32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wowreg32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wowreg32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\WPDShextAutoplay.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\WPDShextAutoplay.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\WPDShextAutoplay.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\write.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\write.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\write.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wscadminui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wscadminui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wscadminui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\WSManHTTPConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\WSManHTTPConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\WSManHTTPConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wsmprovhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wsmprovhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wsmprovhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\wusa.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\wusa.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\wusa.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\WWAHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\WWAHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\WWAHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\xcopy.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\xcopy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\xcopy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\xwizard.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\xwizard.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\xwizard.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Microsoft.AsyncTextService.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Microsoft.AsyncTextService.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe\Microsoft.AsyncTextService.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy\BioEnrollmentHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\CredDialogHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\CredDialogHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy\CredDialogHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\Microsoft.ECApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Win32WebViewHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Win32WebViewHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Win32WebViewHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy\AddSuggestedFoldersToLibraryDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppResolverUX.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppResolverUX.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy\AppResolverUX.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\AssignedAccessLockApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\CallingShellApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\CapturePicker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\FileExplorer.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\FileExplorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy\FileExplorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\FilePicker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\FilePicker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy\FilePicker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\NarratorQuickStart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\PeopleExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\SecureAssessmentBrowser.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\XGpuEjectDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\XBox.TCUI.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\ScreenClipping\ScreenClippingHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\UndockedDevKit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\UndockedDevKit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\UndockedDevKit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\NcsiUwpApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy\WpcUapApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\CameraBarcodeScannerPreview.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\CameraBarcodeScannerPreview.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy\CameraBarcodeScannerPreview.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\agentactivationruntimestarter.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\agentactivationruntimestarter.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\agentactivationruntimestarter.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\appidtel.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\appidtel.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\appidtel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ARP.EXE"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ARP.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ARP.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\at.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\at.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\at.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\AtBroker.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\AtBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\AtBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\attrib.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\attrib.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\attrib.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\auditpol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\auditpol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\auditpol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\autochk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\autochk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\autochk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\autoconv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\autoconv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\autoconv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\autofmt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\autofmt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\autofmt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\backgroundTaskHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\backgroundTaskHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\backgroundTaskHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\BackgroundTransferHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\bitsadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\bitsadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\bitsadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\bootcfg.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\bootcfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\bootcfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\bthudtask.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\bthudtask.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\bthudtask.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ByteCodeGenerator.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ByteCodeGenerator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cacls.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cacls.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cacls.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\calc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\calc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\calc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\CameraSettingsUIHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\CameraSettingsUIHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\CameraSettingsUIHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\CertEnrollCtrl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\CertEnrollCtrl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\CertEnrollCtrl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\certreq.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\certreq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\certreq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\certutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\certutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\certutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\charmap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\charmap.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\charmap.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\CheckNetIsolation.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\CheckNetIsolation.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\CheckNetIsolation.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\chkdsk.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\chkdsk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\chkdsk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\chkntfs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\chkntfs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\chkntfs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\choice.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\choice.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\choice.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cipher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cipher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cipher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cleanmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cleanmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cleanmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cliconfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cliconfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cliconfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\clip.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\clip.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\clip.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\CloudNotifications.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\CloudNotifications.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\CloudNotifications.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cmd.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cmd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cmd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cmdkey.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cmdkey.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cmdkey.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cmdl32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cmdl32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cmdl32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cmmon32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cmmon32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cmmon32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cmstp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\colorcpl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\colorcpl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\colorcpl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\Com\comrepl.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\Com\comrepl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\Com\comrepl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\Com\MigRegDB.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\Com\MigRegDB.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\Com\MigRegDB.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\comp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\comp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\comp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\compact.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\compact.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\compact.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ComputerDefaults.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ComputerDefaults.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ComputerDefaults.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\control.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\control.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\control.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\convert.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\convert.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\convert.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\CredentialUIBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\CredentialUIBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\CredentialUIBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\credwiz.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\credwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\credwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ctfmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ctfmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ctfmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cttune.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cttune.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cttune.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\cttunesvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\cttunesvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\cttunesvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\curl.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\curl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\curl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dccw.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dccw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dccw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dcomcnfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dcomcnfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dcomcnfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ddodiag.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ddodiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ddodiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\DevicePairingWizard.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\DevicePairingWizard.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\DevicePairingWizard.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dfrgui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dfrgui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dfrgui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dialer.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dialer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dialer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\diskpart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\diskpart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\diskpart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\diskperf.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\diskperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\diskperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\Dism\DismHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\Dism\DismHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\Dism\DismHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\Dism.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\Dism.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\Dism.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dllhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dllhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dllhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dllhst3g.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dllhst3g.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dllhst3g.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\doskey.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\doskey.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\doskey.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dpapimig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dpapimig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dpapimig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\DpiScaling.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\DpiScaling.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\DpiScaling.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dplaysvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dplaysvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dplaysvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dpnsvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dpnsvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dpnsvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\driverquery.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\driverquery.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\driverquery.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dtdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dtdump.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dtdump.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dvdplay.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dvdplay.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dvdplay.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\DWWIN.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\DWWIN.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\DWWIN.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\dxdiag.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\dxdiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\dxdiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\EaseOfAccessDialog.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\EaseOfAccessDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\EaseOfAccessDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\edpnotify.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\edpnotify.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\edpnotify.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\efsui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\efsui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\efsui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\EhStorAuthn.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\EhStorAuthn.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\EhStorAuthn.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\esentutl.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\esentutl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\esentutl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\eudcedit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\eudcedit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\eudcedit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\eventcreate.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\eventcreate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\eventcreate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\eventvwr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\eventvwr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\eventvwr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\expand.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\expand.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\expand.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\explorer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\extrac32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\extrac32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\extrac32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\F12\IEChooser.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\F12\IEChooser.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\F12\IEChooser.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\fc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\fc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\fc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\find.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\find.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\find.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\findstr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\findstr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\findstr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\finger.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\finger.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\finger.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\fixmapi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\fixmapi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\fixmapi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\fltMC.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\fltMC.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\fltMC.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\Fondue.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\Fondue.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\Fondue.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\fontdrvhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\fontdrvhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\fontdrvhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\fontview.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\fontview.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\fontview.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\forfiles.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\forfiles.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\forfiles.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\fsquirt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\fsquirt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\fsquirt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\fsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\fsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\fsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ftp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ftp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ftp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\GameBarPresenceWriter.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\GameBarPresenceWriter.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\GameBarPresenceWriter.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\GamePanel.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\GamePanel.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\GamePanel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\getmac.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\getmac.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\getmac.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\gpresult.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\gpresult.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\gpresult.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\gpscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\gpscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\gpscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\gpupdate.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\gpupdate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\gpupdate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\grpconv.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\grpconv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\grpconv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\hdwwiz.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\hdwwiz.exe"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\hdwwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\help.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\help.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\help.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\hh.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\hh.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 3136 -ip 3136
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\hh.exe" /grant "everyone":(f)
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\HOSTNAME.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\HOSTNAME.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\HOSTNAME.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\icacls.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\icacls.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\icacls.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\icsunattend.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\icsunattend.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\icsunattend.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ieUnatt.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ieUnatt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ieUnatt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\iexpress.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\iexpress.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\iexpress.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=5404 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\SHARED\IMESEARCH.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\SHARED\IMESEARCH.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\SHARED\IMESEARCH.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\InfDefaultInstall.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\InfDefaultInstall.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\InfDefaultInstall.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\InputSwitchToastHandler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\InputSwitchToastHandler.exe"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\InputSwitchToastHandler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\InstallShield\setup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\InstallShield\setup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\InstallShield\setup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\InstallShield\_isdel.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\InstallShield\_isdel.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\InstallShield\_isdel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\instnm.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\instnm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\instnm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ipconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ipconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ipconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\iscsicli.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\iscsicli.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\iscsicli.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\iscsicpl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\iscsicpl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\iscsicpl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\isoburn.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\isoburn.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\isoburn.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ktmutil.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4272 -s 7804
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=7016 --field-trial-handle=1760,i,5776172135883630673,5744768279294167034,131072 /prefetch:1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ktmutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ktmutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\label.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\label.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\label.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\LaunchTM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\LaunchTM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\LaunchTM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\LaunchWinApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\LaunchWinApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\LaunchWinApp.exe" /grant "everyone":(f)
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\lodctr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\lodctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\lodctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\logagent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\logagent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\logagent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\logman.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\logman.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\logman.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\Magnify.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\Magnify.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\Magnify.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\makecab.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\makecab.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\makecab.exe" /grant "everyone":(f)
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mavinject.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mavinject.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mavinject.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mcbuilder.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mcbuilder.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mcbuilder.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mfpmp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mfpmp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mmc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mmc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mmc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mmgaserver.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mmgaserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mmgaserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mobsync.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mobsync.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mobsync.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mountvol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mountvol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mountvol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\MRINFO.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\MRINFO.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\MRINFO.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\msdt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\msdt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\msdt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\msfeedssync.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\msfeedssync.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\msfeedssync.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mshta.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mshta.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mshta.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\msiexec.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\msiexec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\msiexec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mspaint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mspaint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mspaint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\msra.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\msra.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\msra.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mstsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mstsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mstsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\mtstocom.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\mtstocom.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\mtstocom.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\MuiUnattend.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\MuiUnattend.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\MuiUnattend.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ndadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ndadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ndadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\net.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\net.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\net.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\netbtugc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\netbtugc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\netbtugc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\netiougc.exe"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\netiougc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\netiougc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\Netplwiz.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\Netplwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\Netplwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\netsh.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\netsh.exe"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\netsh.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\NETSTAT.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\NETSTAT.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\NETSTAT.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\newdev.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\newdev.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\newdev.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\notepad.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\notepad.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\notepad.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\nslookup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\nslookup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\nslookup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\odbcad32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\odbcad32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\odbcad32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\odbcconf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\odbcconf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\odbcconf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\OneDriveSetup.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\OneDriveSetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\OneDriveSetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\openfiles.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\openfiles.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\openfiles.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\OpenWith.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\OpenWith.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\OpenWith.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\OposHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\OposHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\OposHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\PackagedCWALauncher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\PackagedCWALauncher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\PackagedCWALauncher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\PATHPING.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\PATHPING.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\PATHPING.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\pcaui.exe"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\pcaui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\pcaui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\perfhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\SysWOW64\perfhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\SysWOW64\perfhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\SysWOW64\perfmon.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.169.217.172.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 6.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.213.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.213.3:443 | id.google.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.187.238:443 | drive.google.com | tcp |
| GB | 142.250.187.238:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | tiny.cc | udp |
| US | 157.245.113.153:443 | tiny.cc | tcp |
| US | 157.245.113.153:443 | tiny.cc | tcp |
| GB | 142.250.187.238:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | 153.113.245.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | content.googleapis.com | udp |
| US | 8.8.8.8:53 | blobcomments-pa.clients6.google.com | udp |
| GB | 142.250.200.42:443 | blobcomments-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| GB | 142.250.187.202:443 | peoplestackwebexperiments-pa.clients6.google.com | tcp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| GB | 142.250.200.14:443 | docs.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | youtu.be | udp |
| GB | 142.250.200.46:443 | youtu.be | tcp |
| GB | 142.250.200.46:443 | youtu.be | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr2---sn-aigl6ner.googlevideo.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| GB | 173.194.183.135:443 | rr2---sn-aigl6ner.googlevideo.com | tcp |
| GB | 173.194.183.135:443 | rr2---sn-aigl6ner.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4---sn-aigl6nsr.googlevideo.com | udp |
| GB | 74.125.105.137:443 | rr4---sn-aigl6nsr.googlevideo.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.105.125.74.in-addr.arpa | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | i1.ytimg.com | udp |
| GB | 172.217.16.238:443 | i1.ytimg.com | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.200.46:443 | youtube.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 216.58.212.206:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| GB | 142.250.187.202:443 | peoplestackwebexperiments-pa.clients6.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | udp |
| US | 8.8.8.8:53 | e2c45.gcp.gvt2.com | udp |
| CA | 35.215.54.231:443 | e2c45.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 231.54.215.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 195.49.178.192.in-addr.arpa | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.187.238:443 | drive.google.com | udp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 142.250.179.225:443 | drive.usercontent.google.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.204.67:443 | id.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| AU | 142.250.70.227:443 | beacons2.gvt2.com | tcp |
| AU | 142.250.70.227:443 | beacons2.gvt2.com | tcp |
| AU | 142.250.70.227:443 | beacons2.gvt2.com | tcp |
| AU | 142.250.70.227:443 | beacons2.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 227.70.250.142.in-addr.arpa | udp |
| AU | 142.250.70.227:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 151.101.1.140:443 | www.reddit.com | tcp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| GB | 216.58.212.227:80 | www.gstatic.com | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| AU | 142.250.70.227:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 151.101.1.140:443 | w3-reporting-nel.reddit.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | img.youtube.com | udp |
| GB | 142.250.178.14:443 | img.youtube.com | tcp |
| US | 8.8.8.8:53 | vinesauce.fandom.com | udp |
| US | 199.232.208.194:443 | vinesauce.fandom.com | tcp |
| US | 199.232.208.194:443 | vinesauce.fandom.com | tcp |
| US | 8.8.8.8:53 | static.wikia.nocookie.net | udp |
| US | 8.8.8.8:53 | services.fandom.com | udp |
| US | 8.8.8.8:53 | www.fastly-insights.com | udp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| US | 151.101.2.91:443 | www.fastly-insights.com | tcp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| DE | 74.120.188.204:443 | static.wikia.nocookie.net | tcp |
| US | 8.8.8.8:53 | 194.208.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.188.120.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacon.wikia-services.com | udp |
| US | 74.120.189.195:443 | beacon.wikia-services.com | tcp |
| US | 199.232.208.194:443 | services.fandom.com | tcp |
| US | 8.8.8.8:53 | www.fandom.com | udp |
| US | 8.8.8.8:53 | script.wikia.nocookie.net | udp |
| US | 8.8.8.8:53 | 195.189.120.74.in-addr.arpa | udp |
| US | 74.120.189.195:443 | beacon.wikia-services.com | tcp |
| US | 8.8.8.8:53 | fastly-insights.com | udp |
| US | 151.101.130.91:443 | fastly-insights.com | tcp |
| US | 8.8.8.8:53 | katl-v4.pops.fastly-insights.com | udp |
| US | 151.101.14.91:443 | katl-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 02ed7653-4b19-4e69-aa2c-1afd9c9205cb.eu.u.fastly-insights.com | udp |
| US | 151.101.194.91:443 | 02ed7653-4b19-4e69-aa2c-1afd9c9205cb.eu.u.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | kteb-v4.pops.fastly-insights.com | udp |
| US | 151.101.46.91:443 | kteb-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.jwplayer.com | udp |
| US | 8.8.8.8:53 | cdn-gl.imrworldwide.com | udp |
| BE | 64.233.166.154:443 | stats.g.doubleclick.net | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| DE | 18.66.147.118:443 | cdn.jwplayer.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| DE | 108.138.6.136:443 | c.amazon-adsystem.com | tcp |
| DE | 13.32.121.49:443 | cdn-gl.imrworldwide.com | tcp |
| US | 8.8.8.8:53 | dtw-v4.pops.fastly-insights.com | udp |
| US | 146.75.10.91:443 | dtw-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | prebid-server.rubiconproject.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | ib.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | ads.servenobid.com | udp |
| US | 8.8.8.8:53 | 91.14.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | 91.46.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.147.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.6.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.121.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | s.seedtag.com | udp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| NL | 69.173.156.150:443 | prebid-server.rubiconproject.com | tcp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| IE | 52.212.32.21:443 | ads.servenobid.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| DE | 37.252.171.52:443 | ib.adnxs-simple.com | tcp |
| DE | 37.252.171.52:443 | ib.adnxs-simple.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 34.149.50.64:443 | s.seedtag.com | tcp |
| US | 172.64.144.78:443 | elb.the-ozone-project.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| DE | 18.66.102.66:443 | rules.quantcount.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| DE | 108.138.6.136:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| DE | 18.245.31.92:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| DE | 13.32.119.202:443 | aax.amazon-adsystem.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| DE | 18.245.60.53:443 | sb.scorecardresearch.com | tcp |
| US | 8.8.8.8:53 | launchpad-wrapper.privacymanager.io | udp |
| US | 8.8.8.8:53 | secure.cdn.fastclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn.hadronid.net | udp |
| DE | 65.9.66.122:443 | tags.crwdcntrl.net | tcp |
| GB | 23.53.174.156:443 | secure.cdn.fastclick.net | tcp |
| US | 3.160.150.11:443 | launchpad-wrapper.privacymanager.io | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | pixel.quantcount.com | udp |
| US | 104.22.53.173:443 | cdn.hadronid.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | pubads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | pubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | kul-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| MY | 146.75.26.91:443 | kul-v4.pops.fastly-insights.com | tcp |
| DE | 18.245.86.111:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | launchpad.privacymanager.io | udp |
| US | 8.8.8.8:53 | secure-dcr.imrworldwide.com | udp |
| US | 8.8.8.8:53 | yx7a0e7ogqgol2th2r45tmurtxvel1716574576.nuid.imrworldwide.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| DE | 13.32.27.122:443 | launchpad.privacymanager.io | tcp |
| IE | 34.251.99.216:443 | secure-dcr.imrworldwide.com | tcp |
| IE | 63.33.74.9:443 | bcp.crwdcntrl.net | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 18.172.112.84:443 | yx7a0e7ogqgol2th2r45tmurtxvel1716574576.nuid.imrworldwide.com | tcp |
| MY | 146.75.26.91:443 | kul-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.253.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.32.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.50.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.144.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.10.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.102.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.31.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.119.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.60.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.150.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.174.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.53.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.86.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.99.251.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.74.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.112.172.18.in-addr.arpa | udp |
| US | 172.67.23.234:443 | id.hadron.ad.gt | tcp |
| US | 8.8.8.8:53 | 655cd2d8e3c663b612456fa2645a833a.safeframe.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | 655cd2d8e3c663b612456fa2645a833a.safeframe.googlesyndication.com | tcp |
| DE | 18.66.147.118:443 | cdn.jwplayer.com | tcp |
| US | 8.8.8.8:53 | geo.privacymanager.io | udp |
| DE | 13.32.99.122:443 | geo.privacymanager.io | tcp |
| US | 8.8.8.8:53 | ssl.p.jwpcdn.com | udp |
| US | 151.101.2.114:443 | ssl.p.jwpcdn.com | tcp |
| US | 8.8.8.8:53 | static.adsafeprotected.com | udp |
| DE | 18.66.112.19:443 | static.adsafeprotected.com | tcp |
| US | 8.8.8.8:53 | placement-prd.jwpltx.com | udp |
| DE | 18.66.122.74:443 | placement-prd.jwpltx.com | tcp |
| DE | 18.66.122.74:443 | placement-prd.jwpltx.com | tcp |
| DE | 18.66.122.74:443 | placement-prd.jwpltx.com | tcp |
| DE | 18.66.122.74:443 | placement-prd.jwpltx.com | tcp |
| US | 8.8.8.8:53 | a.ad.gt | udp |
| US | 8.8.8.8:53 | entitlements.jwplayer.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | kpao-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | 234.23.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.26.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.99.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.112.66.18.in-addr.arpa | udp |
| US | 104.22.4.69:443 | a.ad.gt | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| US | 151.101.202.91:443 | kpao-v4.pops.fastly-insights.com | tcp |
| FR | 152.199.22.243:443 | entitlements.jwplayer.com | tcp |
| US | 8.8.8.8:53 | prd.jwpltx.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 13.225.78.59:443 | prd.jwpltx.com | tcp |
| US | 8.8.8.8:53 | assets-jpcust.jwpsrv.com | udp |
| US | 13.225.78.59:443 | prd.jwpltx.com | tcp |
| US | 13.225.78.59:443 | prd.jwpltx.com | tcp |
| US | 8.8.8.8:53 | p.ad.gt | udp |
| US | 8.8.8.8:53 | ids.ad.gt | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | image2.pubmatic.com | udp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| US | 172.67.23.234:443 | ids.ad.gt | tcp |
| DE | 37.252.171.53:443 | secure.adnxs.com | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | udp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 34.210.107.208:443 | api2.amplitude.com | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 104.22.4.69:443 | ids.ad.gt | tcp |
| GB | 216.58.204.70:443 | s0.2mdn.net | tcp |
| US | 104.22.5.69:443 | ids.ad.gt | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.201.98:443 | cm.g.doubleclick.net | udp |
| US | 34.210.107.208:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | pixels.ad.gt | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 104.22.5.69:443 | pixels.ad.gt | tcp |
| US | 8.8.8.8:53 | kcgs-v4.pops.fastly-insights.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 146.75.38.91:443 | kcgs-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 74.122.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.22.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.78.225.13.in-addr.arpa | udp |
| US | 142.250.191.67:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 91.202.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.5.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.107.210.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | player.ex.co | udp |
| US | 151.101.2.132:443 | player.ex.co | tcp |
| US | 142.250.191.67:443 | csi.gstatic.com | tcp |
| US | 104.18.36.155:443 | ssum-sec.casalemedia.com | udp |
| US | 34.149.50.64:443 | s.seedtag.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | udp |
| US | 151.101.2.132:443 | player.ex.co | tcp |
| US | 8.8.8.8:53 | mrs-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | 2e517f93df136bc6949a7e0d4c507d2b.safeframe.googlesyndication.com | udp |
| FR | 199.232.82.91:443 | mrs-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | collector-1.ex.co | udp |
| US | 44.208.236.243:443 | collector-1.ex.co | tcp |
| US | 8.8.8.8:53 | mcd-playlist.ex.co | udp |
| US | 8.8.8.8:53 | bare-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | img.ex.co | udp |
| US | 8.8.8.8:53 | cdn.ex.co | udp |
| US | 8.8.8.8:53 | 91.38.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.191.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.82.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.236.208.44.in-addr.arpa | udp |
| GB | 146.75.74.91:443 | bare-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | p.channelexco.com | udp |
| US | 108.59.11.105:443 | p.channelexco.com | tcp |
| US | 8.8.8.8:53 | any-v4.pops.fastly-insights.com | udp |
| US | 8.8.8.8:53 | sync.ex.co | udp |
| US | 151.101.66.91:443 | any-v4.pops.fastly-insights.com | tcp |
| US | 3.231.242.183:443 | sync.ex.co | tcp |
| US | 8.8.8.8:53 | lon-v4.pops.fastly-insights.com | udp |
| GB | 199.232.58.91:443 | lon-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | s-20.channelexco.com | udp |
| US | 8.8.8.8:53 | large-img.ex.co | udp |
| US | 8.8.8.8:53 | 91.74.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.11.59.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.242.231.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.58.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | prg.smartadserver.com | udp |
| US | 35.186.253.211:443 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | rtb.ex.co | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | krk2.kargo.com | udp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| DE | 3.124.210.62:443 | krk2.kargo.com | tcp |
| FR | 178.32.197.49:443 | prg.smartadserver.com | tcp |
| DE | 18.185.180.152:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | e.channelexco.com | udp |
| US | 23.82.15.162:443 | e.channelexco.com | tcp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.197.32.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.210.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.15.82.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.178.14:443 | img.youtube.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| IN | 34.0.0.42:443 | e2c79.gcp.gvt2.com | tcp |
| IN | 34.0.0.42:443 | e2c79.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 42.0.0.34.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 243.76.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| CA | 69.50.175.178:80 | tcp | |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
Files
\??\pipe\crashpad_4748_AQFFTBYQDBHWSJZD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d2024dea3a4660bb23e43f877e6a5d66 |
| SHA1 | 610a3081fc00bb07766ca8145ad407df55b0805a |
| SHA256 | e792e633b3d63c96e29f0849d36691da49ee850eebf78c670d2127783418bc80 |
| SHA512 | 01554b5b24f38fb784771d3508bf3b42fccf5110f4386f192f7e29a0a4a9028a69825df1318cfa9a505e83a24fa6702e7c8e8141adbbf4f606ebc5ff808e0764 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 45ed8c6399027e53a620f5ab03c0bdfe |
| SHA1 | 30275ab1df6ed9cd49d62cb4875401e9e5d0d2c3 |
| SHA256 | ab19adf09db586b61ac9243722259a1228809faf0ccb8c6c1697d36cabffb450 |
| SHA512 | 295720b9a757a6dcbe8ca3f6456bdc35138b2ef46387644f7cc2e982f0b93e4e127ad62ea631406f436932ccc97024da7d8bba9a13009c3bdf2d71d328b225fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d1c01a2a65955371567989b523285d91 |
| SHA1 | 0cfe100aaaa6f0d3846d0397e61d0b2333d5df35 |
| SHA256 | a3dcff93a4748f8bc163ba43ed56fdbae6af5510abb04e608e7b5fdb53d91922 |
| SHA512 | 712745250c026475d2d0e7b7d30d2ff6ca65083b022ff617a433ffddd1bec161129dde20ec6d1a1af1abdf43d87ce9f380f9bb1b27366fc2eb05d51e4e6a66de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5883d1.TMP
| MD5 | 9524f4de37c3c685f7939709e4153983 |
| SHA1 | ab7535d2ec42fbd0ab8ebd536257d8e952fa1bae |
| SHA256 | 29cadf22a5945dc288c1a8f22a347b35e5575b1461e68802ec694a4150006b18 |
| SHA512 | 39aa7578ed597f9ac72b7b07a3f6dc0750bcf4c7763fa7d17f63153c8acf8c6198add35ff31fa11931db14a07b9853cfc6f2e7591c382180afefaca257e8696c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f5ce1bfe6d92226e525a3fb40d691632 |
| SHA1 | 41a3c91b0496efee34b793e9c046b19902a301b7 |
| SHA256 | 6ecd373f5058f499288aabb5dc31d80e0eea706eb7c91e3e54e044c842256f1a |
| SHA512 | 8d8fae785ed79dc91a36e52cab99666f19f2332f5b50ab475145f70284337f2bae7ea4f032037f723b877573d131fae6bdc7fbe7c5844869c94760623c284e1f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | baa305043c220c1520594779a564c360 |
| SHA1 | f5271b2bd748cc3192eed3c4ad9b6e87f78c84ff |
| SHA256 | c1f81819043321d14dd1710f58ea900b7e9b066cd515ab5bc89327aefbdf221c |
| SHA512 | 957d55420f6063fbabac27bb593b31dfc6c278ca0d03789d69afaa1188a05fdc552451819317b69f121ad0b58f317202447fde9224c71f24b410dd0c0ece621e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e08e665b5c08ac67e09679945fe4fd68 |
| SHA1 | 7f2535ec06b4e78a36b7f96519e8aa28c41ad29e |
| SHA256 | c43f13c5cfc803f91423258e4ee402657c1353264677d9e953a45a2dbf603b6d |
| SHA512 | 3b1ecbcd8e415b35bcf643d040e0141641411e00862168ddfa75c4fe48894ab466640d56ee7e779b07944a16a0709cce7cafb420f9d6bbebeb88aabf4c348727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | 0ed8278b11742681d994e5f5b44b8d3d |
| SHA1 | 28711624d01da8dbd0aa4aad8629d5b0f703441e |
| SHA256 | 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2 |
| SHA512 | d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 76e6e064b84f1bf726d513b28de1da95 |
| SHA1 | 54094de944e8388624f57b66b473aeb0f7c43a24 |
| SHA256 | c9240b31d367f47ac854422a9927546aa276760bdd618021f9ebad86dd0ed521 |
| SHA512 | 3c744dabd8988a50fd827fa959ba5d37ca2d40f78c36665ed10eb12c9f026740b3dd9317edf365bce2e4b4ad13cdeedbce7619a0ee04c2158ebe1a2b8d862e56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
| MD5 | 32cbc145fe3c633d23e29bdf65c30121 |
| SHA1 | 82d6cd7ff158e70cc093e9594152a9084be54917 |
| SHA256 | fd7ae142630869d09fbcc261b6c1c0b6dedf522ac295a7125e8e2c952f02e6b6 |
| SHA512 | bfe15347175b50f4f20a58bc5576d0d8c902e54bde7546e80a2c29fb2138a9ad53fc6e4485748d87abb7d4fa1765b791f58298287bd810691198ef3bafdb47e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 13ba11389861f8e417316a240ea18fd2 |
| SHA1 | 7bddc3a39ffcc631189c903b9cda9ca812ac599c |
| SHA256 | d7ce1d2073f66eda378f779af0c94fdee31e7ef8cfab15b904dda8550199f4b5 |
| SHA512 | 8ed46dba027a589811f53c572432ebcdf4a4bb51214f834c7fc44e9bdc793938212ee6e51b8c52cbac5ef273b7e37fb28d98494d4989039451b6edbdc34b3c4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | e8dfc02c3b5c396653186462aff7813a |
| SHA1 | 971e133e0b51f4705f742f4dd313d126e1cb9577 |
| SHA256 | c5ee5227dfd80d24aab357543306142afa8823fcfa205d4fb2b3e0f1533df79e |
| SHA512 | 9d8239db7777eadde43916b139a36dadbf6c5ad4c9408abf9fa4a10f588e9514c4c4512beef19552c3d3dec602ff8cef6764cce863283b1a1f5c8f6c14a7e841 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 16c0a2c82dc0ab50f23123f7ecb11f51 |
| SHA1 | fbaef7794f352126af25aedaa99f1bc22d131f71 |
| SHA256 | 5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d |
| SHA512 | 0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | b4e4c40ba1b021933f86142b1010c253 |
| SHA1 | 8901690b1040e46b360f7b39ecb9f9e342bd20af |
| SHA256 | a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae |
| SHA512 | 452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | 0f978383950b924d31b77aad56c0ae79 |
| SHA1 | 4481f7635c1cf3d98c542542d0106cfe498446e1 |
| SHA256 | afca43c7931d9ddc33882d9a079772bddced944debbf84143192c4eea3292c77 |
| SHA512 | b8ffaaf2d63b9582ec4917e970b2033989bd414b9bbf2b9d3b5359aa4a8a15cd3206e556514483e511df2433adab4c8cef9b8a251e2fb942fe4e7d846fdf936f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | ec7ce309f9f6c41b6f91187c7c7726e7 |
| SHA1 | 22355398914d18888b25a0730cb6d81cb98a47f3 |
| SHA256 | 2065d961beeba6302d62a919bf974a0864ee3fcaa38ed8aeeed6c4f36672fbf7 |
| SHA512 | 7d848890b10a865d48966984142185c081ba22cc888a5be615b795c3851372ddd1ac28473de7168436695971c3178a05d9220dfe680849385a208b2105a9728e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 3821f1b4914613cd8e3f6b2be9f5595e |
| SHA1 | 01690474cd1340ee26ba3b32755d138a718f1b92 |
| SHA256 | f20484e43fffb76f528523ccfa33595e7a47b8bba7d19672e50a36d7c95e589f |
| SHA512 | d216f7c8cf10ef97197de0f8f9cf879a15588442b3769124b2fcc5739eb6e78e2d3f5ea8054742aeaadf5f8ce5fd573dc9c2b8a6c25d0cb8fcc2490db749bab3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | f941c2c08f149ec278a55f7db3bdfee7 |
| SHA1 | 24b15cb166be8be824361ba53180cdb1d292af9e |
| SHA256 | 0f6c0b2a6d8a24a748eb606d40d97cebe53b9a8dd07c65ad07cc8e2ae190cbe0 |
| SHA512 | 64b7d47cd96af8ee27036de1ef430372e4950a9b75d0b2ea6d040e941fa22cbe515f8a2dcea6415eb129fa00b6f277ad51cf376e82ef2256aad78d04707dc75d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 94fd864eff41d2466c55e3d0d47e92c7 |
| SHA1 | 2c8ab5e8d1ac7f09af3c09de7575f8ad55706094 |
| SHA256 | b7b245e311013279605a274aacf18e2f9314ea6c275aa4c54f7676c63f9b9248 |
| SHA512 | 4e1f2656222174c5442a5af47a63bc56acb71d8f34809aec6f33e15f6e15d6e8e81f72a8aff925c09bc2d4a0d9f55b408d7d8dcb7ec01519e431a3dd28e1f682 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f8e7978336e1add4c1fcbda273fb014e |
| SHA1 | 0bbeff0d6da402ec72b11a0e689d2ecc06e99799 |
| SHA256 | 65793a8c3b514db3f2d0fb3997298b505b868b9c10873bde7fccc675ad23e744 |
| SHA512 | a1da20f8ebe8ad2b9b1f9e30e07098a940ccc7dc4a6f16ef9e662bfce74a08559cb543e4d6887c06cc524f6776b12a7823e06114f0255e451440cfd2252ebf0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fb69682870815d5bb1b60564798a4bc8 |
| SHA1 | d0587fd1ffe4d038b42a549bd51f0be75d18e302 |
| SHA256 | 14380a56235687516e410302c465690399a4ee2f8933af5d7908834d21ceb5f7 |
| SHA512 | 42e0fbda147c983e4effa3041e355570d867741af21fe845f52530e08527e6d10d98803e4b1b18cd59df1a898c876223722079525e6bda33908b31542820f436 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 702a6ec1d3327c4ae488f234de4ef397 |
| SHA1 | 17325fffb8028e32f5ea1bb650d28afd699bf315 |
| SHA256 | b91df8dd3afeb05d5c933b45d0b30cf6e6a7ac8d63e0d56c8e6af5c65531f976 |
| SHA512 | 5ab0af81b6a484248836a227637bd4330145e2082350644cda636aa7e2e1fbd334bb83917abda961c8436951b2bd99cfd9e5daec6d618b50628f04849ced7530 |
C:\Users\Admin\Downloads\MrsMajor-3.0-master.zip.crdownload
| MD5 | 3251e9a3d318a4c9b90f318ff3c3a93c |
| SHA1 | c57d73b9998572826e0ea2861b6e185720ef5eee |
| SHA256 | 0c8f8d566cde1484ae2c98dc0d8f58d3eac6dd63e3e79fbcb0f25f3afa5e8fa0 |
| SHA512 | 74e934b13e626d9fc09c237921158d0e27f0e2c724f8c557177d2c83d81b859742109a08d3948ab6518833c58e70f585de9b2bcfa1e39807c87926caf681d8ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 76724b745a4d2dceffb398e22785af4c |
| SHA1 | ac7cb2eb6621b1cd807855054e58f1b293a1ed30 |
| SHA256 | daf5f5d9f69a88555a70d584d6ee4b6b565361d1c21a3e27058e75bb4f37e625 |
| SHA512 | 34739354c10cebe499ab04c140291d422034fe3853be80cfd7dd1445210eb16c92c0ab66bf3ef2c22df28fb317bdcf09da855a512c38cc3c12b6dc555d6c777c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dab524bb-5d34-435e-9a63-4981488f1a0a.tmp
| MD5 | b6ef6b07697d3778bdc2e01e973b38b7 |
| SHA1 | 0dd4d17e8e9ca6c18d41e7bbd89868fdd9ddab41 |
| SHA256 | 0ccb9fe7d4e7a1b76cd055aa59bcb686727229d092e42c4339b68dfff09dc440 |
| SHA512 | 859d918b835b1d421ddaf36b229656ad3f75240031c18786f25cf5b65d6e56ff0dc63b447fb79cb21ef3eb5b662e836ee44915c2eb89a46b9ddeffa7d5158467 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ff5a.TMP
| MD5 | 8e733f1269249d9e5547b84989077816 |
| SHA1 | 553235080392219b71d0e26764f06c2708066243 |
| SHA256 | 1c43f27112356c7368cd312b0c4000a57dd768248fead60aeb114d507140b00d |
| SHA512 | 34acd712c65174184b3ab0ef9385eeac36522a93ccdfd1f41595b01546262dd8d3aa8b3505b1a7862d42190e4961b3cf1993fb0046a458b5cda6babeda5f6556 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9e4e2f5dc9d2ab7b3313f8a025a6c6e6 |
| SHA1 | cad2df1433308abb49c1f266dc1fd319d753767b |
| SHA256 | 3bc3399bb94f6ef154c4e4f067452251d18b35e0703346a22461e854ac30243d |
| SHA512 | d4cf23e5b2ed4c70da2a777cc0db296f5503872eb54918d25e0ad63acf1ae5c448a12d5ffd96e502e05d01108ba80feab66dfc46729ef1d561c7a7a5ec8d7e68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 31496f93eb9d9c0849a2fb93677a8d39 |
| SHA1 | 0ca47610f4ee57ac3b3f2fc4a1979f594c44807b |
| SHA256 | 57756a0c40148e04f57c55a1a3232c2e17e640384531d8d49da05c4517faefcf |
| SHA512 | 99a8b46309aff59a51018bd0d908d238ec5d291464bfc1c559234caa2a70756ca1f01cefe5d1f0eae474c907250793c0dba2191b9b5f1b3ed412f70594751d6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d07caa918d49ea874d7302c6c0bfc1e9 |
| SHA1 | fde05e463c541ebd4c4d5f53db27c20229216953 |
| SHA256 | bebd928312069553deeac5f2f8e07e10657ae2196102e8e2821396f669b37ab8 |
| SHA512 | 8a936e856bfbad838eb9a877a21d2a71e244567389de2e8fc2b41e45eed463795c38f55d27b939773fe3f99596a55e8dd9fe30c081d079acc90e35cae8745775 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 87c2b09a983584b04a63f3ff44064d64 |
| SHA1 | 8796d5ef1ad1196309ef582cecef3ab95db27043 |
| SHA256 | d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0 |
| SHA512 | df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 345a3b9519381d8a756d87a3d74e2fe0 |
| SHA1 | 20d7794142672d54bc45d10a18cf45bac254f70e |
| SHA256 | 1d97c788fb4d03f511f0db42925192daf19183e1ac74e5d83f612438d3ee0843 |
| SHA512 | 61a7848863af77c7d4ab5519ca8911901b987d791d4032d5c6035deb1c89ba59f6e4dd69006ff155fa5a7fdaf6b6a585c6753829cdc2cf7360c307eef659a83e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe595a4b.TMP
| MD5 | 1c72cc35d429242eda0a27144db038b3 |
| SHA1 | 53e232da162afdf34e9f09bcd8da6d50c83ff8e4 |
| SHA256 | 6acfbfc63ef5ff19835b39692b343b1a1f10efc59608fbfa6f8a637885f2d3c1 |
| SHA512 | f3cd158cbf7821848359ad63b7ef3318b1449a6f1f4ee523745f6cafc229d1e1ef617f696b9f14d4256ae3115e16cface43876e57e9c999dd8cd254dcc0f90cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b13198e955fe9b5de8dc848081380d57 |
| SHA1 | cef3f57abfbcf1fbbf06cf23ee86a009175145f2 |
| SHA256 | fc5da444109cca0f029b98d6d4d8e12144770a992d6106d9249e1687e47da77f |
| SHA512 | d02575fd18918118ea8a554779a0447e3d5525d6de40675d5525650c83a4e153f4e14b060ed47224920ac7c21151f0835c3826e0bb98f147c5076253f40217a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b375bc516b2ec2854b264cbe7f8ed10d |
| SHA1 | 707f3b81a4ab1d200bbeb30491ab980b56306e06 |
| SHA256 | f42977e2be7498536e15ccbaa7f5bfcb4105050b84cf7f1242c29b051263dc46 |
| SHA512 | e60650afedad8c398125512a9ea55985875df38dff18e9bad135b047584ff34164c14c85c4bc70acf4d0dd5d37d337f8cf593c65a83ba73a95942edd2f715183 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 47e0f4248c634be5cedb46bed6d81ae6 |
| SHA1 | bdc8fa7b22229a0fdceced553dad64bdf2364bd1 |
| SHA256 | bb6129dcb4e1ec91c91116293af9545c4550a78792cebbc74216a193b239bf40 |
| SHA512 | 7f7352b98d26648d532b1ca8c21df9306070a7e30791bf19c9b525e2046b48d06c6cd02e70db0c48ce29e3938f3f993d9881d0421fba0232d9d46f5cd9e0146a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | 13c12dd8035a11f88f36de3b9dc964a4 |
| SHA1 | 25fb02df3f77368d59eac2e7a1c59fabfe9ac9b6 |
| SHA256 | f58cce418d2df873187a718cd5a0d609c711405480c1b56f004d304107c87171 |
| SHA512 | 7944f16894141495458ea9957172ab4ede54eafc76c50280075ce55f9eca941ffe7c876f2ae2536d7492da0cb340aa8094681929b96a428bf9fedfa47c8dad86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 0f2b395cc63db1bd8a5d093e558cbdd1 |
| SHA1 | 833d0657cb836d456c251473ed16dfb7d25e6ebe |
| SHA256 | f3797115dd01a366cce0fbd7e6148b79559767164d2aa584b042d10f1ffd926d |
| SHA512 | e8a4ada76efb453c77a38d25d2bbd3a7f03df27b85e26ba231791d65d286fe654c024b64f9d6869824db5d1cf59e4d4eb662f5a55c326e5e249144ae1a66b798 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 4bc7fdb1eed64d29f27a427feea007b5 |
| SHA1 | 62b5f0e1731484517796e3d512c5529d0af2666b |
| SHA256 | 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6 |
| SHA512 | 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | 6b528d140a964a09d3ebb5c32cd1e63a |
| SHA1 | 45a066db0228ee8d5a9514352dc6c7366c192833 |
| SHA256 | f08969d8ae8e49b96283000267f978d09b79218bb9e57037a12a19091d4a3208 |
| SHA512 | d3c281c3130735c89ddbf9b52de407da75a3d7ecbf0026e0de5995f40989883178cd59198354976aaa2aa7b47fc5f3f3856a59fe1463d4e2fdb7a27e9f10e76f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 09a1dab7422680edab826f7b7805f6f2 |
| SHA1 | 150cc5c6ff34a4f7114bfcccdb1b0fb8d3c7901a |
| SHA256 | 182ee81fe6284234287c02da38c469ecdf1d7862ed32b36a0154a810a105337c |
| SHA512 | 9b71bdcdc2828bd388da4df4f3de0a283d6e03577117b28ed76b349fb4fb2b1dc2591bcb202c521eb2e1619c55eeca2bcc69ce74222667083f30fdcd7379a112 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | 41ad71b4a06c48b0bfa3a49b4d72458c |
| SHA1 | a3ab02c233deb96a1808958652cfc4a875a69f9e |
| SHA256 | 9f3ad1d7b8a6a5ab59cab0698bb64f417d3d13b8b0f93e8637c29a746c7ce297 |
| SHA512 | cd405ccf48a998dd81302ede22db5350e28f73d3896013d3d7eda8eebaa7882244f9b0e7a7f538c161dceb533cf2f7c3b922baef7dac11bec15677a7c965f88e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6cf092fecdb3e68cd52296e02e014e79 |
| SHA1 | d0945bd57f28422030cc848f9843d5ce1b700a9a |
| SHA256 | 98b547f854b0202cda80df1ba6e1c52cfc5cc912cfd9b373687b4fad368ac291 |
| SHA512 | a7d55a89e52cc781b87612e8681f52f5da3740a021de40c9bb8aaa325cd349164a08fb1afbc94ea65fde6017ce8cab6e698eae875dc4a0e12c7f19c03f5b5590 |
C:\Users\Admin\Downloads\MrsMajor 3.0.7z.crdownload
| MD5 | fedb45ddbd72fc70a81c789763038d81 |
| SHA1 | f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a |
| SHA256 | eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2 |
| SHA512 | 813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9e1121397862d0f628c0ce4864897cb |
| SHA1 | bd05112522cf75fa6294441715451b843ebf2157 |
| SHA256 | d4b03dd63244b1f14f30df9511209701320b6cfbfcfc107fc495ff7e5606db03 |
| SHA512 | 76d25d5dc0b7e58f2e22440ea241554ea5217ca9bbe1ae13f60caffb9bc582300ce852b212fdbd88014b1e2a4a2ef94e188ad1042a48ca7c347ddc488fa74202 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a27da2a867e8a65fd84a8c8ef9fef6ff |
| SHA1 | b18b69e4590f8694bca51105e6f361e98151b657 |
| SHA256 | 676775896b186b519fa21c6575157f8707f5fb3413710f781f42602adac50d75 |
| SHA512 | 2ffe29523184bad3f867416f09a6413d70241d8e856e3a88f50869a73c559450034d56fa60ff432b18452d146879ada793f51f3f3fa60c706979be952254ba13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 633924ab2604586ccfc31d7e54265c26 |
| SHA1 | 19e5af9ef8acac01ba92c98a907ef98839553453 |
| SHA256 | 252e5b07eec98aae19c00fac43efbeca096e568bdf9a08a653c8f62ed0c14060 |
| SHA512 | 1e7571cff95ce0bccd7d6590edf79e7cb0c3314a70d85192708f9e5f8225a872b2d458e20afffc9270ad96a41ef85cf1486030efa356e09e8fe34d7beb5aebb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ff3c3f2369f364d276415700f42f7950 |
| SHA1 | 81509ff3f0a68e425079ced385e735a9a81dd054 |
| SHA256 | c2b16d07c252db2d2429c828e87c49e4ad0234aec5a21e8a9d868d015dadcef7 |
| SHA512 | 5052fa3bb0bbc238edfe8cf7063ffe44134804de0f2d6b51d12743aa1b13c36b3161c2a5fe7f2b3c7acf9369b1adc114ff25dc74ed6c54ccf65ed835610cbe18 |
C:\Users\Admin\Downloads\NRVP.exe
| MD5 | f7349874043c175bee2d0ff66438cbf0 |
| SHA1 | da371495289e25e92ad5d73dff6f29beea422427 |
| SHA256 | f852b9baeeefde61a20e5de4751b978594a9bf3b34514bc652d01224ee76da1b |
| SHA512 | 878f4bc1ab1b84b993725bcf2e98b1b9dcb72f75a20e34287d13016cc72f1df0334ac630aa8604a3d25b9569be2541c8f18f4f644f5f31ff31dd2d3fedd6d1ad |
memory/1220-1128-0x00007FF7EC920000-0x00007FF7EC92C000-memory.dmp
memory/1220-1132-0x00007FF7EC920000-0x00007FF7EC92C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b49541d402f8313cbb223e330a6d24e1 |
| SHA1 | 5bb31c70957bedcd49cda7767e534d198fffc025 |
| SHA256 | 7d5a20804eedf386901f015eee96c2419c4abbf4452172bad32e8d515225824e |
| SHA512 | 1ff2289c73593aff643348b6ed79328cf19d2af07b780148642b67136c3cf8e5dd35decee3899b4088c7f87d7dbe88f0287eec6a2920c4bd226f6f83f52ba7c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 06f115b0fc5ebfb3bb1316c3ad762e94 |
| SHA1 | b6f1fdadb6009e0dbc55450bd647403ce7990970 |
| SHA256 | 972444b14e50d3147224f919f0341788524e53ed5cf257b0b3f585ac64645ddd |
| SHA512 | 6df34d3f175e44ffec1d9ad7328a7d4dee11cb086099dd82a309436a361911a11e65096173ac01d7fd84a334d9e6f686cfe89ec878f64e5bffd340ebf086806c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 44944473320749a29139b588255fb69a |
| SHA1 | b21a09f52b2a7fcf7f253668c99b2d1bf26614fe |
| SHA256 | cca41b0424a27b9887b53d4ba27a136e2fcd4468a3901b6a3834bae5b325a506 |
| SHA512 | 5de8dafe677d8db6fae6eaed39cd2972c5c4104bfb0ac682e6a9a767a675eb4d94aa74395c82249d6ffeb800eb79c334974b4f7024fd506f5fd2c0ecff203def |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\cc5f97ef-f41a-4b94-9f8c-d087ae52da7a.tmp
| MD5 | 3f404337374e0e0dfaad6642d69456e9 |
| SHA1 | 097a322a964635a09f23980b7e6fa98ad8948dbc |
| SHA256 | 1fac98ee57d64ee87d16bc48c4437214fa56c5f63409231d0850c3850d91e453 |
| SHA512 | 96c299227a015ad20fc19fd5cc0eab46d04c60c209421435f69d9ed893203a83117cb256ae23811f10fbf7698d23272e9a05e403962459035bf7daaacaf16c9f |
memory/5628-1172-0x00007FF7EC920000-0x00007FF7EC92C000-memory.dmp
memory/5628-1176-0x00007FF7EC920000-0x00007FF7EC92C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 52cc2977a28a70aa10119f69c81b02b5 |
| SHA1 | 329f820e8c052a3632f5d5131475f71a29039082 |
| SHA256 | 733f0df9efb35c3c4669538659117fe03d94baeb15a58a4f43a1b8cf7e68986e |
| SHA512 | 50c19aa822a342c47fabebef9d2d678b99f199fd638b0652f103901df981753316d839086215a57db323f359ff7d8118fef13b1e43f5e982db4afc91c5effb5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6a03f5e3e4cd3978c2e60c5bbc3339bf |
| SHA1 | 160f45f4ff1eff9630ccc325d53c76e087e1bed4 |
| SHA256 | 155d9f96e5c2f7babfdaa48e8677115e954726fbd6dedc156f0dca4a40b96d49 |
| SHA512 | 462ec0a72191502f153af85cf921eebd730d88fc6c19e06511159cb78df821fa2a27ee8742cb30e456b7726aa5b4a8f5ae213a1287312f7bbcb68f28a5e983b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9183bd9f36419b84b557b5c77cfc448c |
| SHA1 | 7ef88e52f14f92014540b0826d220b4f34c90694 |
| SHA256 | fb773a890e3ba1633eba0568c74ec1fdd326605728ef592ea2a2573dad7eb985 |
| SHA512 | a7e59e5c58c8806637986e67b753af666f9e0fff46ed1ada187d12bb90742fa516f70ade493ce2489da310851aa3f8fe4238164d69a43d2367146d1b5fb4e887 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039
| MD5 | 5ce7bdeeea547dc5e395554f1de0b179 |
| SHA1 | 3dba53fa4da7c828a468d17abc09b265b664078a |
| SHA256 | 675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9 |
| SHA512 | 0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13a053c733ffbb46bf359924013f0227 |
| SHA1 | f9f2992875f6796b79f96e4ce83c32a6425efa59 |
| SHA256 | 825d51c04ec1ce44ebef4766075504eed8a04a750b819dbc352b49d16f3d645e |
| SHA512 | 086c1b37b696bb8820e5a9e2d806d543f3e8f12955ad6c92fc5e51e3e2c70a7f6a3420ce93bb751278d80543ea9532429da13f25c36533ef6663516dbeacdbff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9c0e08a634010049af82f561ac0e1fdc |
| SHA1 | eebdd44b8c459a8f32b7cc9c976ac44d07450cc5 |
| SHA256 | bc1e1d2f8e5b5b26e42acecee1dbc7793f992c518692b67ab179e2df44ccbace |
| SHA512 | 4592a17e493943edec18832fbe67ab263486f947f18878789e59ce9f18cb6cc5a38ef0b2554baf5c7197012e97f7d1e833698cadb33e7a05c72f937feafaa655 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9e2fb7f96dbff93bc4d1b0431f9b10fb |
| SHA1 | ba6e697b130f930876416e824a041aa66f5b2432 |
| SHA256 | 40732a1009102dc9cf63216859a3cb764be8bd13669dad87fd5cab58d8f412f2 |
| SHA512 | e8e0c9abb70e851cfc2066d1e13b466da3164999eb26ef67bae119787fc1137e2eb5d105695e42dc3537377629ff4ec41879b276f186f76d1d279d99a08c67b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d6a7deef8aaf06c00ea7a7a0368e2d08 |
| SHA1 | 815f02fe04c5c1847e2e49320d64990c268d8956 |
| SHA256 | 13cf712fa1321505d5e46859723af329610a4160af14ebd69e69f9e98fb627a7 |
| SHA512 | a1e2b82b097b4a77a2ac9433152742259ef8a99009909af10522a5f0e7ce15cd95a47db862ac8b594663a708c39df2bc9bab8a718235171ccdc7a7ac9198208b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29cebc70be5de6509374ac40eb654f95 |
| SHA1 | e358e1bbdfced64f076f70edbe398182e3b5e86d |
| SHA256 | d6a1003f5665f0433b56ca7ff952009db8053854bc490b029e4c0effe55f24d3 |
| SHA512 | 56ff543512d7cd160f14a132a3969721ab55d0f2402fd37f9fb9f453802ca8b7dbc3f3b655f433687cdab4bd7db63c32324ec3d3cd6d2ab6a01431f7f484eaa4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5c3b77fd4ec323decc20331eee28945f |
| SHA1 | 17f797d6acd8623da7a81bfce3e7d60501bfe5e5 |
| SHA256 | ebe10b11bacaa7466b3fd27c52766b2e5caf9e6ff2f769e92732f6e084b4f322 |
| SHA512 | aae8e15468fa445bc65135c5c989cfb2fdaf54494773c7e619546d8ca897ada438a5ce091fead4866a640ff02e23f76e130951cf4bfe0a3fda7310b96ef6f52c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6beaa9c5ca408dac66c8ebe404fb9cbc |
| SHA1 | a353f5c00d290abf13f7c4d6a8fa7bc077615f96 |
| SHA256 | 5e4bac5a48da7b04d6040c828bba0596e3f0494d7fab46468476d4a13f3494ce |
| SHA512 | f91248f99e50a8e25e297af03a08ac0ea39655a5fde7b5a83488dab22794cda985b299189530aaedc816b48d7b1a5cca3bdd14bd37c6e2a97db31d3b39f78551 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 87df42dd653e846d3ce0fdc9f7883b7f |
| SHA1 | c22caa272bb0b8ea25608253eabd34015ec34b43 |
| SHA256 | 41459f8cfc14ce7321d5fce00ae465d3bf8e51f8b0f8e8b16424151a2a134f6a |
| SHA512 | 168935713bb476633dcd940d84ac2ea950b67050bff0e1c5c2043ecd98f5e37d0853bf8fd76bf4e407a3ec3976e947a54d317d560454371c4eb570f6698acd50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b88ac43b58afa19f2b382f687c165a83 |
| SHA1 | a5a4991ffba3af9c08b7504b0f523b95e089bde7 |
| SHA256 | bcc825984273f020d93c700d64c8bbeeddb4110e46ccc1856cd36e709b607fd9 |
| SHA512 | a73f867069828bf0b010c5abe66a21649fbc789912d6dfda966ad1beb91f497470db88f7cc78739ee2e601dd6521f269ae2c73a00653ae9caf812014ea8c1977 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
| MD5 | 7626aade5004330bfb65f1e1f790df0c |
| SHA1 | 97dca3e04f19cfe55b010c13f10a81ffe8b8374b |
| SHA256 | cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e |
| SHA512 | f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 177c46a83a04d2a61b7cb30db209fa2c |
| SHA1 | ffca9f2947d98923d9b07d8ce4005cea08422daf |
| SHA256 | b410799ff886dea8c46c06096fac0bf2dabaaf486ed4e73d327003a6eb8fc48a |
| SHA512 | fe0d86a4403b3d70dc810283cd16083926d32525d9c11b78181e4bd956f56ba0582271da967fb50f2a249d4100a0692bb326c314e299a90b4d5cb04c68c67b71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 4e157505af7ac44190920e9e9f0f314b |
| SHA1 | e139a3d82a117492818ba9bfca086496ef13e69b |
| SHA256 | 031e76c418aab381e87ab427c75a7e6379bb7fd64ac4e48cb1f201f7a61053fb |
| SHA512 | 0069b5a24dc88d39a5b1ad86f0d3cdf5f091961185c4f607c6978c8d8e84a8170f98d8611dcae797779e291a8b6cd328014454f4ee50731ce6b68e379dc3b32e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ed50ac27a4bc7d3f9eb43e11a237b30b |
| SHA1 | 93cda61627fa692f734c82e28bddf1a32c5a627e |
| SHA256 | 651e9ce66c4036f171e2f90d725b6b350d4b66e19305c434583880ffbb7a725b |
| SHA512 | f752b9367cf136b3d294eca56a33feca851b2347a3240bd65a5f036e6d9ea4f22b70363d795d297998be5892c6cdf90d37342140dd0209640388ba7a55c42f91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d042723f-6843-4ab7-8ff1-e5fa370acce3\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 87150070fea4fc69dc00c1d99d024717 |
| SHA1 | 0ae460dcda1ecc721089b6ca983f2e54963599e5 |
| SHA256 | 19713997f16962a3dc471384fd61358f65755dc778226155ac10e6d0d10f5d76 |
| SHA512 | cc34a2916ef90a14258dabe33b3511594f932993e00d492bc67d772c05630698a4c3824ccc754120cb474d1480f4502fc92b56e323f4383764e7dcd016084730 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 43309b932eed83f47a48ccce92e27b51 |
| SHA1 | f4bf7fb64c7db8b155e3d4f2f7f673298b9e80e6 |
| SHA256 | 239abc7d0e6e236220a679b35640491876a5eef3f7bfc59b797abc032fb85c8b |
| SHA512 | 6ee8130383dc0e5a8f87398f056623743ffb07e7c3bb02ff37430e7f2dd3d62d775ad472985e3c1d984ff6c27c8fe019e6a85f787b250634d0414b35edfb1049 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41aa8c8b85392e9896da6b38294449e8 |
| SHA1 | 268dd25007465b7294388894074ed8bfc2beeb7a |
| SHA256 | 2a1212b2e1fea7fe3d80906efead644ba089c6a420d3362c26a686cced0d328a |
| SHA512 | 9ce75f43b10fc7e8e46840b6752dd63fcf1fd78b0d65a5a933262d2348f6da46a87153e6298cec4c683cffcdd2ef02ef8a85c3bc34ba426e5cdc49b3c460841c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7c09f341454c0a305a1969217f288b4f |
| SHA1 | be356a097fe621bb5e12b07d04120c5e1c083be1 |
| SHA256 | f2cd656227689f47abb462e45e76a35d1b6b78a4287685e65d6dc47e27245544 |
| SHA512 | f31590e7c4a927a9d6ed5fb195ba5f9fc54e3a5aeb164241e74a49c9c62eef6a31e607116e091e54765d64a6c5de3ab4c378051f1db04a41ca832ef0477ea40e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | acba6a766e92a3c77536dbfac1988a93 |
| SHA1 | 2f615cc54ca66aec90922f4da2184900af8ef576 |
| SHA256 | d814fff22c121ad6882cd45b53e518918c118bb0f72f2297b34dd1b99ae7802d |
| SHA512 | 813412a559595358c9db732c34ccf4aec622b3b7eecda3ab1adf6ba1b6b4ea31057acff14c2b307cacbf2963089e2c2ddd2046a4031b3d54f434e9db5df0d4e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 3cc537a5bbef9566ca540730f36aba9d |
| SHA1 | 84341562532f8651c7a5e37880074f0c38a05564 |
| SHA256 | aed5a95cb139cd9e77b52d30dc6028f0f52d143a1dd27b3aa8104899342fe6aa |
| SHA512 | eb4a716c5a174c48f6e8c2529787ed0d8e33d9001929a8ed9775abb2cb5420f673e2f4b1cbdc8ae36752ccac3b0109e2bb5d090e8849ec7b8619b7942b9ec5c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c0f340db8a9ba871f27141aec985ccf8 |
| SHA1 | 047f95ed9aba3007e55d501abff5473875e90787 |
| SHA256 | c8b489b4a1e8fba2e51f3d127273eee1a012aa524aa1e7c846ac9abc1bb13bc4 |
| SHA512 | 53643d7b3945ba614a02ef8bfe337f9e9745d202a91e99636b86b94f54ae48f2af5d0ac508490b6a537f3e12861fb5e943f34d01cac5690a467231da0a4c4d40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d042723f-6843-4ab7-8ff1-e5fa370acce3\index-dir\the-real-index~RFe5ca744.TMP
| MD5 | 363f8bbaeb6f494b779268c87122ac88 |
| SHA1 | 7610630ba0fe2b6443a3b7cc69d30b41f560d36f |
| SHA256 | 687b202ab777866a11a3afd151213eff7affba4d5dc841b08f14e251f370dfdb |
| SHA512 | 747e8b955f3e7410ed55bfea3537e00c8a782f4d842cf608e4cbda371d2a8e540a592eb25c63f1372677ae1ced0481be94278186a6033025fccc7dddd9e72737 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d042723f-6843-4ab7-8ff1-e5fa370acce3\index-dir\the-real-index
| MD5 | 792772ad6ad0480f0966721023e2507e |
| SHA1 | 39017bf49d6519f36fab71671327aa89390f6b83 |
| SHA256 | 3cc0bf5eda44f688e8b4de9fca58d2ef42f9585e335f4086181ec0c83fe71429 |
| SHA512 | 03d94360ad49204e21408ba1205ba0026258fb879bcd0c3f852c26914cf2b3636260d553906068e860adceadfa28f67bf53bebb5a2f95fb268c83654f0b6d909 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4a5378438a3df8e49d6b40cab04c6f67 |
| SHA1 | cd49bd6b728b9a57d9d8bc400f45576d821138cb |
| SHA256 | 6cda1279f4270cc951472c33e37af87e962f771baeaabebe85eca3120e52cbdc |
| SHA512 | a0d917a29f4fd0734bd2bd9495ef9e41ea42df8822b9ac40a8b1d3dea1f1ecfaac25121ecabb14d80947d1a0a90ee33a8c2601eb9948d040f3c3dcf9b90922f5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | b5894f8f64d43b97d96b28f61ed45e90 |
| SHA1 | 5d16995c36bb2f017bba973b1f029fb1c13a88f0 |
| SHA256 | 0f04cfcf4cedd37fa81f1eb87a4779909d3fb201891f277d37a453534f7450ff |
| SHA512 | df7accf6e227cb05e967dccb49a3303070c39f32cb24a0c209784117930586fc28d1574cbff78ddba4300177bb8619c792836a2b3890cbc791ac91da6fc8314c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | ba3a580a6cdbf0252a8912ed4a3cf1b8 |
| SHA1 | 798975d6f5c1863d04daf819397a4c124f43caf8 |
| SHA256 | edda5e76064936c96dde0f4d8e8e8823f4582a3084ae3566367bb33648b51dd3 |
| SHA512 | 9f6a3b5c6326fae01570c1f313b7dfe8ef5967ea8df38c7facaeb1c9aa9e3259b5b425bff789a9a4e44359062554c3a3bdd8d871239274d9114ee7dbd3f530ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 80c96bee048b113cce6a1fde868c7a63 |
| SHA1 | ee0e8cbb566598357d6ee3684841846e473aa984 |
| SHA256 | 332016517cab74e2b7e38d42b6cc1218903a4967950253b94efe38520c72e98c |
| SHA512 | 61a343b2e5a8f22db9927c9344d85eedf4802a67a3f1696761749d633e0927b9db0e0981d248461164b46b71f749215f1b1b8185b95e73f8ebfa776e540597fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5bd54ce0a30f76aec51ccd66c05e0a36 |
| SHA1 | bdfe2cfe9984ba88697ffe4b6e7e609e4304cae3 |
| SHA256 | 0ae3279c45b0f864250313167ffc4abdd674b333693c1d086dd268acfbd46f7b |
| SHA512 | 151968a64e84218270205a38c27c4d5f57f4834cf0b756669ca4bd72f01ad469f622b7e229d18258c5d16ecf6dfb5c13f0a973fbd2a7fe94ad83b5af22b708b4 |
memory/1900-1843-0x00007FF7EC920000-0x00007FF7EC92C000-memory.dmp
memory/1900-1847-0x00007FF7EC920000-0x00007FF7EC92C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 833768c9b6fc94f1312f895261e80c9e |
| SHA1 | 6fbc9bcbbbd64dd1a03609bcc63ae4b4ffefc925 |
| SHA256 | c12db82dbc2a66d6538530de3f93cae5b4958159a0a1d292e9c3ef5f8bcac930 |
| SHA512 | b682aff413d2e881c7866b00e4ad97b681d618b38c10289e9fc80b88a7c595a96423b1cdc5c9d3709d20ed941895d9e70e4bf796db0b3273ed251b2868173209 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 55ba6ec933c0d7295eaefc28e645d1d9 |
| SHA1 | 9be51e7a209f8dd44e0add732da308c2e47e66d0 |
| SHA256 | 85096de09116f845c8e3101434b1a500623d2ecf5101dd6045270864d9855323 |
| SHA512 | 8380ee01bcdd323028d326f2d6b778c9668a1104298162a911c3e32e77ecb4f40aa1c9e212053905e0afcbceb6c69c188769fe57b4a92cf0f7ab35c0bd72642a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035
| MD5 | c6446ce4d2be65a132dcd152a1dca7f2 |
| SHA1 | fd0a2ff5ff778aeedcbedf6039969fd7249fb039 |
| SHA256 | 19b8a43490ae423550de6e78249920e970a299f87d88ac8b8a893f6473c4b7eb |
| SHA512 | f829535c24854cbab10b9af21cb01d40f9d0d83c499559d47ae43035bce602f6ab5cf8972efa8f098dfc83974bb7c051b2852e37f00d4a5bbc5a1987a558d632 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
| MD5 | 1b23f000bd08ca437d3c782b86071413 |
| SHA1 | 515a54e0c06cc4e4202a93e82fd2ecb96e23f454 |
| SHA256 | c1546a16590b63b9698d29a6de608f6e46ff679c06871dfce67ccb6467e9d9e2 |
| SHA512 | 88b3b541d5fc1e23a0c9e3a413ead0a6d2b193d8c38ed2e7634619138c17f6e99e77ec47f25d519cc8a48493453f90845fc3c5d87631ea1c5c683c7da85fa396 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | 62c1e304ff5ad6d6418605e3aaa025f4 |
| SHA1 | c842e78264aeb6f6186126e8c0f307baf00c7bfb |
| SHA256 | 60242d9710780f402fc2c90be6d03d33eca7c273e17335342eada43e946188e8 |
| SHA512 | 2072d53419b615528ffd799020c205ca3aa00bb5a419a1dc85dd14647b2251e1e1ddf74c40d651461c46fd6568ce209d4ce6e620a1eb0c32c8d0bd63c19576c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
| MD5 | ecae49a67e5c3310d12641e70cca87f1 |
| SHA1 | cfdc8aef4916a60b9ad45dcfd66743720627b5f2 |
| SHA256 | 00d35ebd1c9e1f5b52df8da3fed0c9e57df67d1c5a1d575c299fe5f4af8d32dc |
| SHA512 | 089b15b805f8c127c556dc4839ba08b5d50d2d4c76aea53d6928c11583ce3ab8258d94ab7c422c738319eb916b6b67af2cd850143071078c8c8969efc6c04c07 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a
| MD5 | 4f3b132bf6bd1b8f0dea4f843db85a86 |
| SHA1 | eb9f5bbaba00f54ea18a26a04dbb89e7065f0537 |
| SHA256 | b26293d7e764ed4d2825d08098e4f0fd60d920dd2017d88eb7096cf1cc1d012d |
| SHA512 | 1c6c96302c2d5c5ed4b4ddfd664187c429eb6c67b02659ee5c8b04a9efb676c91c8ec5e02ec1a67bf77af9dbe378a71d59219b9f7195c3505c0a341305160fbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c
| MD5 | 1aca735014a6bb648f468ee476680d5b |
| SHA1 | 6d28e3ae6e42784769199948211e3aa0806fa62c |
| SHA256 | e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a |
| SHA512 | 808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | fee6c6f3f2bdc4efbb6762c1cd4d6d18 |
| SHA1 | e6d35b4182a999ec8ccd3f766f1d97213ca35fe9 |
| SHA256 | 91f81ac16ef2da0e02f40d46fd26a05dcbfa46e86a90eb8a366de34732cdfbac |
| SHA512 | 05c13641f04a43d53f5ebba9a9d1f71ed082a940b3fe4643dea65ccb09cb90c28757fb060f3dcec62681c79163cab66aef8a48407eb7b0501db3e47679cdce74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
| MD5 | 274fcd8c18efaef36b7c375d2d6ce1f0 |
| SHA1 | 73e209c17568e8f6b79c02095f936b6603a9817d |
| SHA256 | 13cc7ab213c46d100af346a1d478fd37299397828216b3e7d269eb8d43d80b0b |
| SHA512 | e46b07af8f82f23055e50a7324b76e4731644194745a63e19e713f30b4559eae130b00b396478db4688af7d8216fe0204a121df4edaec3d70bfda8902960339b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3d2462e954ef9877c28d90138e79c58e |
| SHA1 | 686b88f4af2832b737064806ab359ebea1b197f2 |
| SHA256 | fe7f906e16f87136285511c1a11aa39ef6fab4fcea4ae4dfae2ad40866dfe63f |
| SHA512 | 38a4655cd18eb77249509788ddd94a6bf486c9440e71b9e313fc5842bb737b779206a50af3c9103aef772232e3b0db2f966459526258e8a80dc5889258dee096 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7e1ca1bd16293e3f2a1c56d45d779c4e |
| SHA1 | b0a5cb347228cc0821b55bdd592035e497d3f5a1 |
| SHA256 | cbfdafab7c54864ecac6080e321261e01a160687923d39819ccbc42ff1973843 |
| SHA512 | de56c9e8c344900a055ec025b23933dd2a897b048de91cc620b10d1b5912f9ceb44a163822f802595ead192193445eea1b181756977ce62b294a71da1fae1470 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c360eb28abf44bfca2cfc9fa6cf7e51 |
| SHA1 | f41acdf8d8a4cebe82366aac447acca844faf8b6 |
| SHA256 | eba9bfa3f1bd56c867a803e1561b7e18c102a01931100b0d0bc4fa6877510579 |
| SHA512 | bf794e1e44514b72aebcc3c7dbe9ad7a394cd5f54fab1669928be9d2f33baf2be088380db5d5f72e8fd29a73a2e7fe042535229beefe96ba3718a49c241eb6a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 18e91911f6e41764d0fbb2000f2c62c9 |
| SHA1 | 33c5f95315f97a2b988e7c1b8637a76a72965cb4 |
| SHA256 | e1dec49677ba9d015035281ec9c34a0a48d2cae362102455b16648c06ffed5e2 |
| SHA512 | 22d406d99eca0e62f60eb42dbfda4a47613771aa5b3d89747bfc5a08f25637878083f115e672a5e8d9ebaaaf289cd40f81f9bac2e9245d269374835265f78adf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | 0b1dfab8142eadfeffb0a3efd0067e64 |
| SHA1 | 219f95edd8b49ec2ba7aa5f8984a273cdaf50e6c |
| SHA256 | 8e2ee8d51cfcc41a6a3bfa07361573142d949903c29f75de5b4d68f81a1ae954 |
| SHA512 | 6d1104fd4cfe086a55a0dd3104c44c4dba9b7f01e2d620804cf62c3753a74c56b5eae4c1dc87c74664e44f58a966ba10600de74fb5557b3c6c438e52cc4decdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | 4fc4d4c7c4f6c755997cce50a83600c4 |
| SHA1 | f336826789953add8dce40d20384bff932152596 |
| SHA256 | e50203dc05a73e555fc1c9b5dc988130f38d817098909a9a5cdb2dfdf564d527 |
| SHA512 | bddd41c81b076a8a391decbef18dda3cbb0b6e2bb849a6c594979842cd074cfc1853ac37ffe430e19f8d511bcd4ffb8bdbaaadd8131138f6232c9e9ea74eab54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | f1fc61e461568046dc2698352c29268e |
| SHA1 | dc5703281b3342f0ce7abfc5b4d0c436fc58e5e3 |
| SHA256 | cdacac9f40b1d5c881189fb9737871bfb0cc8be4498d2b2e6268b4655ecf3e52 |
| SHA512 | 45edada3cbff374838b628c434f87444da8b2d8b1c5b07b9016f153877add5b8f353c259c66832db7fd4e3ae2c5aeeb05a44b3c592d2b3c60e747ef4d0a600cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | bd84da3a0e12250829b9f698c709fc4a |
| SHA1 | 2d6015d88fb9848dba8d7fd160b16ecb7d402db7 |
| SHA256 | bdbaf95bef3c2dc8d077978f2d05b04886970fa3b3d238d8b4e7f5c3f966e81b |
| SHA512 | 9dc5818adf84a5dbf1cb8cf541711f8d73ef36f04b2bc734a680c0a2277202d092c08510ccdc0e8d90a8b6e8853c5076a2b1fbbb4756ff0cbba6a311720e2c6f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 3911dce6debffc8d27bb1023ff43b8a6 |
| SHA1 | b16b834561227dc789512ccc7bdcf01a30f4e497 |
| SHA256 | 14904a6bb87b839a05f7ca30b239ddf9d7607d0762a3db1df511cf6dcac59e4d |
| SHA512 | 79f356d1ac83d3074aa5cf4f64aaf9478ce305714c6191b98e8d526c69a7cd944e1c6534331d07065fc2477560daaa2305cf2eff4a7f8e0b534a2b3c5a5db610 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | 4706a7442fdd39a4da3e5be65fd6d2c4 |
| SHA1 | ec12e6ad1c460b2df53d0f27bd10becb1bad22b6 |
| SHA256 | 18e182bbf8b402877e45bafdccf984e66a8ccec2ed9766e1ce521e9f73bb43a4 |
| SHA512 | f4a4907ecac396dd8173ed2c3a9c38d62e83c93b695fa905e1cf522050eef413317b4733240b66a10585379e2b55baca2a792b968f10a4acd140525ffb539b3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 826fcef324d65bd4a1b93dc7af769869 |
| SHA1 | 4074d8fc7df0cf0cb5c3e138c5df35f1735e97f6 |
| SHA256 | a54dfae13e9513450a112297c99be623f1a28b67054241ca7f8ccf377c01f85b |
| SHA512 | 02f36af602df751ba533518478ecb035a1051612414e09745358a4c6d6c269bfd2aee3a8a13367ee81edd306abf36c7c0acb0901cfc7a682a3e48ed031e978c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a742e9ccee697ad551db8a5dba166d6f |
| SHA1 | 438a57482f6f840ec712f39ba13498e13c072756 |
| SHA256 | 5bcd2d83a8a9bc11a090d3d30024094c6c707d6dc3e1bca1ea3f5b9e69d2eb03 |
| SHA512 | 46a479b2d912f04ed022cb40c5417cb5ddb8170b3e1037e65af14526d5cf65c0fff9427d9fc0411dfb12b504514b676aaa0cd15195fcdda1e8b14a13969f52a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a8db5f47555b538a59cf0f8a7fc1aef0 |
| SHA1 | 862510ffc26e21f065d0955aa587d855de429eba |
| SHA256 | 1127695a2edf08e21b458c5bcad27044d002ef70dbe40e48ca04bb8ebf0aff70 |
| SHA512 | fa367afc42deef6cdbaee1d1efe1c531a37afa84765b1c489a0933f51257ffe62826385b661eb25edad538d492b50e628dc2f523898b73656433bf72010446a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abb6264e5c351cc7e60146bb77ad9794 |
| SHA1 | 2725e6bbf3c792dae489ae7e4d94fe0c23457ad1 |
| SHA256 | 867ba6bbb1b41e8aa6d9783e6380fb494b431b7f3ab93d41da1bae7887facdfd |
| SHA512 | 50c0d91c4663de901160b4fed0ac4895c00d807ab43511e8f85bd52dc4f78cbb9a346b71e61660275d50efc06927ea23e61fc5afc269e6f244124a8d13d58e7a |
C:\Users\Admin\Downloads\MrsMajor 2.0.rar.crdownload
| MD5 | a61889efca36007831250fffb358bd17 |
| SHA1 | c835f75a8de83cbff5787f8143476b424458e7c4 |
| SHA256 | 50e0b0a6e806a837e3a7346ec2a7c0f4c36e7618553c799a88ae1658d97e505a |
| SHA512 | 8fe704c55094cba451cf12197557bd44c696b58eae2a0a9827a7feb96d67bda89e15bcf763212fdd072e8272ec6537efb738b3e18cb24c26ac7920f70837cb2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e7899aedd51d27a475e0e8b237966c14 |
| SHA1 | fdfc36589dec16eaadaccf7b68da28d60c1917f5 |
| SHA256 | ea4f3d78ea15ee5d9d378c0aa3a6b9caf524fbbd8599c7b6659995b9438badde |
| SHA512 | 2866860d706d9cde25ef42f780157acda854ecf065cb0d4f464f8a1baf15e05942505a6caf95d7ff1c291d3d55606bfce274e9ddfa099fc637ccb48813639fca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 27bb770283a1f2bfc287116d49cc8a54 |
| SHA1 | 416344be2c956628240d2bb32703d8f1be5c6047 |
| SHA256 | 74da06c01bef17783768a00d85da9c8622a10086f2b0eb08c6684957f3000128 |
| SHA512 | 52866e672220e257f611623b0b2ae20f3a65af6096faf927937ba44a762b306ec5cdda32dfb50dddc12ba54dfefe89f597168e7bb69afe7684c925d87cb99fc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cadd56b71a4adfd33addfd1a0b156096 |
| SHA1 | 2db0cb7be59e1f6173405f77859cea8f3fa3c9d8 |
| SHA256 | 0262e073884c6aa9ee5b5315bf05ab5ded2e9b74673c5d865e22bd9d2ca78b52 |
| SHA512 | 2fdc4731ec62ea3a79c8bf882169c03227d4a86b61dd110171b2d301d75678b1cb6a12ff87d907867be4d60320afd3fa1a53cf19a9bee043579e9d4af668e0cd |
memory/4136-2168-0x00007FF7EC920000-0x00007FF7EC92C000-memory.dmp
memory/4136-2172-0x00007FF7EC920000-0x00007FF7EC92C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32bc56f44b98af8a3e834ca940ea41aa |
| SHA1 | ce6891c9719de7ecbd5994b611c609d700136993 |
| SHA256 | 548df8574b7ae3fcdbd91e3adfc2bdc359aaffe2541a42cedca8e076f7057ac3 |
| SHA512 | fe5550b6b1c1348bbe615e221ffc624dcbb704064ae562b0793c231e00569b5b2d0e96796474cb67ad486d19035bb09c171391675b7c3da8d463bac3da0d7cfe |
C:\Users\Admin\Downloads\BossDaMajor.7z.crdownload
| MD5 | 187bbac84c1878d4427fd901d1f85557 |
| SHA1 | 094a4ebd3c51923878b83a516545f12d7f556439 |
| SHA256 | da8a8541e7b6c33f38a1c9607073989f08dec0695c18c18b15c8af199a807600 |
| SHA512 | bc6962debd2b679ddcbb080607c2d60dbbda257f58f5303496f5ffaf6e448c3eea1ccb7ecf4f6bebb4de7c0016fdc12b4fae311d12db937cc4aade5f14ef373e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fd8a6dcf0a182d12ab78db73abdc5a7d |
| SHA1 | 3d6b8fefb23cade84cf94cf84140babdc1bfd12e |
| SHA256 | c289a76cdbc20b42f40b57b1ba06ad63039d21180b50c96dd196a9ec181687ac |
| SHA512 | 6ed0fa6c00c3493d40e0204b306c0895a78f4ab44109c37fd4cdf3c731e1f5e8e6e6011578514653bd29bac81eacb3b4d70566e125426f449ce626d2c55d79e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 81b17476b6e9b4e3d545c37d7e118605 |
| SHA1 | 68950fcc650b962dfcf4c4cf44f8add84cc1b49f |
| SHA256 | 545f5af8a4988df995164ed0a6d0451a6ba59729bdd5f3241fb85295b939cebe |
| SHA512 | 421992914a550234e5ee4e1de7c68e453a236bed45b4c18b7e5e35969bf9ac4d0625d3866c9c0eb0048ca8e2b60ef0dc24d5f2b7f1a580c8c7b4e61c7880d6c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | c2ea9c68da2cbae2102d8bbcacb561ae |
| SHA1 | 6e4187fdbf1c0a80b95d9e68130a7b3878f89618 |
| SHA256 | d8201e974ef8529d858b908e8502481b7e0439c9757e18619e74811f56d9b1a2 |
| SHA512 | e8347bc3ddd5d5c4842e2dccf10892b667eaa235ab343fc931bb86b5df946c0b2c641cdf834ebffc86983ae664c309478d7130be4ca43eb5a009b480d255e7c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e12231599e492250ce3fefeaf5a7d217 |
| SHA1 | 85c3276006ec900f4fe53f8730d97d3cc5338797 |
| SHA256 | 92ca24df97fc020a47e0373aa90a0e58dd8dee5619101d6fc86ba8059d8a2877 |
| SHA512 | 6da37b5f330f2636601fe0964dd2b650eb59251fa059ba0bd92ca288c52cb2bdecfd3a0f8bd1843fda57ded65717f950c6b9c4d33eba56158a0cf5daec28c298 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | cf2aae8970cbc6318cb27ba0aa0e497c |
| SHA1 | 78c3263793a757e965dec1340ddcca6630447842 |
| SHA256 | 7cc734df56b8361d9bd66221815d8e6bf1309091cf4fe2888d65ae687f25a7c0 |
| SHA512 | f4c0824bce71afbf7891f15cb7fff51eb6700643195168ceecd7cd8e90b8908faf247d8c6f04f26243af0f2a22d79a42b44c8d85c843e898083f811e894b027b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3e2319c93508d608e03145b7064632f |
| SHA1 | 2f9351f2cf9846f0598d06cae2161d924290b126 |
| SHA256 | 5a39f07e30b41c715eaa831979e71f836625521d2e5b75459b9a47b02c743889 |
| SHA512 | cc0eea21ed95e312d485ac1cf4ce5cf9a8072223828a89c602ffb76f00faabe6ca21e83f5ad0964a97bf837bc819cc8016387465382a46950626b184edc4682e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fddc3356cc0a0d4293c312a3f134be2f |
| SHA1 | 414f4ad1e7b4d3961d98420e9a881246427e8317 |
| SHA256 | 9902ac05a68b75c0023e537c791346c8969b6cfe14bd7fddfe1cf6977755d01b |
| SHA512 | f199b84a3615114910e2a1dc89e1eb918ca16d87f46e3af304c57229f9fccbde48467514cdda81f111c551566bb3518e08b05bccc3efe45c57c6a163bf1fa9f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6db564a2c03429e29e1aeeb51665dba2 |
| SHA1 | ea0bb34229cae394b1500f8c0d5fd722c4082ad8 |
| SHA256 | af0f94069ed9285e78e1e1fc58b8855492d1ce58064bc68ad82cc45188cfebf6 |
| SHA512 | f37ef1e4b638bf7cba01e3272fbd6b92d1f35be2994bce2168ed2ed9927c71f096be7c3ae7cef5eddb59ac4143fc32de4479e164daa8fec4367f6fcb43f8638f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms
| MD5 | 2cd95bcb2f09e35d05ac3ad9db507e9d |
| SHA1 | d58e4f43a7e90dce668d848ee665cbe5ffe1f465 |
| SHA256 | 429af6a1b01730718e1f13411ec267076eb152d009e7db99080747baee7305c6 |
| SHA512 | cb7d49497d7074e3885542fc050c21775f963abcf11c2017602fdcbf83e0ab09c6dd85ed8c1e93ba328a62a4dc2a8e5088a0693e36de82b55fadf05e2cf347cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fee7f0681af5fd74fa78be4d7d64f39a |
| SHA1 | 8de64a271453ddbd2ef72ab4c10a4a3c0a319a26 |
| SHA256 | 6d1d62ce6065450559cf0e963caf1e5fb3511543b32081e80cecf32c0e0a80e4 |
| SHA512 | d4e2df38d2701b741232d10fecaedd70dc50b6dc583fdf345be84f4d86fa182f4cb65e4764d08072ae0ebba062b91e7ad55d76b8cc0fde1a228bdec2f79cdbbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9469a8cb018f8d54b7b6d6f9d63bd507 |
| SHA1 | 12ef75058cd0ab6cf04c8237b6bd17b1167b72ce |
| SHA256 | 2dc3822e4f43b9eb6c81698b33836b5840eafd7a36e2e9e014ecfb38d78e3905 |
| SHA512 | 4bb7674ea013c1a7e0fa3faed299d06e67a9a4a782d8d92b30a0d7305c0abb0afd984d372324ceea6b6abdd9d81d1089675bcb8dd19122ecbfafdae3f5ac29dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c49e113a19565eed3684d9ce5eef124c |
| SHA1 | bbf17f748b35049978d182551a43e6132867d491 |
| SHA256 | eb1040c8330e72026aa46389f9b7396a28f4f636ed2944e483d372de9b7f8e90 |
| SHA512 | bc1d3dcd2af055f8fbb8d188929014b8f8a8ec4f48a78f32f19d62ddb8ddadac97821109fcbdba3577210d321ea09eefa324a94c893baf56576b0ee55c1d7c55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8096911bf9f2df68_0
| MD5 | ca026c000b4131416cbc776b4afd4afb |
| SHA1 | 6d66133ca4220351633e08bdc5e5bcdf86980e48 |
| SHA256 | 94c12d63a652bd279eb7497e3d19403eecbae21825eeff5ff859227cf2671893 |
| SHA512 | 36246a7830ca5dde99bbafb467d39b7e18ef8c0789e1ac77d8bd1eb79f5e7fada2bab3644b070a2598fe867af09d2ace029bd46ce8de3eb40940859de7525b8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5924acc5c4134feb_0
| MD5 | aa1b28f413d00601df2ce37c1defebe4 |
| SHA1 | 6204761f1a74b0a38674862bc275803620b5c627 |
| SHA256 | 0b299a46fa79ccbb4b12a1cf0491a4ba1605e4b7645eb1a5cb5b2e1d53c8b122 |
| SHA512 | a90a19e7e64419b60307c675928ce5a5a4ee31d1d484b10bb96b5d2e73850659487899e7e7c876ad56298545f0d38c2b18a101dad08536e180557aaf498783d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\95f96e31eea7cd84_0
| MD5 | 3a499a6f161452b41ccfca5ad9f5569e |
| SHA1 | 1494e3d8abac54167d516f4e1e4af1b905df370e |
| SHA256 | 0c620eaa2d3bb029a18986e76d562eaa008f8781346330aed39967e72158fd6e |
| SHA512 | 95225ff70a424c98a89f58679e94d48f4d4000e9c1caed45f42077efa34087f0b89690d8f9707abcc2a9c4e64068268ad323b5f2f01765eb12be8236076ca528 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cd0f789919ef3994_0
| MD5 | 17d484fc3a22b32acd6d92fa809f4e06 |
| SHA1 | 650aff320a2b568d23cbfab052b3b432eadf5561 |
| SHA256 | 08231cefe48d5d9c0fe127db4621c99ff8555898b773599eab00b30a3f6d9977 |
| SHA512 | b3630e82c51ee32d874224adde3491b7c6c8814f081989db50da480f09e55df42a75976646c80eebf8a2a2030826c56f825e480e66462325f4fa5586438aa8a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4e9feaf2e99addaa_0
| MD5 | 23bf0e8311406355a518d0cf1f2bca39 |
| SHA1 | 12fead6fbaf90baa198f06ca1ad65e0dfd0f5361 |
| SHA256 | 67e9aebae50b11fbce36db10d762670f19cbd63b9c5587330d0e9979e43f15d3 |
| SHA512 | 09ab38cabaca8689498c43fe1ca3274615fbf10763c02081384025a67ef5718afc131d7ff6632fac93672dedd54af6712568ebff018df14ee3594294e899c54b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae5c3d03ffce51a3_0
| MD5 | 1046847648424bae488097f8e184b828 |
| SHA1 | 0ec859c48baf75da5a0ecb80019c81f046dcc272 |
| SHA256 | 8a76e02c1266a66ffdde215bbfcfbe638106a67bc5e1415a54add98c39f19c47 |
| SHA512 | 82c7819292f0c92c3603840a31a9a415b57d86a385d7dad299000fca2e9910c5b878327da1d7f5d464757276e9fd92a7690f34ae0b3d0c975b4360b68dab9d4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2e0453b2a51c5cb9_0
| MD5 | b67b802788246d559ddb4681f63f4a25 |
| SHA1 | 7a2a5e691b69e56fccba0b281a0cc87a00b8381b |
| SHA256 | 84a58178e9b8653f0fd1980dea8fb2573fa80cf839ad7fe1ab3cdf7091392e49 |
| SHA512 | c00daf5a554b85f2b371ae4bc04f54f2cfab0ca3c784831b7e84691eea529647b4e0fbf97eea6a67e8a143fc01d90a56ac5b2f5fa43404cda0a0d50556a60270 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cbf2aec5956f31a2_0
| MD5 | 1e0057db96c891cbd2e743c5b2b34705 |
| SHA1 | 990f8006ac9d3cd7c67e4da5aa5a059830bc2f28 |
| SHA256 | 0acb4b2728d0e9b96d86b87f02fd81774ed10fa3768c0bfb112bc1affccf22f2 |
| SHA512 | 53b4b992a9233da6063f111689cb1b26298a1273e9f96c9593ca9cb6abe4073eab2df3bf314e069f5cb097b11a0fd19de70d6b3e92a978503b0998ed92aad125 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5aa1a3ea9b505bbc_0
| MD5 | fa3fc9811b4e2d97bb9d26f71dab13c0 |
| SHA1 | be7406b9281980349eccaeaa1225d130ae692080 |
| SHA256 | 7725db34dba0619d1d1fd637222b6c7386d8d4321bb0387d809513f04138934d |
| SHA512 | 323cc06830b3cc398356aa52ccec8042108fd90c6dd9fd59967479802d576e7d1e4f162abf281edfd57fe8b38471108d78e0fa9811ac892e792c0445a0e5004b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d42b156517089c65_0
| MD5 | 66dd87be011c3620597896012a47ec11 |
| SHA1 | 785b65d44b759e6a8a195b01adfe4970ef67ef2a |
| SHA256 | abcf314239aa2e338f0cbef6c835ac269020c58efb5c2795e66210bbc6d26394 |
| SHA512 | 5cd24f3c45df646ab87c95b7da5d0a6b12da3055d16b7a5c586f0fc0d062c51589084ee4ca078a3546fff271820e7536298a923acc356838c004e1dd8d8792d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6d04804949beed52_0
| MD5 | 122f1a19de3f5539acb06c8e70b3c23f |
| SHA1 | 3b89710b3a58af1fa97c7a61cd94dcf437b8639a |
| SHA256 | 480e2a8576e2fc268d131dd80976a6cf42a23936e9ebac7e6a3fcc5b13eb1631 |
| SHA512 | 585e8500f288ef9766d365d3c73028ea619dcb8b49f7b4228d2a917075004538b3b8f43b6a191e4754532199ea4d4129baba57d174c4afe63309a62c50198252 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3350b269a2b6f89_0
| MD5 | cee87a8f2022db480182d18eacdc6d49 |
| SHA1 | d0bce41c2006bfa8b1a55f3660c003bd266d84ee |
| SHA256 | 28999534992a9f3beeb8640f93f9f2802c9c449742a0233ce8854bb99397b1a4 |
| SHA512 | 5fbaf786eef31db09ec7ab263a1627404cf3673c4db82bc2bcf780fff330ace8a1a4e4008100e045265b32c0b1a2b1629578b0ebcfcce4a91bd8ca1338788888 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 68ec9325f72cfabb5d39fc07d9cf753e |
| SHA1 | 2198c759ac375b0f996cc7e5fce61f62500db977 |
| SHA256 | 64e0da87348b269568cf9c83b94f8033f5c9d7dc347e84c4529d94f89318cef4 |
| SHA512 | 6edcda465dd992335f45040279126222cac22d66e14a45b16ca4f6ff2853444b0ae27a80cc18c901c39dc943f39c5e1738ab0e496a595d7119bf817268a6a13c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | fb9c0d71384ffd29b7262f6587c61f38 |
| SHA1 | 82a69941bf60facfb853d6e8450a8963fc967f65 |
| SHA256 | 32201b9cf2ee8cd16fd750699aa03cb6ae9362e4f78211fbbac0f1a961f5b5ed |
| SHA512 | 7fc53db4f3daebcf2c4132b1113baf46c5ccb379e1cc63fa5bc3e4398dd18efd32e78126958462b72bc637ffa23a6356dca1aee1e8f03f038e6c94580a9e1573 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9e85828174ef5ff000a238504c180ffe |
| SHA1 | 54c6e6b7912d658d7cadcd0289ff16e1eb5eacaf |
| SHA256 | 0098724ef8ce331eb04868ad34823f036f56c8b51dcef0c993e57dd46a7b108b |
| SHA512 | af0642dc258b2003e97eba861a03a10763e79338f700be56ce2bb4474f5413ad5aabf4bd22bae2f9c0aeb0ac72114d34bc8016c8a0eba4f7fec3ba1a3440e2df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b37e49123c6af1726b83abb39e9934b1 |
| SHA1 | 36ad7c6dc6648954b9f40014581d61fd533b6669 |
| SHA256 | 133afade7d37c668bd50965751232ea053a166b7df908512c803e953706eb094 |
| SHA512 | b845518a3ca2c952da639ab072b798125dc7b282a66ee89b21c9a14354649b26a11bfa60c3ce79282f3774075a897032750602dc9537005d7bec7a111aa7fa31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7a57dc79cee6257aa442fb41a6cc8260 |
| SHA1 | 7a0913e6ab8956f5ee1737f0ae3264612fb381e3 |
| SHA256 | 5bf16c2c6579c8d8840f2bf62ad5c86f6aae0ed2ed736b53782779df3f7f5b6e |
| SHA512 | 14fcf9fc6017bdb8dde0d3fc7baf867810103c2c840528cd7db92cbb921dd1a391f3ef26936755a81de20fb4e8d6162f6f4c8184f126c1c82c84d1b345390198 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ccd6e1132ca6f3b3c553b0fdbb00b467 |
| SHA1 | 52a1c7b70eab351fad22897125ba96246d175b54 |
| SHA256 | fbd885df86e6ebb7fde403dffbfba8b7beda67183a4fb14a439b96ee92d85e13 |
| SHA512 | 1cb3fbc2922f5d25f73cb4a5c7d6ba3a617ee1ea9f95d071c656b6fc6d8184e800b968ad7a1497b0d5104c016fe8c920395fab2801acab8a373637b9640af22c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6a85da4ad13064c4f411811620fe48c8 |
| SHA1 | 46692435953b08099ed6bd266a1b8bcdee50e04c |
| SHA256 | c516c96a3355f70c76b2702623d4612d9d951c6c8947384c3c4d16982cdec736 |
| SHA512 | 50f9227a4bd282046f646920c17b9f015d2605b963386cea0e93655c4ec5c90a86ff81ea8da207b091ac50bb1cbcd61299b60660e95559e20e99c0fff4ffc12f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\32a844cf37d2719c_0
| MD5 | 49d6291108a40691022c559a5148c0f2 |
| SHA1 | 9d7682f6d86a33a764da9951f2b3545889976a8f |
| SHA256 | 205b5c5be1f46def2c693bee9690e43a09ee21566ba266efe07efc8924a03127 |
| SHA512 | 5b0a6c8e1ddd9708ec8323207eff9597d4b1f44f0fbb9aa5746744e8e73a871aef701381e9f48ef0633626f610fe66cdc988270e03a47840f7ad979ec1a26628 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 0ab2eec8fe16b0ba7e8e76a74d759d78 |
| SHA1 | 48f5cc24fb5059129c2fab3be022e89f0a9ca8fb |
| SHA256 | cdc025457c0f41b4b10770fd6f95ab52a80efeac48a42dfabcd3cff74aa848be |
| SHA512 | 4f93651c8e08a8068029c6efd144f14391e211b65ae1fcfbe1af22b1f853332aa7dfc691514cbb2d8431ed00337503d62894538152b85a24add2a64cdb9e0497 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 2ae332d2f854128ad6b559a9a8f58936 |
| SHA1 | 9fd2caa4107450980a9b4607edeb67f71247e5b1 |
| SHA256 | 9308ea4e98b828f648b81712a6ca5dc5a22d0a8cd58a19e097003095a2035666 |
| SHA512 | ca7d7f41279442c19950010b14948e6a287e949b73429ac5aa4b1e16f5d1f4869966c395b1e4d8e1c13855fe7045d3c27159a7b62f086d1bf7c45d1a4e0da4ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cf685daefb5fd5f748b243858e1595e2 |
| SHA1 | 3ede0887521cdb497a502f1fb0b21a5240058ab2 |
| SHA256 | b300cf9ba07036f5a11ac4815b47852ae891be76dfcffd673f32dfff3179a85e |
| SHA512 | 45ec9e1a59dd573eb711378559d06447648103525e279efd807d1a8168f2f77e779a3165dd1840297fea2625b12f192a66586dd7f34c105f1ef016fb84156f10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61866d499ce7aeeaf707f6c493aeffb5 |
| SHA1 | 3e382858c5a57e532e563ffbe975ac98f85f61ae |
| SHA256 | 5d1d816930d7ffcf90d9e3b35f44edc9a31c3f8b3dbc0431689abf489313451c |
| SHA512 | 4361f3cbf10ae975b0f77a3ffdaa43a3bd62eaa6227af6e39ee90ec7ce637f669f55204162023b8351ffbca091ce711a5fe5ae33035ecbae4f97d6280fe1fcff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a
| MD5 | 4c909dd3b9dc2cb78a30b0d0cc59b876 |
| SHA1 | cd994dffa690c9d2f7441ade9a5249e79e07e30f |
| SHA256 | 17377e11f13094111b73b9c407c9d3addd0941d684abbca04f32b630a383b83e |
| SHA512 | f172fe8271066f927af2b39b95028e677f9eb238619fbc48b55c0e1d2b203836166b21b659795d16895bd20927a989f8b10621c2f837cde21da21dfc66035ea8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\83e633b743618fb8_0
| MD5 | ddfa0e6bc9a794ff2a3d87482251b848 |
| SHA1 | 64177c2f2c7b9d62e3245bfb79faaba77c699d61 |
| SHA256 | 6b81b595756fb3e191ac6c4acbbab353c86ec4978db29898b49b1c2ad95f2060 |
| SHA512 | 574b529c448fd667565d237b6367451f80f33dd4a83bbadc7f86248f64f7e2323e35aadfee593b43f73e8c59116fef77210e07da378e195e940670f6550d472d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\12a51dea444f5b58_0
| MD5 | e785319753b4fbb971d68e28a4dc3096 |
| SHA1 | 20f71db87bc6cefb89ef390003919d0e8d6a21d3 |
| SHA256 | 2ee70565056b5bc71dee8eac59c57d1cdd7e0847422a7136865ea6b7e5c06a20 |
| SHA512 | e59ba6fe2dbfce7b47de40fc23f3f2cdc50b27d9c54b5881bd1cc9d724da0769b7e2d38324d6d655c0e93c056f5a2d5c4d3ffa29ca0345d30b48224dec11826f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\841c55d0e370ef0b_0
| MD5 | 23c6e0d4b8768c83584e74e1614bf6a0 |
| SHA1 | 89201f403e4ceb09e54d15f1416bbcb917c8cebe |
| SHA256 | ccac08bc26f0b6702ba5496e50b7aeebb741d5f3d1a06142d28637852d051eec |
| SHA512 | 3addd444e5aaa15883f87ea87abf0b4287e30a0400ea82c83ea80cd7388d533a8c5906561357bca8db8bbcdc5271ab0ccc4bb949ce2f7d484104490fb333e31a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fab6967359b9e9d4_0
| MD5 | 8a4f43b369db11f67668e37fd1ef5be5 |
| SHA1 | 0396be5acbccb0b583a228780c52b23f2ce802d3 |
| SHA256 | 6327cf4b4347d71c1aa3ee32476d910c73e4b68881b13a4847fa02d9f4af6f56 |
| SHA512 | cc27dbd986fbf847d320096df848d99e1eb57731696118ec64881a6e1f17934e124fa5d7cbd783e4f2e620e0546639ff67b8f2f466e627847e5c67f838a1e5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3076b271151d9e18_0
| MD5 | 9c0dbd9438bb96bbe76d863b0a96da26 |
| SHA1 | f5fd0bb23fa20a6049deb78fe0ea8eb2cf3f6e7e |
| SHA256 | c7ced474ce1f1c4c6f1fcefe6b83b055f4e9bbf1f633dbee63bc8dedf8bd198e |
| SHA512 | 5f6a1f71eee3b394bf20756f38ed2df870b48891184a77e5cf7de7ad0d91613a86229c6ceeff09d06ddab0a7dcb0bd62859857929f7dd9d1932bd50a8b854cc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c7d090108572f1f0_0
| MD5 | e94cd7e2fb00427e64d85e2bfff1ae67 |
| SHA1 | b40cb9195a191252e2450773bd2669841819be15 |
| SHA256 | a5b90f83313c98ac501897324fa80b1e7220611ab9d37121c919b5be54e8afe3 |
| SHA512 | f8eac2737e5e2accbfccf80ee92c2ff1bc9092684b15c6327c6e66dc0fbe0b4f794bb9c3f109701fe04bcadb330ec0730d8b64cd136198fc0b7b80e02404715e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d7371a35d402148_0
| MD5 | b4d6246b208e2dd4df1f2e012b2c3cca |
| SHA1 | 296028816b639b5c8c204e3642c395a376d510eb |
| SHA256 | b44c06ae84be70adaddb085977923f242ad3916e79bfa8c3763d244f243012ce |
| SHA512 | 7915dab8d06ec8efc6d1541a8b49210f4049764d8d5c98520f745efa6b5739cc33c3c789109a8c7dea478413f63c0247ce33720fab743f5a9a89941027be7cbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41703e1e39a6c6ad_0
| MD5 | 9ee22b0e4697c7b3dd59a4c49413d3a1 |
| SHA1 | 9cf8393de1871a417bbf549ea44fa484ff42cd44 |
| SHA256 | 8e2d3957f42cff5c33b90e83efe8f1e94a53d1e7b988a56e5d6e8a2f913f3cba |
| SHA512 | 351606baec85c0eb5e4d6b0efae35c88d37cbc62c2eab8107b0973b81ac7a2b028375f8fea310ba2c51f565a00889464445c568bd740f44ebf9ad15e017d9561 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\df7b77eb069746fd_0
| MD5 | 3eb567861ba42f5c7fa6a31d59772c8b |
| SHA1 | 802bf32c2d3e949c7632a14600f99da8df23b952 |
| SHA256 | 535dc294c9006a0b7b5affa821741fc55151dec5b04b31b3062ae82011493322 |
| SHA512 | 635f6762da256322f7890afd3c96f0d0edd59eefdccaf450641c205511b05572d72ba733ae29e5aaae595ffe07009e0d1c00d76941504a7dfa7d91c8ea08564d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\986069dccb86c1db_0
| MD5 | 328aa88cac39f0a3b4444505dd3b7407 |
| SHA1 | 28987a37af27115d7f055a7bd0b141498b8e9434 |
| SHA256 | 61b92ed44177204f4ef95dcebf93f6c2d5bc43d5a5528a5a36478edcd51fbd30 |
| SHA512 | fc96bebd17123277ed8fa322492d67443bfc9cd17a58809e95066dd76c3469364f858ee3fdef4397a11c26e4ff507de4b43f35fc3163c410f75aeb1988c11543 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a9ab4d66c372316a7217d6897460976d |
| SHA1 | bef6e50b92dd7133d6afb93e0df219bd90896ce9 |
| SHA256 | 6460d452d52c1447f4fedc3e2fd20e2f0e155413862fa3bb494bc5db334cf775 |
| SHA512 | f93b64ee2cbc11eb8f5300d1771872ce7ce432572585e1bc7be24bea2e68f8ac56f2a70632d663264b8db05568f60932a9b3bae146fa7f14ec74fe05632a37a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 668e51967f573c837ac88e3bc57c1fc3 |
| SHA1 | 7ca22491397cf239d6bc8ce09f3b4d9a7cda340e |
| SHA256 | abc7dd89815ef1dc6eec8d02ad9a7c756ed5ac3e3bf2df86d405610db2c1f26d |
| SHA512 | 8127fff30b2ab3b2bd897bb8ed46fa6a0e4e44b38b986cf46b6430ee9cab4ddda5733e60edd5bafe56114182b6d2c7742928ccdeb8d4fdc8b940780771d231df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | c7c27cc089502a20cf16a1b6fb7fb8c5 |
| SHA1 | a11887f673e259876f75278218b0bc99b5455f4a |
| SHA256 | a7fbdcad785c40a6ebb8b69c0d1f26ff7c32ef62a7878bb6eccdded8084b9f1a |
| SHA512 | 79bca4b2c7120760bb640b3860d047287e42d87f92e9301a3a780b1bc5a4cf3799a9f7a41c6c0a8cba8382cc9b51ee7e9baa9635292006c090d9fc407d97a3ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000016.log
| MD5 | fe436d249782b09c7d2bfe09bc7736ba |
| SHA1 | 7b413191ccc6c86923ebd7d5f2895ab6c5db818b |
| SHA256 | b307525029b617f1e1b0564d38e15d1e0fa7e1a18a6ae9c3517671a9639d6d06 |
| SHA512 | f9631b639b8074fc1b0cce327f334a256adcb27a8ed06570b6f04b13187fd4317165a47236df73d5129265caba81534bef8b4ede741f15d24a484dfb145be94b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 27646653c1894d31f15b7e7d0078b2d3 |
| SHA1 | 04c27f3c2c0787fd3a1a47cf8a3e43276648e9f3 |
| SHA256 | 2c55a7df1368cef5c78c5c56c81c321930969a093a459ce1cc13b87b15f23029 |
| SHA512 | 04d6050dda4cf9a56b28e1e301c8e69ad701852a37941cd8e1608bfb389155d8114ca555e226315c9ca496c2af03d6e6aeee2114e308fc19fce0c303f39f08cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | f940e384f75b7db0cbaf4aaa1e980edf |
| SHA1 | de61aa20a29377aa5f743d378e19168543511e9b |
| SHA256 | 7bec7b28792b7adeec72d46f1f345f79d9eb9f805f7fff355072600a2f5e1557 |
| SHA512 | 3c2ceeb0fc5405b46ef1b015ee7f48fb5d933685099a8ae446c3c95e57cf7237c8ea7216a444268161b8566fcf4cfa5f82bbf0e81231c3188181af52ce5e1607 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 6a80f87245858315005c8355ce7e477f |
| SHA1 | c8f1bc8cbd9a6d815e29049d76c07ef2cda63241 |
| SHA256 | c80ee0157f091fadfea9ac69e6c7a672e765bbdeb2c1fae76436142e5c302fc1 |
| SHA512 | 3993c57978b609e6765fc421e8ba13af74e8604d89ffc9d4cf34ab9b37a091f1c0b599e26178c7e430636099efe3bc84f78ed065a11cd981ae49d83d49f77526 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e0bddf68a56ede5c39256e7a56c9606e |
| SHA1 | f68c411759b755201cd5c61f1a6cd83ea0ea3169 |
| SHA256 | e42f104f0a8693a88627cecf24672e07a3bd7e032c0cedffccd801c20302c7cf |
| SHA512 | 7258356b4da9dfb35c7ba8e2fc03a24f152346210a236d31a7f9de33109c07253b749941f56d4b322de0806e825fe4abd7431d0fead6433172fd41a097a5ec4f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d5d6cc98c40955e0_0
| MD5 | 9ecae57310838bbf314a843a437d06a1 |
| SHA1 | e7c689e5726bbf36139a4ed307eb1b04dfb615bd |
| SHA256 | ffbbb814331706766fa114a61c6b7d85dd29253b6edf0b2dccd8fbb093249de9 |
| SHA512 | 1571d38a771fb7f6d4d08107e42e042998f40ffa03bfe115c93c7c13c8d93b2da03f119aa766b02b54c2bf2a975c620ad91178e3e1f340aa1549f08dac7e21cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3d0b21b29ba24799_0
| MD5 | f1e2cca0d08c59d6eb72d8d0b45f1262 |
| SHA1 | bed6abdced2a7b724e1afcdda5da4ac997436bb7 |
| SHA256 | 0a187426cc6b6ec894bfa9c5e6c55636bc71df5498258cca3f598161d3d71827 |
| SHA512 | 1eed0cb635e777a8f8a3f03519f7f0c3a706501573f51619d87c26e8287c75f238913199637ef67ff89cf5d80d4f7f5745991ac4f70c6416585e252cfc3dcdc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1acdc81973303519_0
| MD5 | 3ac9d557751f8197649bdfbd1de45d2a |
| SHA1 | c4bfd4d305dcb5e797f3d728ea654d1703c29ae4 |
| SHA256 | 6d1893ba6c92d42ba304868cfb6d2652308978931377d955bcf0399f3f799077 |
| SHA512 | 337929379cfd1bee750c25e4b5f475df7282ffe53f1fb41cb28bbf2eb89886cab18e84e12be492ad9faa12a76be3395a6dfaf904067729528ae7fef69271ab55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b8ebad7f6716eb37_0
| MD5 | ca969f0ead2a1df2b5d781c04ff8cea0 |
| SHA1 | db6acc72d578ceeb2feb9f984e51d4a2ed9f7fd7 |
| SHA256 | 15824c689d6cd1b5e1885ddd919f4109481a27137d287800d0c2aca60423f5ae |
| SHA512 | 5990821b38fb4e09e7762438f63b423b1f441759a623d7e39b40dc01e70331061b9a59f4a581259a2d6762e2ee1ff2fda5f9374f7120e70c1f2b0036a7dddc6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f9be4780dbae8c98f9a058194ab98a89 |
| SHA1 | 8bac82a12b1ac0d889568d741b2990a62a840d0b |
| SHA256 | 2cf784af90282fa14b85f37f0585c108865b18bbe3a6830932c495257946260d |
| SHA512 | f5e406d7b9f9e296fef3a95341c77f251fe9a7a9c8f91fa27b3a5e837095cbd7971f7a22df1b3c3e0c1c4dc3bb3a8fa64eb4a49c43a4594a65fe551b558d54fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0
| MD5 | e342062c668baa514d07e1cf18c63e1e |
| SHA1 | f5c1a80054eacd18183d31fc5512e94f2c2b4fef |
| SHA256 | 7a2ce6b43e15d0522bf5de01e6e17cc2c0e933d3d9eee9550a29345d5957b7a2 |
| SHA512 | eb9e45c67b3adf80cf33571e1bd944d56a0293a62b285738f36ad2378f9e21d9592a5bfdbcdff483dc23d7d3fe73ba0b6b128dcdbdeb8a3791490992073220d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2adb9ca6b4aeff8c_0
| MD5 | d45f808d98ef0a20332d729988abba3c |
| SHA1 | 2d1b5ccc0eb28b085c091db57b9fa8beb89ddc85 |
| SHA256 | 2fe0bf010abe5eb4089d44481710ef03c03f02b9fe80d3c49fdb0fab54e432fc |
| SHA512 | 9b855dbf3682eda7b8ad4c5c1405e954090f00ac40afc93b744a5085b0d0d24d798d762b29e7eb7608560abc8e66199be975ff82336b834ea3ac6aa92ab9d07b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5a4cbeda3f42093_0
| MD5 | 97ad57554af54046fc6bac49b9c598d2 |
| SHA1 | bb48459e296b8106821c2c353fe177909732fa49 |
| SHA256 | 1bba39d9197ac658a6d9a7caa0f135cf3246f8b131462f746801ab14faf89d96 |
| SHA512 | 905506f35e07d14ab810cfa4366ff462556ef03c0b6b8da5ed9d25b941c81ec45089ea2cda7b3f3f686b5bed77b8c18d82061f80cd6586186f57bba78c2d3581 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1b4d7b6ddcecd9d1f73895a36be2cbe9 |
| SHA1 | f1ba0ba10ed26fc2f8a75182e68f0266b3e49abd |
| SHA256 | 747487988b6889aa4928c2b4e8933adc56881a76af68c64ae0ca201f20653ed9 |
| SHA512 | 8917d2b8dfd57949cdc4c5bd296a115a1342e396aa1229410678d0552d36399b2842214d5bac6b778190e5683f73407e56cea0f100899201f9d904121e0256ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000018.ldb
| MD5 | 450e206fe2831956ada5199f61775994 |
| SHA1 | 13e60a115cfaaf7824c93d565d483a20d2898fe3 |
| SHA256 | ccbb20bed4e42db2791bd02b079c800f5898d28738bafd2c2dfe4390c41044df |
| SHA512 | cf778010eaeacb31c0a454b76d0f5a0f03fbe9ab81c5e775799b308fc2365244bf01217478ba33b0d9957825d582c095400aa79b541048ef2c7631ed99896bf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5bc42f4764ae696fea340f0af36c27cd |
| SHA1 | ab8a743ae42088c4ef6871cbd43ef46572bad2cd |
| SHA256 | 4119112fcaca24fcd2072e4907c99c91ed5e7bb526a25ae54c3e3b00477cc5f4 |
| SHA512 | ff1bc4c395922c9676cbaa574fb56858191f2fb6e509ada7d3523544a300c1af562ce4e3cc35662887b7ad247fe07a3239c6e659061f71aed3978686105cf684 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e09436d306f45abdce009a8184c8947f |
| SHA1 | 63662e29fee1c7a6816c58344593cd686f96bc5d |
| SHA256 | a6ad4804123ab4dd9c12d4c8695bbbc597a74acd4f3910ed23c589d616f1472a |
| SHA512 | adb05479c4887fc0db4d6e94469210fd871aeaf2ef8c8c2b8a1545fa492a5495711a9a3b57163f3a2ecd3ffb6abe1b75f38f772474346bcd4b0be12f186b5eb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12fcc5d472a558f47f021fbaef1c1b7c |
| SHA1 | f14bf9acea770467b2a75f866a027ea50c779bdb |
| SHA256 | 53583d0aabdf4f9cb1c9e7e152213f9ea84a2189d3da54fd9ad2418b50b2a2db |
| SHA512 | 4aaba10afc41c415d6abef6b2c7be52712ec5f5060b764c899edd6b3e726dbbea396864b67d311cdaa361e118b291eab47b34983d55ca3bbfc2c3980036a15f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e005ea865d7fda54_0
| MD5 | 3640842091103cf227e7932e9f8d4c89 |
| SHA1 | 947984409d553302c63d7c2db57b03c4d2b9795c |
| SHA256 | c1f8129c14967dd7799a2597af58545853ff15be6e84d89e242fc9901e50606e |
| SHA512 | 3afc935dd4f820ba4d6a7e7f7c2c53b2e80e3c95b6cbdbabfb5f79ac508298cb4aca88e983105fd341ffc96e80b82ea02ffec28965619d29df46f637e3d07261 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\94068e3028d75c6f_0
| MD5 | b8cdb75bb0e71aad7bbcde856b11c0dc |
| SHA1 | 8c876c1002cab3b049d1b8c431724124409c71a0 |
| SHA256 | 3343fe1e80aba6aeeed15ff3f6fd3f6946e8e79afe7d41830786536ba4458d79 |
| SHA512 | 411e1f78d613e423241a2629511d4628ab2bac92a659036de6d2e9125e0fb948164cf1b141a94a72ad6f8bbaf47f728465704276824f3bf6136e3ef9892f30f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 18c916854b15fb8f92135fe17c32500e |
| SHA1 | b8fa7b3b56cea010cd73811cda8902500368cf57 |
| SHA256 | a56a23ba7bcc994d076ea88009afc36ea80f4cfbf1dd0e23e38f79d1024bf5bf |
| SHA512 | f630a31b67dc56ebf6ce326eb39b0d665fb965b6d641bfa6de3cba3323619df0ed702815dbb2da2d0642180ab4326f863b042f96d7dd3efa1c5515cecd0e103a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bd738db95e1ae0d88a75fca0a69c64fa |
| SHA1 | 72d7500ad1d7b9d2dbfbbcefd65657f1db1d8ffa |
| SHA256 | 2e7e91d9e34bb564bce8d643c761318064f220a29d8117f9182f01967bf225d3 |
| SHA512 | 45c76835904230f1c51e0096d9b70c611428dd24bcb959061127c5ff7198593e259f37b5133d412a6161cac309746cdb5f0ac6b4914cc868bbb838e7186ddaaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 199eddd3766ad4627fc99ba3ae6add82 |
| SHA1 | 8a51d473adf59066111d59c8ec807c398555f7e3 |
| SHA256 | ffdf558ed6c3e61cded997d0ffaf8da6a297c1cd1948d61a899fa4ce5bec39f8 |
| SHA512 | 5d38dca10d593aabfdadc76561871083fdaae81a527a08ee31b8f7d68071e0a12de5d350345bd0288832c3cf3478aef4777683ce917f95b05f930ef5cbb7fd4e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ffc3f76fca5e5f7d91f5a62b6c384df2 |
| SHA1 | 6d4366cf431d213b624181678303fa8cbe8f6c3e |
| SHA256 | 35a29e48c91f004c637f55d251b57e2c72244e9173ea69d3a2e79f7548fd79c3 |
| SHA512 | 06d5f0c505757b42aa5ce78ad1498d43ea8cf8c757760874381e173b74c48615f5338f70000f715217c95d64a277c28514ef7a44521ca8006cf1a0e905f587ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f806227357d05621e4ade7d4cfa7b2f5 |
| SHA1 | be3cfeb7bdcac50deec83839b385d442491f2ac0 |
| SHA256 | a4a67abc1de6a1a9bf3c2d2ad9159c4cf314579bfb3f9ff5598fc117761cbb3e |
| SHA512 | b60b396b02b721d3b5d9a3bc83de63a33f15fd00c97037f19114242ffb2847c5dd34f69891db4c6c3bd6735153773112f74ec84a0985296de0e8c0ed299c2c9a |
C:\Users\Admin\Downloads\Unconfirmed 658236.crdownload
| MD5 | fba93d8d029e85e0cde3759b7903cee2 |
| SHA1 | 525b1aa549188f4565c75ab69e51f927204ca384 |
| SHA256 | 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764 |
| SHA512 | 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9db8060da92c8c8eebdd2e2f80ba292d |
| SHA1 | 0b738679245d763ef7a637112064687f8f524526 |
| SHA256 | cce50819b8ce1f85b6a371506dea3f70fa668441edf92a64dd9009ed2cc0bdfb |
| SHA512 | 3748df316b0a33a052f9639cdaef0906c20c2fe21c5fb240400307bc9ac0892c527f3b4ebc2a6decae271911bbeec113a75267cb8d0cd236f418e8ab85d15d78 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 399cc9631b78071bd07312f47a862ce0 |
| SHA1 | 105d20e56bf2b08351ff75e04173aadac7349537 |
| SHA256 | 563ef6bcbe43760d69486e99c7bd457d1989b9d41dc823a47ab7178faa79b0b5 |
| SHA512 | 1489dc64db5f3acea651058d33ec10e8173d7bbadbddad54f2d10170764723e62a1d56295210614c8bf5fac1ded2fad12e119b41510e6eee589d34bb9f8e5e40 |
memory/5380-4068-0x00000204BA140000-0x00000204BA160000-memory.dmp
memory/5380-4063-0x00000204B9100000-0x00000204B9200000-memory.dmp
memory/5380-4085-0x00000204BA500000-0x00000204BA520000-memory.dmp
memory/5380-4077-0x00000204BA100000-0x00000204BA120000-memory.dmp
memory/5380-4172-0x000001FCB7400000-0x000001FCB8D2F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\56fba3818df43937_0
| MD5 | b6370fd9a333881a27c000c1a59c6305 |
| SHA1 | 8e9ad3c2385423a53011d8302e5baa680d3776c9 |
| SHA256 | b58d32c76ea3d09e6858c4fd09762506c7b671ce4e7d890b9ebe58a6068539c4 |
| SHA512 | 66b4621680dcfb7173b00a1e43a1de8e895bf58f41d3ea1a92884f14d26fde9347602b487261136e9bfd46418eb2283659ffc5f59a55b1d1364d1cfc963cc9f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3d04ffb2aad301a4b909c8d5d53ea43b |
| SHA1 | 3198e6f55041fcf2854d5f4f66db3d20462244a4 |
| SHA256 | 48770d1faea321d1ba6aee3f1dc0076594731b04d54f2481516e9d7264e0a409 |
| SHA512 | a156daa11d3afb8df1281d969d266b445f641706ed361911c9056d932a578aedb2a4205e6da73df86163235fba2bce3df932d603adf7f21a928510e37dbc6989 |
memory/4272-4213-0x0000000004E10000-0x0000000004E11000-memory.dmp
memory/5152-4220-0x000001BBE35B0000-0x000001BBE35D0000-memory.dmp
memory/5152-4244-0x000001BBE3570000-0x000001BBE3590000-memory.dmp
memory/5152-4251-0x000001BBE39C0000-0x000001BBE39E0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\M1A8XLO2\microsoft.windows[1].xml
| MD5 | d41119748cb5d1d2b33c6ac63d425110 |
| SHA1 | 6dbcfa37860a490beae2c8d95bc2a2290b323495 |
| SHA256 | 6448a8580ce1994365ec765d296896e96261e4039537300dc67c8d7f523d8b0b |
| SHA512 | 9f4242889858cb996e7f72c3baaa9af2dbccc09a3531ca9ed24ebe82e2c54e210278092ebc1ef8cd6c73cc51a6c6744f0cc799808a75add2a22e7e648084d478 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | a767ae380c95e326a74f39a75d0fbaf7 |
| SHA1 | ceb3422779139778e0dc757db037c94e807fb9a3 |
| SHA256 | 95e28aed1d4244f0e3178d43ab25b3b03aa363f642544e6462b3f0829ac824b3 |
| SHA512 | 4b2375b892865793792d61406192e3ad9410d3dfaaa68fd310e97a455c8b1b3d37a3273aa5b1d05e614542cd34b83a3b1efa091889bacd99b8edd83b68658ffa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 061e9f221c0e675e0680d1865eb1bc24 |
| SHA1 | c7a58f049362338be624ff1d0b3a120c0e002d96 |
| SHA256 | b8f92fe96ce20be95e0987acbdedab0ec79410d5ab699d93c2e8fc0520e5baea |
| SHA512 | cf7aa6041032c42d17ddc4b070e3fffffae5b886fed509f6e0060dc46e2ccb08240b9659f845d8629dbce2c518275eb13af64cad3c2869b9cee752175033ab5a |
memory/5152-4401-0x000001B3E0800000-0x000001B3E212F000-memory.dmp
memory/4452-4419-0x0000000004870000-0x0000000004871000-memory.dmp
memory/3672-4420-0x000002A8CBA00000-0x000002A8CBB00000-memory.dmp
memory/3672-4425-0x000002A8CCAC0000-0x000002A8CCAE0000-memory.dmp
memory/3672-4455-0x000002A8CCE90000-0x000002A8CCEB0000-memory.dmp
memory/3672-4443-0x000002A8CCA80000-0x000002A8CCAA0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 93f6f37f38355bab67261c7d8e85b966 |
| SHA1 | 5886a401cd6f47b7059ee98aa765460ae6535955 |
| SHA256 | 23c0a3661566cdf051f2f18600239b780c0128b345cf86ba9cd8e494dfc3c859 |
| SHA512 | e36ad8c719b826ad7c1a1a0f36847eead25d9824bcd8797436681bf6ae02778b33a1f76451fb2addda4115730a1ee2b853c8ebca626a7df3ae78b523cbe967fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 459b2ae4f25b2476bae319cc142384b7 |
| SHA1 | 94b4e12c4eaddae8462750143f956f9bc36a37cb |
| SHA256 | 3a07c06f5a26928c8fc2a6e16e251d5d6c8bc574539b7e05ec508cc6f7a978a7 |
| SHA512 | dc10fccd60713ea16970b6728eafc7ae131c8397f497df5924af11cb72149bd9a52c34f7ff1b5a5c166b6a50038184dd49e4f77bbb72d287aaceecdf4d344120 |
memory/3672-4584-0x000002A0C9E00000-0x000002A0CB72F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | cdb0417cd16d3a795eb1cb40894d896b |
| SHA1 | 4ea6d1127dbe690868310e48faf549d91d7f87be |
| SHA256 | b227d11332f2cc9836c8133bce79b5620d1c71b284ea6adc68abdb8198eff2a0 |
| SHA512 | d4c4f7ba00271bf34b61e90f496d59c1ff192329afe219057482889983c9d7efee12c20c25243a4238da5c58e7bbf5cf92c8b36156e179626b5075b4660045d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 8017ab505ad383ec74b5ce1a9dec1f20 |
| SHA1 | 3b7ba924240aa61ade943885fb63e66780b73bc6 |
| SHA256 | dbe6550458601008bc5690fb8003bdad77a99428d23903a20d7750a5977ba339 |
| SHA512 | 5fe544d9fe023d9a309b5eb56a2a00c1186633e75921bbc776885fc0dd35e090deea6fb9d7257bf3bf45113fcd19ada6eac863dda60180d58f342021f7e3bf69 |
memory/4720-4642-0x0000000004290000-0x0000000004291000-memory.dmp
memory/4208-4647-0x000001BCC6C00000-0x000001BCC6D00000-memory.dmp
memory/4208-4648-0x000001BCC6C00000-0x000001BCC6D00000-memory.dmp
memory/4208-4652-0x000001BCC7C60000-0x000001BCC7C80000-memory.dmp
memory/4208-4658-0x000001BCC7C20000-0x000001BCC7C40000-memory.dmp
memory/4208-4677-0x000001BCC8020000-0x000001BCC8040000-memory.dmp
memory/4208-4796-0x000001B4C5000000-0x000001B4C692F000-memory.dmp
memory/3020-4812-0x00000000047E0000-0x00000000047E1000-memory.dmp
memory/2876-4818-0x00000121978D0000-0x00000121978F0000-memory.dmp
memory/2876-4848-0x0000012197890000-0x00000121978B0000-memory.dmp
memory/2876-4849-0x0000012197EA0000-0x0000012197EC0000-memory.dmp
memory/2876-4813-0x0000012196A00000-0x0000012196B00000-memory.dmp
memory/2876-4947-0x0000011994E00000-0x000001199672F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4b680c35742f5fb738bbdd98ff069bb5 |
| SHA1 | 3b893a7ccb0c00fa4f8fc3ff3d1dac100004cb3e |
| SHA256 | 9c850d108e95467d2412e3c4076130de9907c8f81341dd9c0c14ef3e22b92e33 |
| SHA512 | 31b9b18c653b20ac48cf4900988718e7661183bff6baacb7006a8dbd7ed6ca98b45ddbe26103e64464fb9b575fb737ee7d06bce4840da632a3b89703465d8197 |
memory/6092-4958-0x00000000038A0000-0x00000000038A1000-memory.dmp
memory/4352-4981-0x000001C0B9600000-0x000001C0B9620000-memory.dmp
memory/4352-4972-0x000001C0B8FE0000-0x000001C0B9000000-memory.dmp
memory/4352-4965-0x000001C0B9020000-0x000001C0B9040000-memory.dmp
memory/4352-5102-0x000001B8B6400000-0x000001B8B7D2F000-memory.dmp
memory/3436-5106-0x0000000004E00000-0x0000000004E01000-memory.dmp
memory/3524-5109-0x000001D938100000-0x000001D938200000-memory.dmp
memory/3524-5107-0x000001D938100000-0x000001D938200000-memory.dmp
memory/3524-5108-0x000001D938100000-0x000001D938200000-memory.dmp
memory/3524-5121-0x000001D938FD0000-0x000001D938FF0000-memory.dmp
memory/3524-5112-0x000001D939010000-0x000001D939030000-memory.dmp
memory/3524-5143-0x000001D9395E0000-0x000001D939600000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4b939e7da98e95a1390f73a69d8b9ff8 |
| SHA1 | ab55c7a84937a19eeefab3fb9dadd8c785c920be |
| SHA256 | b36f20105c0ece31e4f9af88b7d8005649726f3d39e95cf0c7528a9cc1ab42e1 |
| SHA512 | f77bc9182328c4f64ce1387cc349420812f766c3d1baa770472fb3f527a65c0146376021540227ed80c89f3ba60db0ba4330c6a7cf57ca7789b7c50dc9519f43 |
memory/3524-5249-0x000001D136400000-0x000001D137D2F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 24b419e876725eb2152a114533f478ef |
| SHA1 | 32dc29bd9632b796ef41ec0af8c51bdbece6c8e7 |
| SHA256 | b41f7ad3d11ef9e62159e60a3148aaa5158e782ca78136abf6e685631f34bf31 |
| SHA512 | a62d496f113be611925e3fcf784abadbce1e2672f39b1b4140719c72babe4ebcbdb883e8d8cf30dd1424c2df5451b56ba9acda11cad542543525ad8b1a3f05f8 |
memory/2292-5262-0x0000000004F70000-0x0000000004F71000-memory.dmp
memory/4312-5266-0x000002047CEA0000-0x000002047CFA0000-memory.dmp
memory/4312-5269-0x000002047E000000-0x000002047E020000-memory.dmp
memory/4312-5281-0x000002047E5E0000-0x000002047E600000-memory.dmp
memory/4312-5273-0x000002047DFC0000-0x000002047DFE0000-memory.dmp
memory/4312-5265-0x000002047CEA0000-0x000002047CFA0000-memory.dmp
memory/4312-5264-0x000002047CEA0000-0x000002047CFA0000-memory.dmp
memory/4312-5372-0x000001FC7B3E0000-0x000001FC7CD0F000-memory.dmp
memory/4564-5375-0x0000000004990000-0x0000000004991000-memory.dmp
memory/4720-5377-0x00000222C2830000-0x00000222C2930000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ca6da173d4a647e3fa1ffcd976f55669 |
| SHA1 | 2ff7e7a813b0711b51a4c193210cff8273d3f0b6 |
| SHA256 | 9cd927120d492aab0e09256ed5d8c2297fdaa754bb6f2a3ed2fa336d41813717 |
| SHA512 | ed5e677901c8613627bcff65bd2a06d0f9c657fbba8550d4fe5337c672f8654b9134d6f6d5c92aa338725966e0c8d33e29478523df17bdb04bb016b7be143877 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
| MD5 | 0e2a09c8b94747fa78ec836b5711c0c0 |
| SHA1 | 92495421ad887f27f53784c470884802797025ad |
| SHA256 | 0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36 |
| SHA512 | 61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
| MD5 | ab0262f72142aab53d5402e6d0cb5d24 |
| SHA1 | eaf95bb31ae1d4c0010f50e789bdc8b8e3116116 |
| SHA256 | 20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb |
| SHA512 | bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133610484690576504.txt
| MD5 | 407e58b170f92dff0113e289e9c23fbf |
| SHA1 | 8f518275bc575ec70ff7838f4fd5e24d324e1660 |
| SHA256 | 17b02ec9828c397d27c024d010a0eabe4c322151b426355167856428671edcf6 |
| SHA512 | 95e9b89f7f059dde8a5516647ceda554225ba70e63b19d7757d03d2a78558b6cc7432c798a4e2ce3762b581a95f583d39a5dd21050211358f16b19935894afff |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | b97a064855e7e9f36aa26fcc4742c6ae |
| SHA1 | 6966b818f882523261224991bb2f6ab103d38d3c |
| SHA256 | 9a34a2409cee3e63ddcb06e585cb9e0396435d7fb95d0cb8b8a4308f28c2a054 |
| SHA512 | 4d8623d44aea59107982a268fce957c69a14a71aeb35358fae9db0db6fb8713e9a73af2615419c87105b4f2715ae3a320f53a343fd6e90925996bcbdd3f94782 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 4566d1d70073cd75fe35acb78ff9d082 |
| SHA1 | f602ecc057a3c19aa07671b34b4fdd662aa033cc |
| SHA256 | fe33f57205e2ebb981c4744d5a4ddc231f587a9a0589e6565c52e1051eadb0c0 |
| SHA512 | b9584ebfdd25cc588162dd6525a399c72ac03bf0c61709b96a19feba7217d840ae2c60d7b0d3b43307a2776f497a388e79ef8a646c12ae59a7f5cc4789bbf3c8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 35375f95b1430c8b11ebeb931fba0dda |
| SHA1 | 5122d139ac357db969c191b941bd479ceb9dc59f |
| SHA256 | fd5691afe44306226fa973037fe144c3214867067cf88cb2285394888d959d5b |
| SHA512 | b9043a4d4470ac90f83244a81fad5de8944b83ba1e8ab6bbc7d29fb216c2ded74bf1c7b1ca8c84535b989075660e83f676e273a1b524f9e5dd8e04fee412cc6b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | 3dd4607189c260a62c97d796668bec5c |
| SHA1 | 54876eacb3dfc54c0dd1dc71c72367d946cea1a3 |
| SHA256 | 2fc0bb9f7e1f03d2f18248d0a3619c46cd605709a7c2782c3a16a31985d9fbce |
| SHA512 | a4622d44f759502cc6cfc462ee1fadebe5878c201a833ee56acabf0ff30734bf1f11f77fa3ca4f0e80ba2a969c1c013fcbcc68988d236d0946a562c50427c3ff |
memory/5532-6384-0x0000000000400000-0x000000000040E000-memory.dmp
memory/5532-6583-0x0000000000400000-0x000000000040E000-memory.dmp