Malware Analysis Report

2024-10-19 11:21

Sample ID 240809-sapn3swbma
Target http://bonzi.link
Tags
steam credential_access defense_evasion discovery exploit persistence phishing privilege_escalation stealer
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

Threat Level: Likely malicious

The file http://bonzi.link was found to be: Likely malicious.

Malicious Activity Summary

steam credential_access defense_evasion discovery exploit persistence phishing privilege_escalation stealer

Credentials from Password Stores: Credentials from Web Browsers

Possible privilege escalation attempt

Event Triggered Execution: AppInit DLLs

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Loads dropped DLL

Executes dropped EXE

Modifies file permissions

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Enumerates connected drives

Checks installed software on the system

Network Share Discovery

Adds Run key to start application

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

Detected potential entity reuse from brand steam.

Drops file in System32 directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Event Triggered Execution: Accessibility Features

Browser Information Discovery

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Modifies registry class

Checks processor information in registry

Enumerates system info in registry

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

NTFS ADS

Modifies Control Panel

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-09 14:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-09 14:55

Reported

2024-08-09 15:21

Platform

win7-20240704-en

Max time kernel

1330s

Max time network

1535s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bonzi.link"

Signatures

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Active Setup\Installed Components N/A N/A
Key created \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Key created \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Downloads MZ/PE file

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Users\Admin\Desktop\Bonzify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\Sidebar = "C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" N/A N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini N/A N/A
File created F:\pee\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: N/A N/A
File opened (read-only) \??\M: N/A N/A
File opened (read-only) \??\S: N/A N/A
File opened (read-only) \??\E: N/A N/A
File opened (read-only) \??\G: N/A N/A
File opened (read-only) \??\I: N/A N/A
File opened (read-only) \??\L: N/A N/A
File opened (read-only) \??\O: N/A N/A
File opened (read-only) \??\P: N/A N/A
File opened (read-only) \??\X: N/A N/A
File opened (read-only) \??\Y: N/A N/A
File opened (read-only) \??\A: N/A N/A
File opened (read-only) \??\H: N/A N/A
File opened (read-only) \??\F: N/A N/A
File opened (read-only) \??\R: N/A N/A
File opened (read-only) \??\T: N/A N/A
File opened (read-only) \??\U: N/A N/A
File opened (read-only) \??\V: N/A N/A
File opened (read-only) \??\N: N/A N/A
File opened (read-only) \??\Q: N/A N/A
File opened (read-only) \??\W: N/A N/A
File opened (read-only) \??\Z: N/A N/A
File opened (read-only) \??\B: N/A N/A
File opened (read-only) \??\J: N/A N/A

File and Directory Permissions Modification: Windows File and Directory Permissions Modification

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Network Share Discovery

discovery

Detected potential entity reuse from brand steam.

phishing steam

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SETD9FF.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\SysWOW64\SETD9FF.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\t3.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\BBReader.EXE C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Apps.nbd C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File created C:\Program Files (x86)\BonziBuddy432\Uninstall.ini C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page13.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page3.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Reg.nbd C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\MSINET.OCX C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Snd2.wav C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\favicon.ico N/A N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page13.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File created C:\Program Files (x86)\BonziBuddy432\Reg.nbd C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File created C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
File opened for modification C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg C:\Users\Admin\Desktop\BonziBuddy432.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\msagent\SETD59B.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6C5A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET6C5C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETD59A.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6C5E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET6C71.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe N/A N/A
File opened for modification C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\intl\SETD5C1.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\fonts\SETD9EE.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File created C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Desktop\Bonzify.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\help\SETD5C0.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\help\SETD9DD.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SETD9DC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET6C85.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET6C73.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETD5AD.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETD59B.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETD5AC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETD5AE.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\SET6C72.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\SET6C74.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SETD5BF.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\SET6C5E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET6C6F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET6C85.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETD5AC.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\fonts\SETD9EE.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET6C5D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SET6DC1.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SETD5C2.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\intl\SETD5C1.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6C6F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\help\SET6DD2.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\SET6DD3.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\INF\SETD9FE.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\msagent\SET6C5C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\SETD5C0.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\INF\setupapi.app.log C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
File opened for modification C:\Windows\INF\SET6DE4.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SETD5BF.tmp C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
File created C:\Windows\msagent\SET6C5A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\icacls.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A N/A N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\Schemes C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\MenuFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\IconVerticalSpacing = "-1125" C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\CustomColors = ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00 C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #21 = "6908265" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\InactiveTitleText = "67 78 84" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #1 = "0" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\InfoText = "0 0 0" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\MenuBar = "240 240 240" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #18 = "0" C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\SmCaptionFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\Scrollbar = "200 200 200" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\Schemes C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #1 = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #3 = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #14 = "16777215" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #11 = "16578548" C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\IconFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\IconSpacing = "-1125" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\InactiveBorder = "244 247 252" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\CaptionWidth = "-315" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\AppWorkspace = "171 171 171" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ButtonHilight = "255 255 255" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #30 = "15790320" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ButtonFace = "240 240 240" C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #2 = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #0 = "13158600" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #16 = "10526880" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\MenuText = "0 0 0" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\WindowText = "0 0 0" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #6 = "17" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #2 = "13743257" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\PaddedBorderWidth = "-60" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\CONTROL PANEL\\COLORS C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\BorderWidth = "-15" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ActiveTitle = "153 180 209" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #3 = "21" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #27 = "15389113" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ButtonShadow = "160 160 160" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ButtonDkShadow = "105 105 105" C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\CaptionFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\MessageFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #0 = "1" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #4 = "15790320" C:\Windows\system32\rundll32.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\UserPreferencesMask = 9e3e078012000000 C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\SmCaptionWidth = "-255" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #22 = "14935011" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\HotTrackingColor = "0 102 204" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #4 = "21" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #8 = "19" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #9 = "0" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #10 = "11842740" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #5 = "17" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #5 = "16777215" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\GradientActiveTitle = "185 209 234" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\TitleText = "0 0 0" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\MenuHilight = "51 153 255" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\Background = "0 0 0" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\Window = "255 255 255" C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\HilightText = "255 255 255" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Flat Menus = "1" C:\Windows\system32\rundll32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #13 = "16750899" C:\Windows\system32\rundll32.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC61B68D-5661-11EF-890B-725FF0DF1EEB} = "0" N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" N/A N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000004adc2b7fa03361790d36a89fb9e4403128a4f589805d6026a6c211d134b5f1de000000000e8000000002000020000000a931630ec2dfee7368deae4169b1c74a426d55904036a0eb22a5deefcebbf3c820000000f21ee78c030464f57f3277cbcc20d8ea9166754b0ebbab75fdfc0c4c198dbeb540000000a650043aa03b8325c203311f5d8bf624de7e68bb590c2b04434eb2ffb7ff6bfd46a543210070ccfb58e5324a6cc9b148ff789101b8a325d847c577caa5f255f5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom N/A N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU N/A N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TypedURLs N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD1FA5C9-565F-11EF-890B-725FF0DF1EEB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000ac8e8c35421fbd2b68ec22eeb83568e8c741beaa95dc4c7ce362ed52e167b8aa000000000e80000000020000200000007508303451ef8c07493c28087851100eb511c649d7ee8c7c20c4666f51dd6b509000000036f782e984a0c8ae77010db1f6828ff61550d9d97aaa71632718acfc0c50b87580fe938d0c90ceaefd95c51e7fe5e204c4362b7c4404d5992bd19bb20eae2f5fef473ef8f944126849b05fa1fe7a0ce97f3ac3ef73c345552e07db765460336e04a15151f33ee803c83ddbe9c4b850ecd4ba35ce21a7d79429b868348fae9a7e53b920862d31beb1bf4f99a6c6c9d5af4000000022b6ee1e93037517a11fa034bdbd666ee22fd213b804dc391351e96b2ad8b0b022544bec4cf6cd31f156073c19a4671475015049d573b7267ef32bfe7e4a5e6b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MINIE N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00b957846ceada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch N/A N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\VERSION C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\ProgID C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus\1 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8671A88-E5DD-11CD-836C-0000C0C14E92}\Version\ = "1.0" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A45DB4D-BD0D-11D2-8D14-00104B9E072A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "8" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6B1BE807-567F-11D1-B652-0060976C699F}\Forward C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\ProgID C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsStoryReader\Clsid\ = "{F4900F6A-055F-11D4-8F9B-00104BA312D6}" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\Control C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ = "IAgentCtlCommandsEx" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\TypeLib\Version = "1.4" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\ProxyStubClsid32 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\ProgID\ = "Threed.SSCommand.3" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}\TypeLib\Version = "2.0" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D45FD301-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4900F6A-055F-11D4-8F9B-00104BA312D6}\Implemented Categories C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C2D7A0-0DE6-11D3-9DCF-9423F1B2561C}\TypeLib\Version = "1.0" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E8671A8B-E5DD-11CD-836C-0000C0C14E92}\1.0\ = "Sheridan Month/Year/DateCombo" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs.2\CLSID\ = "{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CA478DA0-3920-11D3-9DD0-8067E4A06603} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A45DB49-BD0D-11D2-8D14-00104B9E072A}\ProxyStubClsid32 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\MRUListEx = 0100000000000000ffffffff N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}\Programmable C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\ProgID\ = "BonziBUDDY.CPeriod" C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\ = "Microsoft Agent DocFile Provider 1.5" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F59C2A4-4C01-4451-BE5B-09787B123A5E}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4B-2CDD-11D3-9DD0-D3CD4078982A}\ = "_ISkinLabelEvents" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\CLSID\ = "{DD9DA666-8594-11D1-B16A-00C0F0283628}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSDayCtrl.1 C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4900F6B-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}\ = "ISSReturnBoolean" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ = "ListViewEvents" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCommand.3\ = "SSCommand Control 3.0" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{065E6FE0-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSCheck" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinScrollBar.1\CLSID C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\CLSID C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\ = "DSSOption" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92} C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriods C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53FA8D42-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" C:\Users\Admin\Desktop\BonziBuddy432.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" N/A N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 N/A N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 N/A N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 N/A N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\wp4073802.webp:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\Bonzify.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe N/A
Token: 33 N/A C:\Windows\system32\SndVol.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\SndVol.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: 33 N/A C:\Windows\msagent\AgentSvr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\msagent\AgentSvr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\system32\SndVol.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1960 wrote to memory of 1336 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2820 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2364 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2440 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2440 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2440 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2440 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 2440 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bonzi.link"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bonzi.link

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.0.783634963\1044154913" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc523fa8-fab1-4453-b62d-c31550297b91} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1304 10ff4158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.1.1256526970\1654260514" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9da7af5b-7ced-4020-aff7-16de02ddfd26} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1504 d71658 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.2.1447415296\1826440924" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6fc75df-27ab-4eb3-a3ca-1c6f0bb04c51} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 2088 1a2c9558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.3.1792370936\1728790187" -childID 2 -isForBrowser -prefsHandle 2680 -prefMapHandle 2676 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82e3dc60-af98-424c-b916-165c69ae3d44} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 2688 1c33d358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.4.441131577\1716624618" -childID 3 -isForBrowser -prefsHandle 1108 -prefMapHandle 3852 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b5f5ea9-bb69-4e2c-9f05-33f597270d5f} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3872 1ec9e258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.5.366477787\1811566002" -childID 4 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41ed8e53-23ce-4a3f-9747-e6ca01c7d874} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3976 214ae458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.6.1043808884\1414091929" -childID 5 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1f65596-0783-4655-98e4-01dafdc24fde} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 4144 214afc58 tab

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,Advanced,@Advanced

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,Advanced,@Advanced

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?LinkId=109286

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.7.1776352154\1653856721" -childID 6 -isForBrowser -prefsHandle 3812 -prefMapHandle 2800 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bb373e7-a9cb-4912-8d68-4645d712873a} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3332 21ff5258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.8.1860701603\1618749644" -childID 7 -isForBrowser -prefsHandle 3068 -prefMapHandle 3204 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {235c3b69-7f0a-4ac0-a9e9-4c940585d8cc} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3056 21ff8858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.9.1519736350\207174318" -childID 8 -isForBrowser -prefsHandle 4452 -prefMapHandle 4456 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af8376bd-4648-4326-93a1-06caa027bb0c} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 4440 21ff6158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.10.112867821\323520896" -childID 9 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1983b08-56bf-4b7b-842e-98aeba666311} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1808 d65358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.11.474540957\1211949853" -childID 10 -isForBrowser -prefsHandle 7996 -prefMapHandle 7988 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1671072-8e78-453f-9c29-d321a71dcf46} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 7884 11498358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.12.443530358\1186059856" -childID 11 -isForBrowser -prefsHandle 7768 -prefMapHandle 7764 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed6ecedc-0a83-44fb-abe6-52662cc2603e} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 7780 11498958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.13.668857870\1151972314" -childID 12 -isForBrowser -prefsHandle 7680 -prefMapHandle 7676 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91fb7f27-c122-4806-bc77-f20f6671dc97} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 7576 24f58c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.14.809333211\151112326" -childID 13 -isForBrowser -prefsHandle 7788 -prefMapHandle 7792 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ab5965b-b934-45f6-bf81-df09bd14b4a4} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 7872 11498358 tab

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:799753 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.15.1500237683\874152225" -childID 14 -isForBrowser -prefsHandle 7612 -prefMapHandle 3792 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d059a43f-1a96-4648-a108-de599f3dc2c2} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3492 21e26a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.16.1934110989\332552057" -childID 15 -isForBrowser -prefsHandle 7592 -prefMapHandle 7896 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e58e8bfc-ee6e-4cc2-b09a-982261ee1f32} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 4564 2641e758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.17.1435641827\1858738757" -childID 16 -isForBrowser -prefsHandle 7392 -prefMapHandle 4048 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55985354-43af-4cdf-baf7-3bab35dafea7} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 8528 2684e658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.18.1965308762\1557587052" -childID 17 -isForBrowser -prefsHandle 8200 -prefMapHandle 3504 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19cf130c-32b8-4a25-a5a9-96c2be0f839e} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3000 27697358 tab

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6140:68:7zEvent31887

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap6995:64:7zEvent7175

C:\Users\Admin\Desktop\BonziBuddy432.exe

"C:\Users\Admin\Desktop\BonziBuddy432.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MSAGENT.EXE

C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

tv_enua.exe

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\system32\SndVol.exe

SndVol.exe -f 68945686 18467

C:\Windows\system32\SndVol.exe

SndVol.exe -r 68945686 0 {0.0.0.00000000}.{494ac999-4740-4e72-9bad-a3628eb24cfa}

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.0.812832610\245215714" -parentBuildID 20221007134813 -prefsHandle 1124 -prefMapHandle 1116 -prefsLen 21306 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc532df0-964d-482b-83af-86dee8e09d61} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1208 f7f9258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.1.759974804\1688194283" -parentBuildID 20221007134813 -prefsHandle 1336 -prefMapHandle 1332 -prefsLen 21351 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb0c2dbb-d617-4692-88b0-4ec5d92ad914} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1360 eb3f458 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.2.1583442817\664879438" -childID 1 -isForBrowser -prefsHandle 2016 -prefMapHandle 2012 -prefsLen 21812 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c61703aa-fcf0-43d8-9fea-3166facba522} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2028 1a277258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.3.2039220711\1697076402" -childID 2 -isForBrowser -prefsHandle 2528 -prefMapHandle 2516 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40e73e9-f7e7-4f83-8552-344ca51fd7cd} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2532 1c19ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.4.182310759\1086348581" -childID 3 -isForBrowser -prefsHandle 2756 -prefMapHandle 2752 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4bb7d73-fdf2-4465-80d1-3a4e5efdd8ad} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2768 1c9cce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.5.1137447730\1713784441" -childID 4 -isForBrowser -prefsHandle 3364 -prefMapHandle 3380 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae124a29-bb64-4612-b39a-39d912f33204} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3360 1aeaae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.6.1104476266\1990714617" -childID 5 -isForBrowser -prefsHandle 3544 -prefMapHandle 3556 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd45cb6c-a251-4a35-a831-1fec4791a2ae} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3532 1d9e2e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.7.1322895084\2093808617" -childID 6 -isForBrowser -prefsHandle 3624 -prefMapHandle 3628 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12a98283-7394-4759-b501-4fff0704ac8b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3612 1eef3e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.8.381944852\102800740" -childID 7 -isForBrowser -prefsHandle 4108 -prefMapHandle 4124 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b862ee-8ccd-47fe-a160-c025a81a2483} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4140 21a94c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.9.215003069\1981387574" -childID 8 -isForBrowser -prefsHandle 1588 -prefMapHandle 1584 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f31aaaec-c26f-4642-b230-e75f4ba11dca} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1852 1c21ab58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.10.1372264191\1217637551" -childID 9 -isForBrowser -prefsHandle 3776 -prefMapHandle 3716 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fde287af-6ea7-45aa-92de-d4baabf1644d} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3612 1f77b858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.11.1788152548\902271762" -childID 10 -isForBrowser -prefsHandle 4524 -prefMapHandle 4528 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {227e84ba-eeee-4581-806b-0a95add54733} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4512 1f77d958 tab

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.12.1965912592\2057399211" -childID 11 -isForBrowser -prefsHandle 4120 -prefMapHandle 4176 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cec6cc4-2f6f-4dc7-a43f-06cfbab82f44} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4244 21ad3e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.13.1125509121\116013301" -childID 12 -isForBrowser -prefsHandle 2768 -prefMapHandle 2892 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a590be48-2b10-4bae-8bfc-b721a80c5423} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1620 21993a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.14.1910673715\2126979476" -childID 13 -isForBrowser -prefsHandle 8604 -prefMapHandle 4416 -prefsLen 27342 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf541732-d5a3-480f-85b7-ec42059936ff} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2768 1ee49058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.15.1494907295\1634345245" -childID 14 -isForBrowser -prefsHandle 8460 -prefMapHandle 8464 -prefsLen 27342 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39309536-db5d-4160-894c-61b5704e051a} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4416 1c219558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.16.1964472680\1979185737" -childID 15 -isForBrowser -prefsHandle 8324 -prefMapHandle 8460 -prefsLen 27342 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13b0d228-e16f-4832-b575-8f91fc731b3c} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8516 e65058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.17.819143908\371894513" -childID 16 -isForBrowser -prefsHandle 7684 -prefMapHandle 7680 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5414bcbc-7de0-4558-a4c4-f0b120d10195} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7644 229ef858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.18.1402918675\91659363" -parentBuildID 20221007134813 -prefsHandle 7472 -prefMapHandle 7680 -prefsLen 27351 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4318aa1e-e921-4e76-b313-204b193b7c12} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7684 2925cb58 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.19.1731632904\182859897" -childID 17 -isForBrowser -prefsHandle 8384 -prefMapHandle 8372 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {589d4876-c3e2-470d-b64d-af12a5c88a89} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8388 1f77d958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.20.391115887\1656660924" -childID 18 -isForBrowser -prefsHandle 3968 -prefMapHandle 8576 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea08af41-4011-4d34-9dae-585d7f2c63b5} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1620 1f77eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.21.581971575\438386730" -childID 19 -isForBrowser -prefsHandle 4668 -prefMapHandle 8436 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01335d20-8ccc-4f4c-8ea1-f36a6ebf98bd} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3608 f1e1058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.22.1180876731\559222321" -childID 20 -isForBrowser -prefsHandle 1780 -prefMapHandle 1884 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {153f9fe7-bc20-4e2b-9a55-24abc2bc2ca1} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4396 1c21c958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.23.740285367\104406705" -childID 21 -isForBrowser -prefsHandle 8600 -prefMapHandle 8332 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f2bb7c0-ebb1-489e-bc97-b2b602a76e2f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7960 e65058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.24.604238685\790644739" -childID 22 -isForBrowser -prefsHandle 4212 -prefMapHandle 4480 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcde7687-d68f-4566-81b6-516f8f0c1f50} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2824 1f77e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.25.216679311\1634333904" -childID 23 -isForBrowser -prefsHandle 4660 -prefMapHandle 8336 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe272de-00d4-476b-9b57-7a9009d0933b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4604 f1e1f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.26.1817764562\1882892051" -childID 24 -isForBrowser -prefsHandle 4688 -prefMapHandle 4596 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {190626a9-e0eb-4b32-8c51-c27872a5bc07} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8584 1c2f7558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.27.1159200782\848186151" -childID 25 -isForBrowser -prefsHandle 7664 -prefMapHandle 7964 -prefsLen 27360 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e2fdfc-1fc6-48ca-80ff-54ebf24b5691} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7904 21994f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.28.1523615548\172129068" -childID 26 -isForBrowser -prefsHandle 2836 -prefMapHandle 8236 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2494e261-3ca4-42a6-9363-de6e7350e8fa} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3612 1c21d858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.29.1041142459\52594251" -childID 27 -isForBrowser -prefsHandle 3808 -prefMapHandle 1796 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4430bf3d-1eae-4055-b5f4-1002cf6872b7} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8432 1c9cce58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.30.1169455923\1496046373" -childID 28 -isForBrowser -prefsHandle 7952 -prefMapHandle 2748 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e6ba0d0-60ae-49d7-9e3c-38558d9c58ff} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7592 22492858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.31.958516904\873474316" -childID 29 -isForBrowser -prefsHandle 7244 -prefMapHandle 3852 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d249428b-925b-480c-82a9-2efbcf711c6b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8060 2248fb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.32.1109537557\999472241" -childID 30 -isForBrowser -prefsHandle 4236 -prefMapHandle 7920 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8da91fa1-d0dc-4539-85cb-bab82341fcd6} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7528 2916dc58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.33.1714109139\724376332" -childID 31 -isForBrowser -prefsHandle 2996 -prefMapHandle 4204 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26cf9788-f8dc-4b7d-925c-ce1d368c26cf} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4568 22335658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.34.1687168056\950938215" -childID 32 -isForBrowser -prefsHandle 7520 -prefMapHandle 3580 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1c1d8af-c26c-49d1-9a2b-6364ad62e214} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3780 29480c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.35.1209663147\119431065" -childID 33 -isForBrowser -prefsHandle 8512 -prefMapHandle 3560 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24704b31-1e6a-4bf9-8ecb-5d2a21095d61} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7904 f0a4c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.36.1421675917\1097031120" -childID 34 -isForBrowser -prefsHandle 3660 -prefMapHandle 3968 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f30a9e5c-1625-48df-917e-6f7d8b030a6c} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 6988 ee47058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.37.981024071\1563320119" -childID 35 -isForBrowser -prefsHandle 8392 -prefMapHandle 8320 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {208ddb24-91a5-442f-84df-338132f2427b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8388 e2db58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.38.1433830682\301898445" -childID 36 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c1b0df-db13-4a05-af7f-ccfbb833f6d6} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3476 296bc858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.39.1083045442\2038991706" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4288 -prefMapHandle 8644 -prefsLen 27895 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32529583-f8bc-4779-af72-b8368678e956} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8320 2b73c658 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.40.208508694\145172663" -childID 37 -isForBrowser -prefsHandle 8480 -prefMapHandle 3540 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b94028e-ce01-4997-b086-49bcfc504326} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7616 2f8b2058 tab

C:\Users\Admin\Desktop\Bonzify.exe

"C:\Users\Admin\Desktop\Bonzify.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im AgentSvr.exe

C:\Windows\SysWOW64\takeown.exe

takeown /r /d y /f C:\Windows\MsAgent

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe"

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe"

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe"

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe" /grant "everyone":(f)

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ComSvcConfig.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ComSvcConfig.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ComSvcConfig.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\261c09179eae03d67c9b6f3e70b603bd\dfsvc.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\261c09179eae03d67c9b6f3e70b603bd\dfsvc.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\261c09179eae03d67c9b6f3e70b603bd\dfsvc.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\df459c0a2762c33e0699703f186b1751\Microsoft.Workflow.Compiler.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\df459c0a2762c33e0699703f186b1751\Microsoft.Workflow.Compiler.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\df459c0a2762c33e0699703f186b1751\Microsoft.Workflow.Compiler.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b93c627ec2e15c2675bcc81edafb10be\MSBuild.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b93c627ec2e15c2675bcc81edafb10be\MSBuild.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b93c627ec2e15c2675bcc81edafb10be\MSBuild.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\e88db1688b08fbb889b0b9d4b1a51493\SMSvcHost.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\e88db1688b08fbb889b0b9d4b1a51493\SMSvcHost.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\e88db1688b08fbb889b0b9d4b1a51493\SMSvcHost.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\537950d9c71af966e1d8c9deb550f842\WsatConfig.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\537950d9c71af966e1d8c9deb550f842\WsatConfig.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\537950d9c71af966e1d8c9deb550f842\WsatConfig.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\9a69a26417a09c2d9d7f67bf7592bd74\ComSvcConfig.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\9a69a26417a09c2d9d7f67bf7592bd74\ComSvcConfig.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\9a69a26417a09c2d9d7f67bf7592bd74\ComSvcConfig.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\bb4a1994db088e84b9d383271b082250\dfsvc.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\bb4a1994db088e84b9d383271b082250\dfsvc.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\bb4a1994db088e84b9d383271b082250\dfsvc.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\5ada68cfa2258a2d4e3c3779106faf9b\Microsoft.Workflow.Compiler.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\5ada68cfa2258a2d4e3c3779106faf9b\Microsoft.Workflow.Compiler.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\5ada68cfa2258a2d4e3c3779106faf9b\Microsoft.Workflow.Compiler.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\f4a88265ac4ad47978daef8c5482fd30\MSBuild.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\f4a88265ac4ad47978daef8c5482fd30\MSBuild.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\f4a88265ac4ad47978daef8c5482fd30\MSBuild.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\0b4d4e172e8054cb61d27f5ab9e0e445\SMSvcHost.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\0b4d4e172e8054cb61d27f5ab9e0e445\SMSvcHost.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\0b4d4e172e8054cb61d27f5ab9e0e445\SMSvcHost.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\9683999d889dc0b8782c782e2fc1aee5\WsatConfig.ni.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\9683999d889dc0b8782c782e2fc1aee5\WsatConfig.ni.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\9683999d889dc0b8782c782e2fc1aee5\WsatConfig.ni.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\bfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\bfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\bfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Boot\PCAT\memtest.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Boot\PCAT\memtest.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Boot\PCAT\memtest.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\CreateDisc\SBEServer.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\CreateDisc\SBEServer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\CreateDisc\SBEServer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehexthost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehexthost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehexthost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehmsas.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehmsas.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehmsas.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehprivjob.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehprivjob.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehprivjob.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehrec.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehrec.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehrec.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehrecvr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehrecvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehrecvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehsched.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehsched.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehsched.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehshell.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehshell.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehshell.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehtray.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehtray.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehtray.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehvid.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\ehvid.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\ehvid.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\loadmxf.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\loadmxf.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\loadmxf.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\mcGlidHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\mcGlidHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\mcGlidHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\McrMgr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\McrMgr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\McrMgr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\mcspad.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\mcspad.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\mcspad.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\mcupdate.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\mcupdate.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\mcupdate.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\Mcx2Prov.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\Mcx2Prov.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\Mcx2Prov.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\McxTask.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\McxTask.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\McxTask.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\MediaCenterWebLauncher.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\MediaCenterWebLauncher.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\MediaCenterWebLauncher.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\RegisterMCEApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\RegisterMCEApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\RegisterMCEApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\wow\ehexthost32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\wow\ehexthost32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\wow\ehexthost32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\WTVConverter.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\ehome\WTVConverter.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\ehome\WTVConverter.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\explorer.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\explorer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\explorer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\fveupdate.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\fveupdate.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\fveupdate.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\HelpPane.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\HelpPane.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\HelpPane.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\hh.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\hh.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\hh.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe" /grant "everyone":(f)

C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\Setup.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\Setup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\Setup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\NETFXRepair.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Microsoft.NET\NETFXRepair.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Microsoft.NET\NETFXRepair.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\msagent\AgentSvr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\msagent\AgentSvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\msagent\AgentSvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\notepad.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\notepad.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\notepad.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\regedit.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\regedit.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\regedit.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\GC64\tzupd.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\GC64\tzupd.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\GC64\tzupd.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\TrustedInstaller.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\servicing\TrustedInstaller.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\servicing\TrustedInstaller.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Speech\Common\sapisvr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\Speech\Common\sapisvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\Speech\Common\sapisvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\splwow64.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\splwow64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\splwow64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\AdapterTroubleshooter.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\AdapterTroubleshooter.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\AdapterTroubleshooter.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ARP.EXE"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\ARP.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\ARP.EXE" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\at.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\at.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\at.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\AtBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\AtBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\AtBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\attrib.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\attrib.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\attrib.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\auditpol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\auditpol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\auditpol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\autochk.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\autochk.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\autochk.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\autoconv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\autoconv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\autoconv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\autofmt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\autofmt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\autofmt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\bitsadmin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\bitsadmin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\bitsadmin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\bootcfg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\bootcfg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\bootcfg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\bthudtask.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\bthudtask.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\bthudtask.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cacls.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cacls.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cacls.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\calc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\calc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\CertEnrollCtrl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\CertEnrollCtrl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\CertEnrollCtrl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\certreq.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\certreq.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\certreq.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\certutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\certutil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\certutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\charmap.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\charmap.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\charmap.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\chkdsk.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\chkdsk.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\chkdsk.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\chkntfs.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\chkntfs.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\chkntfs.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\choice.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\choice.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\choice.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cipher.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cipher.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cipher.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cleanmgr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cleanmgr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cleanmgr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cliconfg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cliconfg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cliconfg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\clip.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\clip.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\clip.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cmd.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cmd.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmdkey.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cmdkey.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cmdkey.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmdl32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cmdl32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cmdl32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmmon32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cmmon32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cmmon32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmstp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cmstp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\colorcpl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\colorcpl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\colorcpl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\com\comrepl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\com\comrepl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\com\comrepl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\com\MigRegDB.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1129964966189833787144038674126514774619881172251621712906-433896764-1757282414"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\com\MigRegDB.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\com\MigRegDB.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\comp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\comp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\comp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\compact.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\compact.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\compact.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ComputerDefaults.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\ComputerDefaults.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\ComputerDefaults.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\control.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\control.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\convert.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\convert.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\convert.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\credwiz.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1781932378-1766328095-532771661-10708243636610611391606137928-648178787-912705441"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\credwiz.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\credwiz.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cscript.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cscript.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cscript.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ctfmon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\ctfmon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\ctfmon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cttune.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cttune.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cttune.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cttunesvr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\cttunesvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\cttunesvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dccw.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1133427642-673777740397756849-17882039517769876371295412466965003397-177872429"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dccw.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dccw.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dcomcnfg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dcomcnfg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dcomcnfg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ddodiag.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "256710130-1705162402-2951070633061003451863202341-1398341669-1707678573-1966991597"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\ddodiag.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\ddodiag.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DevicePairingWizard.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DevicePairingWizard.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DevicePairingWizard.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DeviceProperties.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DeviceProperties.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DeviceProperties.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dfrgui.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dfrgui.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dfrgui.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dialer.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dialer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dialer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diantz.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "260761619-1357678329-4016496183635818411500310561-1852795486-996265461834913524"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\diantz.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\diantz.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskpart.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\diskpart.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\diskpart.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskperf.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\diskperf.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\diskperf.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskraid.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "1929571302-8116319221185742595960466495-20083367211976054103-1329848024-124215138"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\diskraid.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\diskraid.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Dism\DismHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\Dism\DismHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\Dism\DismHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Dism.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "517170059638385239-2102462785-728983640-2413061241320130617-1225651140606568306"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\Dism.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\Dism.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DisplaySwitch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DisplaySwitch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DisplaySwitch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dllhost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dllhost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dllhost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dllhst3g.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dllhst3g.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dllhst3g.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dnscacheugc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dnscacheugc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dnscacheugc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\doskey.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "193192629227661306-92496568419594957141958258861385175989-1844141876-401080173"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\doskey.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\doskey.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dpapimig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dpapimig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dpapimig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DpiScaling.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DpiScaling.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DpiScaling.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dplaysvr.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-59727792617255525651801297489-16985016352036510586-1447823601-452860981-1947197612"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dplaysvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dplaysvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dpnsvr.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1920396353890976458-1062280222-5949874892078014483-1072173438653809126-1745036594"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\dpnsvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\dpnsvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\driverquery.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "469487295594041979-267390071-21160013081708137941758986125-563356732-328941176"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\driverquery.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\driverquery.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-1279795146-550034502586952945442256614291757257-3793915198873548741907868723"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe"

C:\Windows\system32\conhost.exe

\??\C:\Windows\system32\conhost.exe "-497418409208167589921701655-19342664-1924003363-13864562242088457022318578101"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe" /grant "everyone":(f)

Network

Country Destination Domain Proto
N/A 127.0.0.1:49201 tcp
US 8.8.8.8:53 bonzi.link udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
DE 85.10.211.177:80 bonzi.link tcp
DE 85.10.211.177:80 bonzi.link tcp
US 8.8.8.8:53 bonzi.link udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 bonzi.link udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
DE 85.10.211.177:80 bonzi.link tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
DE 85.10.211.177:80 bonzi.link tcp
DE 85.10.211.177:80 bonzi.link tcp
DE 85.10.211.177:80 bonzi.link tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
NL 142.251.39.98:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 d36ee2fcip1434.cloudfront.net udp
N/A 127.0.0.1:49207 tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.174:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
NL 142.250.179.174:443 www3.l.google.com udp
NL 142.251.36.3:80 fonts.gstatic.com tcp
NL 142.251.36.3:80 fonts.gstatic.com tcp
NL 142.251.36.3:80 fonts.gstatic.com tcp
US 8.8.8.8:53 support.microsoft.com udp
GB 184.25.192.150:443 support.microsoft.com tcp
GB 184.25.192.150:443 support.microsoft.com tcp
GB 184.25.192.150:443 support.microsoft.com tcp
NL 142.250.179.174:443 www3.l.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.174:443 www3.l.google.com udp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
NL 142.251.36.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.174:443 www3.l.google.com tcp
NL 142.250.179.174:443 www3.l.google.com tcp
NL 142.250.179.174:443 www3.l.google.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.251.36.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.97:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
NL 142.251.36.42:80 fonts.googleapis.com tcp
NL 142.251.36.42:80 fonts.googleapis.com tcp
NL 142.251.39.102:443 s0.2mdn.net tcp
NL 172.217.23.194:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.102:443 s0.2mdn.net tcp
NL 172.217.23.194:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.39.102:443 s0.2mdn.net udp
NL 172.217.23.194:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 bonzi.link udp
DE 85.10.211.177:443 bonzi.link tcp
US 8.8.8.8:53 bonzi.link udp
DE 85.10.211.177:443 bonzi.link udp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 support.microsoft.com udp
GB 184.25.192.150:443 support.microsoft.com tcp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
GB 184.25.193.234:443 www.microsoft.com tcp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
GB 184.25.193.234:443 e13678.dscb.akamaiedge.net tcp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 13.107.253.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 s-part-0036.t-0009.fb-t-msedge.net udp
NL 40.126.32.140:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.tm.ak.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 s-part-0036.t-0009.fb-t-msedge.net udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.23:443 browser.events.data.microsoft.com tcp
US 20.189.173.23:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdwus16.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus16.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus16.westus.cloudapp.azure.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 8.8.8.8:53 iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus16.westus.cloudapp.azure.com udp
US 8.8.8.8:53 support.content.office.net udp
IT 2.21.52.76:443 support.content.office.net tcp
US 8.8.8.8:53 e12627.g.akamaiedge.net udp
US 8.8.8.8:53 e12627.g.akamaiedge.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus14.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus14.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus14.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus14.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdfrc00.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdfrc00.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus17.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus17.westus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdgwc02.germanywestcentral.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdgwc02.germanywestcentral.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdeus01.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdeus01.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus20.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus20.westus.cloudapp.azure.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 2.18.27.82:443 e86303.dscx.akamaiedge.net udp
GB 2.18.27.82:443 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 2.18.27.82:443 e86303.dscx.akamaiedge.net tcp
GB 2.18.27.82:443 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com tcp
GB 2.18.27.82:443 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com tcp
GB 2.18.27.82:443 th.bing.com udp
NL 40.126.32.140:443 www.tm.v4.a.prd.aadg.trafficmanager.net tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 e-0001.e-msedge.net udp
US 8.8.8.8:53 e-0001.e-msedge.net udp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
US 8.8.8.8:53 ts1.mm.bing.net udp
US 8.8.8.8:53 ts3.mm.bing.net udp
US 8.8.8.8:53 ts4.mm.bing.net udp
US 8.8.8.8:53 ts2.mm.bing.net udp
US 150.171.27.10:80 ts2.mm.bing.net tcp
US 150.171.27.10:80 ts2.mm.bing.net tcp
US 150.171.27.10:80 ts2.mm.bing.net tcp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 150.171.28.10:80 ax-0001.ax-msedge.net tcp
US 150.171.28.10:80 ax-0001.ax-msedge.net tcp
US 150.171.28.10:80 ax-0001.ax-msedge.net tcp
US 150.171.28.10:80 ax-0001.ax-msedge.net tcp
US 150.171.28.10:80 ax-0001.ax-msedge.net tcp
US 150.171.28.10:80 ax-0001.ax-msedge.net tcp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 150.171.27.10:80 ax-0001.ax-msedge.net tcp
US 8.8.8.8:53 testfamilysafety.bing.com udp
US 8.8.8.8:53 wallup.net udp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 8.8.8.8:53 explicit.any.edge.bing.com udp
DE 144.76.39.8:443 wallup.net tcp
US 8.8.8.8:53 wallup.net udp
US 8.8.8.8:53 explicit.any.edge.bing.com udp
US 8.8.8.8:53 wallup.net udp
US 8.8.8.8:53 wallpapercave.com udp
US 104.22.53.71:443 wallpapercave.com tcp
US 8.8.8.8:53 wallpapercave.com udp
US 8.8.8.8:53 wallpapercave.com udp
US 104.22.53.71:443 wallpapercave.com udp
US 8.8.8.8:53 tse2.mm.bing.net udp
US 104.18.33.89:443 www.bing.com.cdn.cloudflare.net tcp
US 150.171.28.10:443 tse2.mm.bing.net tcp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 secure.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
N/A 127.0.0.1:52856 tcp
N/A 127.0.0.1:52860 tcp
US 8.8.8.8:53 steamunlocked.net udp
US 104.27.202.89:80 steamunlocked.net tcp
US 104.27.202.89:80 steamunlocked.net tcp
US 8.8.8.8:53 steamunlocked.net udp
US 104.27.202.89:80 steamunlocked.net tcp
US 8.8.8.8:53 steamunlocked.net udp
US 8.8.8.8:53 steamunlocked.net udp
US 104.27.201.89:443 steamunlocked.net tcp
US 8.8.8.8:53 steamunlocked.net udp
US 104.27.201.89:443 steamunlocked.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 steamunlocked.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 steamunlocked.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 steamunlocked.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 steamunlocked.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 uploadhaven.com udp
US 169.197.82.18:443 uploadhaven.com tcp
US 8.8.8.8:53 uploadhaven.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 uploadhaven.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 signamentswithded.com udp
US 8.8.8.8:53 atethebenefitsshe.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
NL 142.250.102.84:443 accounts.google.com tcp
NL 142.250.102.84:443 accounts.google.com tcp
GB 18.239.236.13:443 signamentswithded.com tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.202.198:443 atethebenefitsshe.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 signamentswithded.com udp
US 8.8.8.8:53 jecromaha.info udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 signamentswithded.com udp
US 103.224.212.215:443 jecromaha.info tcp
US 172.67.220.203:443 pogothere.xyz udp
NL 142.250.102.84:443 accounts.google.com udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 atethebenefitsshe.com udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 d3nz96k4xfpkvu.cloudfront.net udp
US 172.67.202.198:443 atethebenefitsshe.com udp
US 8.8.8.8:53 atethebenefitsshe.com udp
US 8.8.8.8:53 jecromaha.info udp
FR 108.159.117.197:443 d3nz96k4xfpkvu.cloudfront.net tcp
US 8.8.8.8:53 d3nz96k4xfpkvu.cloudfront.net udp
US 8.8.8.8:53 d3nz96k4xfpkvu.cloudfront.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 jecromaha.info udp
US 8.8.8.8:53 region1.google-analytics.com udp
IT 157.240.231.35:443 star-mini.c10r.facebook.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 jecromaha.info udp
US 8.8.8.8:53 uploadhaven.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 jecromaha.info udp
US 8.8.8.8:53 uploadhaven.com udp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 jecromaha.info udp
US 8.8.8.8:53 jecromaha.info udp
IT 157.240.231.35:443 star-mini.c10r.facebook.com udp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 jecromaha.info udp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 jecromaha.info udp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 jecromaha.info udp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 103.224.212.215:443 jecromaha.info tcp
US 8.8.8.8:53 jecromaha.info udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 loaksandtheir.info udp
GB 54.192.137.68:443 loaksandtheir.info tcp
US 8.8.8.8:53 loaksandtheir.info udp
US 8.8.8.8:53 loaksandtheir.info udp
US 8.8.8.8:53 retronewtab.com udp
US 134.209.43.73:443 retronewtab.com tcp
US 8.8.8.8:53 retronewtab.com udp
US 8.8.8.8:53 retronewtab.com udp
US 8.8.8.8:53 retronewtab.com udp
US 134.209.43.73:80 retronewtab.com tcp
US 8.8.8.8:53 retronewtab.com udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 cdn-4.convertexperiments.com udp
GB 2.19.252.211:443 use.typekit.net tcp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
GB 23.59.65.108:443 cdn-4.convertexperiments.com tcp
US 8.8.8.8:53 e5289.dscb.akamaiedge.net udp
US 8.8.8.8:53 e5289.dscb.akamaiedge.net udp
US 8.8.8.8:53 p.typekit.net udp
GB 2.19.252.218:443 p.typekit.net tcp
US 8.8.8.8:53 a1874.dscg1.akamai.net udp
US 8.8.8.8:53 a1874.dscg1.akamai.net udp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 8.8.8.8:53 dev.retronewtab.com udp
GB 2.19.252.211:443 a1988.dscg1.akamai.net tcp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 8.8.8.8:53 rpt.retronewtab.com udp
US 134.209.43.73:443 rpt.retronewtab.com tcp
US 8.8.8.8:53 rpt.retronewtab.com udp
US 134.209.43.73:443 rpt.retronewtab.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
NL 142.250.179.196:443 www.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 172.217.168.195:443 www.google.co.uk tcp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
US 35.186.235.23:443 cdn.mxpnl.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 rpt.retronewtab.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 35.186.235.23:443 cdn.mxpnl.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net tcp
NL 142.251.36.34:443 googleads.g.doubleclick.net udp
NL 142.250.102.154:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 addons.mozilla.org udp
EG 108.159.102.29:443 addons.mozilla.org tcp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 35.190.25.25:443 api-js.mixpanel.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 addons.mozilla.org udp
EG 108.159.102.45:443 addons.mozilla.org tcp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 www.retronewtab.com udp
US 134.209.43.73:443 www.retronewtab.com tcp
US 8.8.8.8:53 www.retronewtab.com udp
US 8.8.8.8:53 www.retronewtab.com udp
US 8.8.8.8:53 cdn-4.convertexperiments.com udp
US 8.8.8.8:53 e5289.dscb.akamaiedge.net udp
US 8.8.8.8:53 e5289.dscb.akamaiedge.net udp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 8.8.8.8:53 www.pixelhere.com udp
US 8.8.8.8:53 realiukzemydr.info udp
US 8.8.8.8:53 ad.propellerads.com udp
US 8.8.8.8:53 eu.rollerads.com udp
US 8.8.8.8:53 tracking.utlservice.com udp
US 8.8.8.8:53 cdn.mxpnl.com udp
US 172.67.200.44:443 www.pixelhere.com tcp
US 8.8.8.8:53 www.pixelhere.com udp
US 104.21.44.154:443 realiukzemydr.info tcp
DE 136.243.249.75:443 eu.rollerads.com tcp
NL 34.91.218.141:443 tracking.utlservice.com tcp
US 8.8.8.8:53 ad.propellerads.com udp
US 8.8.8.8:53 realiukzemydr.info udp
US 8.8.8.8:53 www.pixelhere.com udp
US 8.8.8.8:53 ad.propellerads.com udp
US 8.8.8.8:53 realiukzemydr.info udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 eu.1push.io udp
US 8.8.8.8:53 somoto.g2afse.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 eu.1push.io udp
US 8.8.8.8:53 somoto.g2afse.com udp
US 172.67.200.44:443 www.pixelhere.com udp
US 104.21.44.154:443 realiukzemydr.info udp
US 8.8.8.8:53 lottie.host udp
US 172.64.154.50:443 lottie.host tcp
US 8.8.8.8:53 lottie.host udp
US 8.8.8.8:53 lottie.host udp
NL 139.45.195.6:443 ad.propellerads.com tcp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.retronewtab.com udp
US 8.8.8.8:53 www.retronewtab.com udp
US 8.8.8.8:53 www.bonzi.com udp
US 54.241.97.167:80 www.bonzi.com tcp
US 54.241.97.167:80 www.bonzi.com tcp
US 172.67.202.198:443 atethebenefitsshe.com udp
US 8.8.8.8:53 ad.propellerads.com udp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 cdn-4.convertexperiments.com udp
US 8.8.8.8:53 p.typekit.net udp
US 35.186.235.23:443 cdn.mxpnl.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
NL 142.250.179.196:443 www.google.com tcp
NL 139.45.195.6:80 ad.propellerads.com tcp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
US 8.8.8.8:53 e5289.dscb.akamaiedge.net udp
US 8.8.8.8:53 a1874.dscg1.akamai.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 e5289.dscb.akamaiedge.net udp
US 8.8.8.8:53 a1988.dscg1.akamai.net udp
US 8.8.8.8:53 a1874.dscg1.akamai.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ad.propellerads.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 api-js.mixpanel.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 169.197.82.18:443 uploadhaven.com tcp
US 169.197.82.18:443 uploadhaven.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 download165.uploadhaven.com udp
US 8.8.8.8:53 download165.uploadhaven.com udp
US 169.197.82.22:443 download165.uploadhaven.com tcp
US 8.8.8.8:53 download165.uploadhaven.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.retronewtab.com udp
US 8.8.8.8:53 www.retronewtab.com udp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 steampowered.com udp
GB 104.83.1.150:80 steampowered.com tcp
GB 104.83.1.150:80 steampowered.com tcp
US 8.8.8.8:53 steampowered.com udp
US 8.8.8.8:53 steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 184.26.57.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 a1949.dscb.akamai.net udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 a1949.dscb.akamai.net udp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.130:443 a1949.dscb.akamai.net tcp
GB 173.222.211.130:443 a1949.dscb.akamai.net tcp
GB 173.222.211.130:443 a1949.dscb.akamai.net tcp
GB 173.222.211.130:443 a1949.dscb.akamai.net tcp
GB 173.222.211.130:443 a1949.dscb.akamai.net tcp
GB 173.222.211.130:443 a1949.dscb.akamai.net tcp
GB 173.222.211.113:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.113:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.113:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.113:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 173.222.211.105:443 store.akamai.steamstatic.com tcp
GB 184.26.57.136:443 store.steampowered.com tcp
GB 184.26.57.136:443 store.steampowered.com tcp
GB 184.26.57.136:443 store.steampowered.com tcp
GB 173.222.211.113:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.113:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
NL 172.217.168.195:443 www.google.co.uk udp
US 8.8.8.8:53 dlscord.com udp
US 15.197.148.33:80 dlscord.com tcp
US 15.197.148.33:80 dlscord.com tcp
US 8.8.8.8:53 dlscord.com udp
US 8.8.8.8:53 dlscord.com udp
US 8.8.8.8:53 dlscord.com udp
US 15.197.148.33:443 dlscord.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 img1.wsimg.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
GB 2.18.27.70:443 img1.wsimg.com tcp
GB 2.18.27.70:443 img1.wsimg.com tcp
US 8.8.8.8:53 e40258.g.akamaiedge.net udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 e40258.g.akamaiedge.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.aws.parking.godaddy.com udp
US 52.22.43.124:443 api.aws.parking.godaddy.com tcp
US 52.22.43.124:443 api.aws.parking.godaddy.com tcp
US 8.8.8.8:53 gddomainparking.com udp
US 8.8.8.8:53 gddomainparking.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 consent.truste.com udp
IE 108.159.120.120:443 consent.truste.com tcp
US 8.8.8.8:53 consent.truste.com udp
EG 108.159.120.94:443 widget.trustpilot.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 consent.truste.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 consent.trustarc.com udp
IE 108.159.120.125:443 consent.trustarc.com tcp
IE 108.159.120.125:443 consent.trustarc.com tcp
IE 108.159.120.125:443 consent.trustarc.com tcp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 www.bonzi.com udp
US 54.241.97.167:80 www.bonzi.com tcp
US 54.241.97.167:80 www.bonzi.com tcp
US 8.8.8.8:53 dlscord.net udp
US 8.8.8.8:53 www.dlscord.net udp
US 8.8.8.8:53 support.mozilla.org udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 dlscord.be udp
US 8.8.8.8:53 www.dlscord.be udp
US 8.8.8.8:53 discord.be udp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 discord.be udp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 discord.be udp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 www.domainorder.com udp
US 8.8.8.8:53 www.domainorder.com udp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 www.domainorder.com udp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
NL 216.58.208.98:443 googleads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
NL 216.58.208.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
NL 172.217.168.195:443 www.google.co.uk tcp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 172.217.168.195:443 www.google.co.uk udp
US 8.8.8.8:53 www.domainorder.nl udp
US 8.8.8.8:53 www.domainorder.nl udp
US 8.8.8.8:53 sold.domainorder.nl udp
US 8.8.8.8:53 sold.domainorder.nl udp
US 8.8.8.8:53 www.domainorder.nl udp
US 8.8.8.8:53 sold.domainorder.nl udp
US 8.8.8.8:53 www.domainorder.nl udp
NL 213.132.197.230:80 www.domainorder.nl tcp
NL 213.132.197.230:80 www.domainorder.nl tcp
NL 213.132.197.230:80 www.domainorder.nl tcp
NL 213.132.197.230:80 www.domainorder.nl tcp
US 8.8.8.8:53 www.domainorder.nl udp
US 8.8.8.8:53 www.domainorder.nl udp
NL 213.132.197.230:443 www.domainorder.nl tcp
US 8.8.8.8:53 www.domainorder.nl udp
US 8.8.8.8:53 region1.google-analytics.com udp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.retronewtab.com udp
US 8.8.8.8:53 www.retronewtab.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
NL 213.132.197.230:443 www.domainorder.nl tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 peepee.com udp
US 13.248.169.48:80 peepee.com tcp
US 13.248.169.48:80 peepee.com tcp
US 8.8.8.8:53 peepee.com udp
US 8.8.8.8:53 peepee.com udp
US 8.8.8.8:53 peepee.com udp
US 13.248.169.48:443 peepee.com tcp
US 8.8.8.8:53 peepee.com udp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.90.233:443 versioncheck-bg.addons.mozilla.org tcp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 www.afternic.com udp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
GB 2.16.167.123:443 e126871.dsca.akamaiedge.net tcp
US 8.8.8.8:53 service.force.com udp
US 8.8.8.8:53 img6.wsimg.com udp
FR 85.222.146.190:443 service.force.com tcp
US 8.8.8.8:53 location.l.force.com udp
US 8.8.8.8:53 location.l.force.com udp
US 34.160.90.233:443 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 e40258.g.akamaiedge.net udp
GB 2.16.167.107:443 e40258.g.akamaiedge.net tcp
GB 2.16.167.107:443 e40258.g.akamaiedge.net tcp
GB 2.16.167.107:443 e40258.g.akamaiedge.net tcp
GB 2.16.167.107:443 e40258.g.akamaiedge.net tcp
GB 2.16.167.107:443 e40258.g.akamaiedge.net tcp
GB 2.16.167.107:443 e40258.g.akamaiedge.net tcp
GB 2.16.167.107:443 e40258.g.akamaiedge.net tcp
GB 2.16.167.107:443 e40258.g.akamaiedge.net tcp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 142.250.179.174:443 redirector.gvt1.com tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
NL 142.250.179.174:443 redirector.gvt1.com udp
DE 74.125.163.138:443 r5---sn-4g5lzney.gvt1.com tcp
US 8.8.8.8:53 r5.sn-4g5lzney.gvt1.com udp
US 8.8.8.8:53 r5.sn-4g5lzney.gvt1.com udp
DE 74.125.163.138:443 r5.sn-4g5lzney.gvt1.com udp
US 8.8.8.8:53 ds-aksb-a.akamaihd.net udp
GB 2.18.190.72:443 ds-aksb-a.akamaihd.net tcp
US 8.8.8.8:53 a1910.dscq.akamai.net udp
US 8.8.8.8:53 a1910.dscq.akamai.net udp
US 8.8.8.8:53 gui.secureserver.net udp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 img1.wsimg.com udp
GB 104.103.200.146:443 gui.secureserver.net tcp
US 8.8.8.8:53 e8843.dscx.akamaiedge.net udp
GB 2.16.167.107:443 img1.wsimg.com tcp
US 8.8.8.8:53 e8843.dscx.akamaiedge.net udp
NL 142.250.179.163:443 recaptcha.net tcp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 recaptcha.net udp
NL 142.250.179.163:443 recaptcha.net udp
US 8.8.8.8:53 www.bonzi.com udp
US 54.241.97.167:80 www.bonzi.com tcp
US 54.241.97.167:80 www.bonzi.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 events.api.secureserver.net udp
US 8.8.8.8:53 csp.secureserver.net udp
GB 104.103.200.146:443 csp.secureserver.net tcp
GB 104.103.200.146:443 csp.secureserver.net tcp
GB 104.103.200.146:443 csp.secureserver.net tcp
US 8.8.8.8:53 e8843.dsca.akamaiedge.net udp
GB 2.16.167.130:443 events.api.secureserver.net tcp
GB 2.16.167.130:443 events.api.secureserver.net tcp
GB 2.16.167.130:443 events.api.secureserver.net tcp
US 8.8.8.8:53 e64861.dsca.akamaiedge.net udp
US 8.8.8.8:53 e64861.dsca.akamaiedge.net udp
US 8.8.8.8:53 e8843.dsca.akamaiedge.net udp
US 8.8.8.8:53 peepeepoopoo.com udp
US 162.241.253.204:80 peepeepoopoo.com tcp
US 162.241.253.204:80 peepeepoopoo.com tcp
US 8.8.8.8:53 peepeepoopoo.com udp
US 8.8.8.8:53 peepeepoopoo.com udp
US 8.8.8.8:53 peepeepoopoo.com udp
US 162.241.253.204:443 peepeepoopoo.com tcp
US 8.8.8.8:53 peepeepoopoo.com udp
US 8.8.8.8:53 i0.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 i0.wp.com udp
US 192.0.76.3:443 stats.wp.com udp
US 192.0.77.2:443 i0.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 peepee.com udp
US 13.248.169.48:80 peepee.com tcp
US 8.8.8.8:53 peepee.com udp
US 8.8.8.8:53 peepee.com udp
US 8.8.8.8:53 peepee.com udp
US 8.8.8.8:53 peepee.com udp
US 13.248.169.48:443 peepee.com tcp
US 8.8.8.8:53 peepee.com udp
US 8.8.8.8:53 www.afternic.com udp
GB 2.16.167.91:443 www.afternic.com tcp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
US 8.8.8.8:53 e126871.dsca.akamaiedge.net udp
US 8.8.8.8:53 img6.wsimg.com udp
FR 85.222.146.190:443 service.force.com tcp
GB 2.16.167.121:443 img6.wsimg.com tcp
GB 2.16.167.121:443 img6.wsimg.com tcp
GB 2.16.167.121:443 img6.wsimg.com tcp
GB 2.16.167.121:443 img6.wsimg.com tcp
GB 2.16.167.121:443 img6.wsimg.com tcp
GB 2.16.167.121:443 img6.wsimg.com tcp
US 8.8.8.8:53 e40258.g.akamaiedge.net udp
US 8.8.8.8:53 ds-aksb-a.akamaihd.net udp
GB 2.18.190.72:443 ds-aksb-a.akamaihd.net tcp
US 8.8.8.8:53 gui.secureserver.net udp
US 8.8.8.8:53 a1910.dscq.akamai.net udp
GB 104.103.200.146:443 gui.secureserver.net tcp
US 8.8.8.8:53 e8843.dscx.akamaiedge.net udp
US 8.8.8.8:53 recaptcha.net udp
US 8.8.8.8:53 e8843.dscx.akamaiedge.net udp
NL 142.250.179.163:443 recaptcha.net tcp
US 8.8.8.8:53 recaptcha.net udp
NL 142.250.179.163:443 recaptcha.net udp
US 8.8.8.8:53 discord.be udp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 discord.be udp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 discord.be udp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 www.domainorder.com udp
US 8.8.8.8:53 discord.be udp
NL 213.132.197.232:443 www.domainorder.com tcp
US 8.8.8.8:53 www.domainorder.com udp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.232:443 www.domainorder.com tcp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 discord.be udp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
NL 213.132.197.99:80 discord.be tcp
US 8.8.8.8:53 discord.be udp
US 8.8.8.8:53 www.domainorder.nl udp
US 8.8.8.8:53 sold.domainorder.nl udp
US 8.8.8.8:53 sold.domainorder.nl udp
US 8.8.8.8:53 www.domainorder.nl udp
US 8.8.8.8:53 dlscord.com udp
US 15.197.148.33:80 dlscord.com tcp
US 8.8.8.8:53 dlscord.com udp
US 15.197.148.33:80 dlscord.com tcp
US 8.8.8.8:53 dlscord.com udp
US 8.8.8.8:53 dlscord.com udp
US 15.197.148.33:443 dlscord.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img1.wsimg.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 104.22.75.216:443 btloader.com tcp
US 8.8.8.8:53 btloader.com udp
GB 2.16.167.128:443 img1.wsimg.com tcp
GB 2.16.167.128:443 img1.wsimg.com tcp
US 8.8.8.8:53 suggesting.retronewtab.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 134.209.43.73:443 suggesting.retronewtab.com tcp
US 8.8.8.8:53 suggesting.retronewtab.com udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 suggesting.retronewtab.com udp
US 8.8.8.8:53 store.steampowered.com udp
GB 184.26.57.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 shared.akamai.steamstatic.com udp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 a1949.dscb.akamai.net udp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.115:443 cdn.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.104:443 shared.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
GB 173.222.211.121:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 184.26.57.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 184.26.57.136:443 store.steampowered.com tcp
GB 184.26.57.136:443 store.steampowered.com tcp
GB 184.26.57.136:443 store.steampowered.com tcp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 184.28.176.40:443 www.bing.com udp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
GB 184.28.176.40:443 e86303.dscx.akamaiedge.net tcp
GB 184.28.176.40:443 e86303.dscx.akamaiedge.net tcp
US 8.8.8.8:53 e86303.dscx.akamaiedge.net udp
US 8.8.8.8:53 ts4.mm.bing.net udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
GB 184.28.176.104:443 www.bing.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
GB 184.28.176.104:443 www.bing.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 52.52.122.181:80 www.bonzi.com tcp
GB 184.28.176.10:443 th.bing.com udp
GB 184.28.176.104:443 th.bing.com udp
GB 184.28.176.10:443 th.bing.com tcp
GB 184.28.176.10:443 th.bing.com tcp
GB 184.28.176.10:443 th.bing.com tcp
GB 184.28.176.10:443 th.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 www.bing.com.cdn.cloudflare.net udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 api.github.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 support.microsoft.com udp
GB 184.25.192.150:443 support.microsoft.com tcp
GB 184.25.192.150:443 support.microsoft.com tcp
GB 184.25.192.150:443 support.microsoft.com tcp
US 8.8.8.8:53 api.bing.com udp
N/A 127.0.0.1:57360 tcp
N/A 127.0.0.1:57364 tcp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
US 8.8.8.8:53 e11290.dspg.akamaiedge.net udp
GB 184.25.192.150:443 support.microsoft.com tcp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
GB 184.25.193.234:443 www.microsoft.com tcp
US 8.8.8.8:53 e13678.dscb.akamaiedge.net udp
US 13.107.253.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 s-part-0036.t-0009.fb-t-msedge.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
US 8.8.8.8:53 s-part-0036.t-0009.fb-t-msedge.net udp
US 8.8.8.8:53 a1449.dscg2.akamai.net udp
GB 184.25.193.234:443 e13678.dscb.akamaiedge.net tcp
US 8.8.8.8:53 support.content.office.net udp
NL 23.51.76.237:443 support.content.office.net tcp
US 8.8.8.8:53 e12627.g.akamaiedge.net udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
NL 20.190.160.17:443 login.microsoftonline.com tcp
US 8.8.8.8:53 www.tm.ak.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 www.tm.ak.prd.aadg.trafficmanager.net udp
US 13.107.253.64:443 s-part-0036.t-0009.fb-t-msedge.net tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 13.107.253.64:443 s-part-0036.t-0009.fb-t-msedge.net tcp
US 8.8.8.8:53 www.tm.v4.a.prd.aadg.trafficmanager.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
AU 40.79.167.8:443 browser.events.data.microsoft.com tcp
AU 40.79.167.8:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdaue02.australiaeast.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdaue02.australiaeast.cloudapp.azure.com udp
US 8.8.8.8:53 iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus00.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus10.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus10.westus.cloudapp.azure.com udp
US 8.8.8.8:53 redir.metaservices.microsoft.com udp
GB 173.222.211.58:80 redir.metaservices.microsoft.com tcp
US 8.8.8.8:53 onlinestores.metaservices.microsoft.com udp
GB 2.18.190.80:80 onlinestores.metaservices.microsoft.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.241.97.167:80 www.bonzi.com tcp
US 54.241.97.167:80 www.bonzi.com tcp
US 54.241.97.167:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 opensea.io udp
US 104.18.20.168:443 opensea.io tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.80:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 104.18.20.168:443 opensea.io tcp
US 8.8.8.8:53 www.microsoft.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.241.97.167:80 www.bonzi.com tcp
US 104.18.20.168:443 opensea.io tcp
US 8.8.8.8:53 www.bonzi.com udp
US 54.241.97.167:80 www.bonzi.com tcp
US 54.241.97.167:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 104.18.20.168:443 opensea.io tcp
US 8.8.8.8:53 www.bonzi.com udp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 54.241.97.167:80 www.bonzi.com tcp
US 104.18.20.168:443 opensea.io tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 52.52.122.181:80 www.bonzi.com tcp
US 104.18.20.168:443 opensea.io tcp
US 52.52.122.181:80 www.bonzi.com tcp
N/A 127.0.0.1:58283 tcp
N/A 127.0.0.1:58287 tcp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin

MD5 a1d8b895585306af9618c2d6c41757b1
SHA1 d883213b781bbb6cdfbcfb2fb5cfc2861102b8f1
SHA256 30036dbce5ca9a6478c2fe91c3f18ae756d0a35a6b917ee0bbf3fd32dd42dba0
SHA512 cb6d79c0b63bddd011c8dcbcaa596299252ee0be2cff6d3295f72ac6ac2520185918ad6ee1402621d5d9bdf58169a7f3ded24220e337031812f76dfee438fd66

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\da1eaa42-9f5f-4ae2-8002-969e2038211d

MD5 19cbb128348cf606378ea4fa97a59aa3
SHA1 13b9c9e42a44c68285d03094772844b3d4a05685
SHA256 c1f57bb2ef35a948630fe5e73d5c2f106f3e9d68d7c6d52bcee6ace598631821
SHA512 08561b4346b22655f7b8b6a67738ad22b5869e3b7dabd4680f684195d48e672d2ac2dfcf4bdc75e893337ce409742b3c33f87db6f1bbc7b7678d6fe3c8a467b6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\84316188-1d0d-42a0-a1b3-3d8fa8ff2d9f

MD5 59a630db8422d80083c603d25439f331
SHA1 fa893a68b379daa13591ddfe40fab56078d64e81
SHA256 248d1ed7c36ff6c1f2075b7a19d35ac853dbbc78c380895cfcc642ad8c10a2ff
SHA512 e0e432cc982749610216bd0109eb4d1a080dc40cd0ff22ab646e25b255f53163cb74bc744c15e91ed1b93a9ff7396422dfd217f477e52cba656e4afa71ca928c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 bb1d1d7fba6951cf60becf5c909f4996
SHA1 6b6a38d811d1d16296f066a6e99ee0b0bcaa2d88
SHA256 653c72f7b404fd49a331e476e0f7986dbdb5f9367582e523e0f4f8bde23df308
SHA512 2f897ea0ce144bd83cfcadec4c8ec46a008eb41b8f936187216e7433354a25530c58a6fc371275d23ef58786a60cfd0dfe5d8090e00956dd30a18b8a77f5f8b0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\activity-stream.discovery_stream.json.tmp

MD5 d2c6eae46281a10a5d8d3bdd0120c64c
SHA1 0be55041a2f217ce5c4909998606e5c2f337d658
SHA256 7c9eeed7075960f828a446697684c25efe27a705d55dc9c98013be28ad3cb038
SHA512 7d87e43e4122f5600757f7a72ac7d6fa42829f62f7da9077a4b171df75527487b6771b57248355cf23da5a1e68773b96b5f3f9a6bca5f10c14d64d587948fafe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs.js

MD5 3f7726d66ec9a049c084eb6b85746d96
SHA1 9fae68bf74b0f3dab36cb9c3f6ce100ffc23950d
SHA256 3c3e2b6e445839c4478fa139b8985b892a8f207c3e62fd037f149b988b33893f
SHA512 500ca0561e30e4936609ae24b183348ac94a3039e60ec0d993f724eaa86fc42d58424804639eddf5aeae052100caa823c47cd4bfa4651398948026c1e09bb41f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs.js

MD5 cc3f25cfd8568a82154b16587fc5b132
SHA1 85f36927b3c54017b00b0bc7b301ec137bbe8ae6
SHA256 03a6793c1656c9ecb6c6db42278fe2711db1c01e4540825ca9f83b5429d7c9e0
SHA512 6286006fd90c493bc1d36504dc3724107675e5ac3edb413133e56a76ab1634c183267616c21a7e1cc8e76bb709976600c0786ea14b6857c75eb6a61cda8510f6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8d7df9a6a061ddca3b181c986bcd8d79
SHA1 bf86e022d5ae00e39c7b260510bdd6ff9e1b67dd
SHA256 7718d83a0d2089af6152420e7158fa34676f02656ac70e4a8228bed734334109
SHA512 dd2afd62522e26ac3644735cac70b6ca75f280b059946e2186c953608569f3198604accfa41193165bf97c1119214e0df1b67633ba8b13f1000f1be8615b5631

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

MD5 2a4affe7f34a4728f894463f1405c698
SHA1 974bd12d72ea247948fba0c51d971c0763d5dc05
SHA256 57f536c4495510423a513fef03604d0905004e80b66ef08bf520096e2f4d7b88
SHA512 415c678a297cf1bbfe08f8ee1f4f79f09e92bf7d7dfef21240fb9d7a8880f73146072d9c08e25dd63fd77a61e618031afad149e5e2b1068ac0d7b3b7a904102e

C:\Users\Admin\Desktop\DisableRead.js

MD5 115a51b49553c1228eac134a0d08cc98
SHA1 250fb89bdbf59c30dd964b3b801b8c7ef5fd05ae
SHA256 687ea586302ceb265f7e4d6b4b2f06f435964db546d0cb24980cbfa5f580dadc
SHA512 868d6d0e7090c4fb81b7793931a9825a808bd47f893853c45205ebca53d695217cec74204c1711273e7fd7e93c4701d07a82d4b881ee45eadbe49248dc95458c

C:\Users\Admin\Desktop\OutEdit.jtx

MD5 e604551a3ab41769310e3d88751d241c
SHA1 92467efff23e74a232f7cd17438d53282f9a79ff
SHA256 98d63be90181e0f5c27d995d7fb970787f3aa6d1b6fb16aa7b6d0e7ae3c7a889
SHA512 523544ed496201ef528787677b02c2aa0ffaf547876b1ae6b99fc70342825b406295f21e12d3f517a0c048fd011ac3dbb3afaad1ca3a4c0c54b73aa117fcd1a4

C:\Users\Admin\Desktop\MeasureRepair.xls

MD5 f759455ab1983311e8e9e2cdd045f564
SHA1 56baa2d72e5257a01a51c2342fdc8ef69cdc3900
SHA256 db6aff6cb6acabd5a45f9cf507b540be1ee6d0469b4e3e2de86320c1de373516
SHA512 deaf1811acf2a3e1106da03c2f1b753b0ce31f06066fa33be80613ed6e579a21c77af8c1e2dfc9ac3b4c53e9e10424f44a62f5f84611d23c4c957b12bd296167

C:\Users\Admin\Desktop\ProtectBackup.dib

MD5 62f02f52fced5ec691220d1ce258b707
SHA1 67612de0dd4721f0056a712ccd022ab8a3cc8f0a
SHA256 f44464997460f3c0fa0b24db6ea1e4cd6c0d9818f5f391474f1fa99e193d6b18
SHA512 41ff6b94f3aaa1a46bbf5850e86192de41614c8fbfa7b6e1fd694934ca10545ca318440842b2079136307475c82133ab03423c7c6eed2720eabf1f6e5c3b639c

C:\Users\Admin\Desktop\RenameRemove.3gpp

MD5 f3673907f349140b5747e8fb0793103d
SHA1 89cb22956004cba7c48cfa3f933cbcd20b0a27a8
SHA256 137d2080b50fd45ad174e3cbaad6f7be0af63a69a05a01952c306641308fce10
SHA512 694afacd190afa184df19701be56c1719e97ab5beae580b27f784c77329ed740138a421f8c7f3260e874ad4c37c59c8281b40d1f7cd978d4481b87e23d9d8cd3

C:\Users\Admin\Desktop\SearchUnregister.mp2v

MD5 85dd1a97f56e39b9612ddb2c47a9ac30
SHA1 6068c6a30eeab4d6ea333ee3cc3f52fd36c2a7aa
SHA256 80650a9dda26c6bbc37712b8ad4872231f81361592f3242522a8131ef2491ac4
SHA512 b9c5a779d55ed9e1b5b4832a67db537a35a8f38f0c3155ca22395f425c65c879dc4a277e9baea605008eaad8e1b41998ff9181cd193ff9536fa83d5aa298daf4

C:\Users\Admin\Desktop\RequestSubmit.docx

MD5 98debf3f04b7af6fb99c2bf09af9ff73
SHA1 d34e3d128658fd6ac24e851e7d65caaada440238
SHA256 ba4d230f79582b2a3e64e1049a3694b36e0e1c9de77d9e5ecb782da5e4d7561f
SHA512 59cfe65c9009463ac2ca55aa83dc1b8ba7d0e2354d5583b5215ff11647969237f1341ae813bb7b20d340cc13ff52e041e5a643a955abe2977658e6c79bd556da

C:\Users\Admin\Desktop\ApprovePublish.xlt

MD5 e16385000dd93c1f5e7c75b4a8edeea3
SHA1 aac82dd56470e9fab116eab2670a8d0c696d23e7
SHA256 227527dd4292134aba9b445ff72f19790476e36f7ab112bbea0dd9f9bd96b80b
SHA512 c8cdf75fa0886f6720121ebc006c17ebca1beb7eed762dabfb9ce39984c05a63a7c39e71376a281f94312d9f8ce4804ddb0a2f938c50c5384500b66350c3d1ec

C:\Users\Admin\Desktop\ConvertRemove.vbe

MD5 59c0991dfbe10539ef99ee3b6fc225ef
SHA1 75f7121e632778e912a35af06df33175f6b55a7e
SHA256 16f7be2b14ea9d2ae503b7660ac46c11c9d5b6b8d804d785b6df00e3177ae159
SHA512 61cb91f911377b62914f041062e14464c28ad192bbbaed5ab8dc1920a55bbe5cef7338785f168892f2f9a00e59077428639c7aae27ee6062785d87667fb31a00

C:\Users\Admin\Desktop\CheckpointSplit.mov

MD5 df3669d9e0c8d6a697b79a8b8c173ac7
SHA1 a2714fdbcc4dbf8fa4e1630471ffee64ff475fce
SHA256 00eca1d75c97e11976a6e41e5a0c2a45839ce15d9a6dc96ecf8c873dabc58406
SHA512 a5e82e7721da653d7d4d1fcd1dd4c4ff5948f034936d86789bfe5c0cb55394ba835b186b16a63c23d298d7f0bd2e435e06fafaf9242b6acc01d4a4bd85acba06

C:\Users\Admin\Desktop\BackupStep.TTS

MD5 ccdd71ea56ced6f9ad854e227620dae3
SHA1 11ccdd6038c937b4560915097c6f919d683ea35a
SHA256 980530ea7c937049381d2334389903a338095dc81db1b6a5864a453f1fc87c98
SHA512 a5d8e19a10b1b7bbd06e1323640f4dda085ffe9257f18b73331fde966e9af205b2effdeea9c20220f12eef5b980ab745b51a1cae521764ad4d4da906149ccc6c

C:\Users\Admin\Desktop\AssertInvoke.wdp

MD5 7ccb0dfc4f11541dbe86ee98f4e38bea
SHA1 5f93eee6c5138366c246cf2ede19e7d6138954b9
SHA256 81621b751309dadd11124b63ea4e5f5cf02f8342c0ab924acbb1f5ca26552f4a
SHA512 617417e6af54ee9a84c7cf2f1a0f663dcfabe6a1c549e5843e4a3659ae756db3511c0aeece279dfe413ac7674ec6a78036f8e44a92a4bb535dd31f15886d5568

C:\Users\Public\Desktop\VLC media player.lnk

MD5 689fa6f6c7947af06af51af67597e137
SHA1 f46bea57602f343703ae7c4ab8f42f4e144916e0
SHA256 73c142cfe2b34fdf1b7465e363b08056427f02a557ce082ce9cc01b054dadd93
SHA512 d3ed06dd6ae85eb59d2de420437f8b1ec7128ab107c6eaa6ca7e77bfa1604c04852131066c8ceb2d958927d3d6999cd97d00bffa239f442738717a9d8241827c

C:\Users\Public\Desktop\Google Chrome.lnk

MD5 31d1513128a0d3e21d92d532faeed7b2
SHA1 4c2de145f5799652688edfa4409307b2dce41311
SHA256 11d68271ca489b9dfa8e99a0481c01321f81f112a8aa7eccb205582adefa6784
SHA512 d9907800908d4fb4534ea44c1842ea1f5ff242b8e99685ece2dbdbc9f6cb53ae4711c540a71fa507fd92ea79c2aec585ba135866f3b8867c68b801f164a65641

C:\Users\Public\Desktop\Adobe Reader 9.lnk

MD5 b9c64d90b8c6431729bd42345553157f
SHA1 9d32b8456d2e4334140b16c8e3f5b44416de4b1c
SHA256 57fe0dae4545fe2cf5a3db1bfdf582961ded2cbdd3d4a521f3d46612d0b655fe
SHA512 75469f8c8cd6bf654f1aa7212557f2e2c5d1c032ebd0eb514dde712734d80b9f2243f92b1e2d68372a8e9ba0108dd4106ff652c9a192fe604a2d722ec869d028

C:\Users\Admin\Desktop\MountReset.docx

MD5 46690034ed50088e2bf9b28a0b57c33a
SHA1 d3171480f49ade09e037e35f1571a92a968c18f7
SHA256 6bc32cc5a49771bfb3ad23b9e08fdddae78c42df84eb0e94580b771647bb210c
SHA512 80916946572007fbd34488bc999d7e49d4e0dc147487fd0a7b89fad53711b18f6d7980ffc600ee2f711d5db1308fe93867795c394798b6dd776625a6a40a9e7f

C:\Users\Admin\Desktop\UnpublishGrant.vsd

MD5 ec2be0ebd6ed66ea9a4cc4281eca30c6
SHA1 e5823adf4cc50522447e32a7ef9d6602bcef2c0c
SHA256 917f4d758fbc60d045cd5d93b6126c7ba83ad6e6d36ac675a50950fb902a887f
SHA512 e5bf957bdfe4af33fc37110678b0dbaeb0347de7326e04c7125512334a262e924c3c37ed99160c7d59981f3f0090149fb31b6ac4b0055205c8eb830ba2ea6c6d

C:\Users\Admin\Desktop\SwitchUndo.rtf

MD5 367dce21cb1524db260369dbaadd6d60
SHA1 e1f7a8c72b8e2e1a892bf8a613ce844e3c880fef
SHA256 78213c9f5bf96daa705eb891dbd12abbf322f92bf378116460246fbd8effe983
SHA512 c6ef2498be302279b79f28540f964c4bb8fc7f02718db3d561890f82415b19df22815d57fd614777d76495815480bf56ec702cd2c3b5a6208668b54dfbbb86ca

C:\Users\Admin\Desktop\SendGrant.avi

MD5 8550979f5d83c1a2cfb909c7db2354c5
SHA1 55e5f4266aaddbbf6f4c85644ad31d49a068130f
SHA256 4b00b298d3fa9373a482967eb34f76b2a4386007eab4bae4ecf56e29913be121
SHA512 8fefcf05eef8bac75e2f59471b71eca0dafea3fdfb0fc3f4291488d2f0253b8500062ddde3932fc43e28a2427f6b26241682d4c4ad4900ec5a0357fcfb607586

C:\Users\Admin\Desktop\SelectResolve.M2V

MD5 cd0b0da2939f80c18b99e4019688d594
SHA1 98f68b3299df545bdadfa5bf4ab86f22958ce0ab
SHA256 52a2ebf5900019482ad32f8ed6666e8f8cc7d189928b87f392b634a2b7e64e25
SHA512 6c116c0321b5afcbd6aab4e006e726d90a4c0334b36d3f805aeb2aed96284450372fe8e7fe2298a47a84be992c5553d8212ae94eaa4591e889ded5fa095d5fff

C:\Users\Admin\Desktop\SearchRestart.ini

MD5 568bce2b42a20f84fb90a58ff84219d0
SHA1 197fc5c9f250824620288bd814bd79ed5dc62c1f
SHA256 f2a881cc7cdae0ad4c08661d06f40ede5c53746be79a3116a2e456e217516ad4
SHA512 cbd965758ed6cea4a5f84680eeb9ee6e64e6bd012863bf323712e3158becfab8d031b929ff1e525429ef6e04142d395da3f67a58a111d84efe3dc48a3eca924c

C:\Users\Admin\Desktop\ResetSkip.vstm

MD5 a03c99cf71ec36117aecc42bfed24f48
SHA1 0c021b164338b77a03a546a2608fd6ce5a7aed06
SHA256 ec388a8fcb1d6dec29149b7298d7d31d786ec090522ae7d2268a443e58e01e6b
SHA512 e1f2198e507e4085a3f90d9760886c9c46a0204aa66180c8e7a6639186a3a126fae06c420fc1f4bbf71c59043fb97b5d1d04ff6e3da823f79cddbca52301614d

C:\Users\Admin\Desktop\RenameHide.dib

MD5 a8490f933b538e469b700e4231629675
SHA1 529ae8048a73df9385b274bf598b392baaf80e75
SHA256 a3b565f1dd58b85bd2f8d86fe5b9914d00ec67e6dbe45a91bc4b393d0647573d
SHA512 34d4af2d637c8230bc90e2a57409427002da3a3911c126b909f5f92e439aaa70418b2b9fd1966686ebd38dd8d0bb33334d18a7b3de4e8a23f6dcf27b99b108f1

C:\Users\Admin\Desktop\RedoSave.asf

MD5 cedd3f3b9c7d050f63cc6adacd9faa03
SHA1 5033a6c44771b0dc5cfcd7bf4ba665da5dfe72da
SHA256 6f84bf40d61dc7e2cf699e22141546608cd072c8e94cad66a961512caccd3b80
SHA512 f1d6df864bb4f609f725caad22d37c7cbe3ac628cf57b077269e2ad34b3821cd4a0449a108913b5fa872376adecfb3983040167898b8729f1ec2517ef6daf00a

C:\Users\Admin\Desktop\PingInitialize.tiff

MD5 46ae11201cfcbf32f97ae678275e7f54
SHA1 d109b019ba5e282436befeafa113f2ef87a552ab
SHA256 80023c5a7be766b652039bf67e4cb345bcd9e19413c3adf27c3f24ac962a7be5
SHA512 46249b210ad0a02ff0251216e15eef84111cdf2fbd1865381ff1cf3f57daec56abac2eddd4d5b5524dde6360bcabfac3c6c49dd1e502ad8e13d3834247688725

C:\Users\Admin\Desktop\LockUnpublish.rtf

MD5 2e5a5f2a1fc45bea129dcc5c012e7e8f
SHA1 2d7d1c9142de6061f66fdf66940850945a406375
SHA256 63b2052c61f4e53a5665bfb4fd719d27477b7a011931b705feab1945071b15b6
SHA512 ade5b133b1a741a5a25e566357d4e551d65d9a4cc147adb0fa7b8d7f03b47c3f0009e673cb5551ec0d4efae6835beac09287a3a00abc85849e0681b794d79b03

C:\Users\Admin\Desktop\LimitStop.vbs

MD5 e855e5e463da14cd14d0274dae6a065b
SHA1 84c72f723e8d0f06e245790051bca8604101e42e
SHA256 99291fcce15d929de1a221693cda5fac9f6736f6d56524104efbc22410d3b4d6
SHA512 8d268ee34d57e0b9edc963a6f5b2ff0a0c734c2a1a10e065517390f8dc413716dfb7779714e1641b31e0c64cf2a94e4a453bfb11b1e16130c4283cf7b17ce429

C:\Users\Admin\Desktop\JoinApprove.TTS

MD5 295c9751b7285365b93ac3897038a2f3
SHA1 76fccb6e99069c8faf357e4b7846eaebeb9a6aa9
SHA256 f46f4fef63b0f2ac63b85c38f84d6b61dfbf6956f9de7ae39e747f7bac911197
SHA512 aa084c74ea626964d4e56f614722fd59c6b911d84f13b2d99f6d99ea74109dc3b411fc8eb2040b1af941176b286907b58002f67f190e36e0bc5fe2e14f1571c2

C:\Users\Admin\Desktop\InstallSync.3gp

MD5 d5fc94fdcb0fbb27cf52df4ef53922a7
SHA1 2b2014bf6a38812ce0851da39c8764c90536bdc0
SHA256 7f8fae4a16bbf24aedf401a71cdefc3126e94f010279cc7a714ffea980713f2e
SHA512 4a27e8f9e71a04ed4fe02ef35a26510b827da75d6f2b538670f499249a4358d2e48c7a2007d54b4ba85c0256e3b9c5dde3367d8967b458337783b9824835e766

C:\Users\Admin\Desktop\InstallHide.vsw

MD5 c23b77221bdae82277a43c3c190ad187
SHA1 13476dcc88edfeddf215ef35c6efacd836925bd6
SHA256 16aa266beb6481ede4c4511dfdfe2d9c4a99053de1effe2b7c0fc8055782da5e
SHA512 eb310c81938d5b59b2b49cc253499b8c5dc1d8065f18a3f072f38229d8f721af21cedf2f623a539f5482547f4b4aec6572f636710d26fb044d14524498f1a0ec

C:\Users\Admin\Desktop\FindApprove.MOD

MD5 376e93af605ceff095ed259256cd6997
SHA1 ce927e25546476366fa6805d9f454f20e048b831
SHA256 3048ed134a9839ed1251d29994b912a86df2be44abcf5f7c81c931fe8c1efdab
SHA512 7d14ea91826752fcd62ff088f5874dcdfbb925ee99a8eca50b42fb3bf15d104d85198b6d72db887080fc5b2e0de4971b2dc933b97930071013984800ab1ad024

C:\Users\Admin\Desktop\ExportUnblock.mpeg3

MD5 4a7dda6eebc98b0370452caa6134737c
SHA1 3e99f96bf1b87699602ed5ef59566266f4474276
SHA256 ea69749b7566076118851453f5ede740356e217b84b4ff8677488b7a114d56be
SHA512 fbb73941ab5b8fc811cd58f94f6608e3482807469f9b4f9cbc56dd98586e7aebb93be5a24bc5da0c210b7619cf91533c0f4ac5eaac075f9727b81b188d17f638

C:\Users\Admin\Desktop\ExpandSelect.tiff

MD5 28954447b3b2a7da81819bdfc5d4d277
SHA1 a59303b840883bfa6cbf7288f72e9e669700add7
SHA256 e70ed4381312cc6fdef67cee0451189f8572098c11de47779aa6bcb49907cb8f
SHA512 1f3919e37eb2377b5b2f9d32461141b73b70dc8d021fc78a685ff153c4f766dd3148a9d7de90ee18a80f71931907dccedb70e7bb0fa0bac48e3f674f77c800d4

C:\Users\Admin\AppData\Local\Temp\Cab2DB7.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2E75.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 605e6da4be6fffbe476dbd08dc0cfc80
SHA1 02aa5a9e432781b5280e3f26236a946e7936c46f
SHA256 137f395e3414dee8ddc8251f6cb460145fc304359c69a723040060d7562301f4
SHA512 1b670707e87d884bff6ae09421acd269546bb41c6a22565be9ae0f16aa97f737bd6877e3522f2a4df0836aac5c115228111343d2c388dd9bacaa77cff8580190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db8b2aebaa233faed26fc555060a9f00
SHA1 01ddbe20ea99f2db204e177afdf8462c48602569
SHA256 b0fd7b24869f77f89aeb1a1570fc4f1c67c47fd5cc4de9edb66130361aa38533
SHA512 c16c750e3d5ebc2b04dbc635de4f69f918ea9c9304b410bd4276df03911cb81c43bd077e761d30934558de3eebc7128c265a465af7d03e84b55d2839dafce88e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f11437417c77931daf83547a305524a5
SHA1 a0af4a62f95acc6695b1af70d3ca10dfb6319742
SHA256 da4eabe3ec3cae4dfea9ea6727301321be99ad2ad55657135bfe1c8329392436
SHA512 696311e86686a6b4ab03eb991cfcd2553e39040ad7e8bc9d6cb56cb099576f71b06327038f80fb282bb08b145d45180f9888e616606fcff5fd5a1642c7b9c63a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30cba3226d6b11222cbf3887e227cc11
SHA1 b697e1ff2ffdeca1368aa94d073cba54d6e2be24
SHA256 f7cc8a38affc3895546a472f529df55e5160c3ac98820febf0b276feed2d3c50
SHA512 16ad5f8e199c04f9b57f13368eb7c421f6c6610e6eab1dd20310b8ad4ac22de920387864e7c5e438cf7a8d6138de472b4ae015bfc1ad29103acec10702fc4cf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4372920dae55d1a9779c1679b5bba271
SHA1 d3532d27d60d090f460513ebf380b01f662bf83a
SHA256 e122451888ddfaea7e028fe8301dbc9e0c78dd3ee37234cd87e7d657d9c9fa63
SHA512 0dff1e53d4d2dc746419debb489948ceb42146eb1757e68f86720b801b78047db292a486a8288a81b010d33a825fc3d8beb989164a528ab2d6f592c0435754f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 379da68e50053e54f9a11e2d700dd2d0
SHA1 7328a0323de8caa5c1bf7c584df5a2c437855f81
SHA256 32f14448d7c1691a5552923e6d05030b32575cc53db92a7607b14f61bca57615
SHA512 dcb88d51d0f0405803cba98e00d02f209c6a92fbe2874a8d9d0f7007608380d0ba92bb2392e047f6f6f673b79075c1d886b92895fa55685a157a839f4f48b2ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6bc90611c853135a41b027ba665ab85d
SHA1 8047eb2b84cfc6f0f85fa527672bae1f56ca6592
SHA256 0a5f73d673cf9d82872571075a40088831d8cd88dc0ceff3e6cf21716acac2eb
SHA512 181abdfaa4e8e444de7095ea3bc2ef4e959a3cfd1d2f59df2c6f6df679c9c2711d6021d6427935685cc7de428cca5d34bd61f72a24fe84e7e7707f3f1aeec317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2006af412da9058cc09bee1d85dd0df1
SHA1 0539043f3bd9e4cbb46f981cd093043cd0da7d75
SHA256 81ba5f031024f65ba689c1ad46426bf67d2e6239a1ec3c7141304960f6b8cc1f
SHA512 f592f52aec62539b149881e340a2d2dbb5ae81ec636f451ef8a1138458d67e090daa7b5817083dfb82d707b86a25becfec58436064de082b66ea477f3f1a6643

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7333bbfcbb6b1bf2ae59fb8a2d310819
SHA1 4d09e2db083aa56a7a36927f3dbc429f8792b2b1
SHA256 2c8521cbf39f52824f0fb4bf83e6dd0550d6097834d30b3e8410cc78b21272c2
SHA512 6bd34d11082a1aff57c5e8ab2645d1f6ca72d9727f731614da24b9df1d8dbd6d625aa9e9b707082275b2e518773968fc6558282d813543cb2276668052ae159b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\doomed\13705

MD5 04e820e9a8d8c50eac7c61f0f8825b46
SHA1 9d1b8d281257851c6fe072e65b4b964bedd240f6
SHA256 f18f7d62f4f67362495095af3661f53c54d1d89426b1b2b482eac71716ada4af
SHA512 3340e35a8e0f33bf18e7fd5d3df60acf1e8c4cb55990d6807aadefd6be987eadedc0dbe5c9e992086406cca481794f131acaf77c0d5ab8638d86d98f3ae97051

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 714f522b9a4ebe274c8c888b48c3d67f
SHA1 c063d05c53e1a3f7f680f51f275bde24ed11d1c3
SHA256 d1a25250bb8282c7a0b0de16beef58f61c45158a1be1c2d5635088a4f5b9994f
SHA512 67c0e359b2a591dd04d5d6dd0ae942ea0ca9016173678076c776445cdbdd550ac66190d383e44b7ec579be177669128882467a9b3d4670abc33417210b4b6b85

\??\PIPE\samr

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\579A732083CBF00043C4E457834015FF9E177B8D

MD5 599e935668d26c33372dd56049ab71b2
SHA1 63b71319380c0fab4b547f2b8d7f078456ce4207
SHA256 bcbf912d693650634c6cb0e59bc925767c5f75bb8c1ea96e7e2a9b902adddd5e
SHA512 56b06fa5bd5d71decb7745147c2a1e203949450b07034180111ab945ac1423461f2a5b16681ef0943bd1626f26dd146168ceb19703b17d636192365e75ccbaac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\DD2BCB6AF648949C84F016445C2DA9B9EB0DEDD8

MD5 826083126b3f2672656bf369bc760552
SHA1 7944e748f0628c0b30b403af9d0480ac9d9f99a6
SHA256 381b2c10f5111e32991a99fcd103de8f0a8abc07b26ef939810c98cc215cc544
SHA512 565bca64afbbe48457934d49da3fd8edb9de5e5988a932855fb1c87c94baa5b52503c5328e7b01e638f0ca7aa5fa66ec826b1b2e0ef1af1910ee668752fcb0fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8fdcd80604501ae1e036ae7e08dee16
SHA1 e4a506608a6340bb860181ab281f31366c329173
SHA256 64b25283594083aa6b9a8ec336bd14530c41d1f80752b5e13aaae6201945d624
SHA512 5be5be39d000da8b59d2186ab1df8ec27c8925a0a0c4fd6312c4afcdf6bef2d3a97d346339368833238924cd4eb66284b5901eba2307964a5b5bafce464401b9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\FBC146AB8DCBD6505B59F9D2C02C2E871AE99F13

MD5 bed1292b558c72399e86b8aa447439b9
SHA1 34ffd0737f82ee027745bdbd1d80d38f60b0a032
SHA256 c03a758ab8283b7d9bb9419c768d94dc5ae4f336f3849d76ba8657bfcc2cd835
SHA512 b3ae94102b87e1bda0e08f4bd3fdaf4268c2fca35cc8bfee0eb5f5ea9927735d16279811d8b096c2a3d8b6beb59b5822705f96309b4f1c879a9573a83920d742

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\BCE71DBB793AE30DA661022604E710C2005E4FDA

MD5 57c9490acf1d9ce07261bdf0ee527a65
SHA1 5f18a988cfa1f13e3ab7b90f90a40a459620d5a7
SHA256 ad43da294a752c23add1263f322200a31809f0d7fba675e70a215361cca4e02c
SHA512 1c5bfcd2e5b814db2369b4ed36735624beba149d3ada250c035efc73378e8b57e8e85c8b1a09ce712989f7979418d2a3b0356921bdcbc891e8e1bff08e4a4396

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a07b1f22a35147fd038833d687a2ff76
SHA1 896da621e16ae773c7099ba3079cbca994026a94
SHA256 d5860c9e02b931c6665485e3708f4de7ced0f9e0649f6281a8df354a8869369e
SHA512 9490d723f4d9e4c9e41a712ea73efe119148742385a212df1ec70fbd448dbbfb62a56cf4cf7fb51bb2123884663a3c9f1f4496e64dcc484a4927fb0971a49ea4

C:\Users\Admin\Downloads\Bon.X1-WHdf0.zip.part

MD5 3e163a4f94d9b3d73c1da6d9582c6a17
SHA1 37274ec4c201ca60453b74139cf7aa2dbad51071
SHA256 757dbd855a3a6c8ca108bd9eb006ac6bc36a7d4f054ca7d86bc915535eb259dd
SHA512 64bf3daa530d9b4ae8e2ada2db42e31e6f4b5f0e4413eccd3a5e3b8a3729f2ee8f5c1467c9edc7cc40e1afb53768154d0e0245329176ee2f271ca1060b6fa4da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ad9a8b0bdcd1d69a6c13b97543ae9fb
SHA1 ec66872a924ccfd1be391d44959bb9f03c563533
SHA256 670628ee442a532421bb86c1a46b42485fed2cf1e5d1e7123a78470a5ae994fb
SHA512 90b51852cd87005eab1d01c8ba8b83bf668334d0feca65fda65fc080f90fe797f9ec1331b098650eeb139131fa89db90ea42d88bc093214b412c249237a804bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71f2c408d77eac7a535b456619c8bd9e
SHA1 48bc7c8d09d40c19f6157a71fcd61f0c18ecea67
SHA256 bc31f31846a1a9e17a7dfd4e66ffc1aeb6a2453d3691963479f1bbaf5e486a36
SHA512 8b3f9888b77df1aaf146733fe485c7b27f16b05b4bdc5f07c708e39124486dd7a54384dbcf41c36e93b9b159964ccea3702b16031803d52303a434add66f3eb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e516bcabf08f49e7728d66847f63a4c
SHA1 82b161d5237e687ced60ca1f119a1f0451aa2f80
SHA256 0162802d6f5b35de79e9445ea5e065f441ceaa1c2fcf72a0943f91197ba622b3
SHA512 9e647a053470d8942826545854d03e9805c9e0955cc7638ce0febb17009df32ee60a389c6b768723903050d61f611f1b7b220363f035954ac0963afa48206308

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c724d9169dc2fdb1571d1355fccf5b1d
SHA1 6a28313e9268ff2b1fce35f7306fc4ad725cf89a
SHA256 742ea486ccebd2fea535831afbd4a43e4cbf163164cd5e5766ac2489f6788a24
SHA512 0a232fa7f0132af760be3595d5d4ed151f70c5a8a06209b3b2230773a07b7b2d785648b5b4e6eb80c141c63e35f4a5316a89510c2a00676cbe808780dbedcb4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7771b08e59c4067c08a873b17b9c284
SHA1 faacae2bc22fcd8444539d0ce95d9971372531b8
SHA256 baf2bd309df4c4f79bb6bca3e557e37f985d758f96c275d34f526ea01ca3f243
SHA512 5fd68ec6824db331d62a5f63dfde9c8dbbdb5a6619b84cc709c479006e3058a8adc4e43eec0cf5c30d9581d9cd5c21f5818c322a8545f3a17e578f7379a97976

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 518ec3d48c0b24f6984d6f0a60d92731
SHA1 1688d1295dfcf792b72673d9ad2c322a68637af4
SHA256 50c605efc963b2a36d33e10f1bf03931a3624b29c8fdab51234e2eccc0331c94
SHA512 7f556df6dbffbad293e13b380f81c3aea17c537fef3baaacf66a3133dac21d368c3402bc4ab757ca7bb9d9d7b25e96f2644546c8929f0a885534a0c09d1ebd13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ee2f853ea5febc9655f7f9ca9869bbb
SHA1 29e8f8800cb064302046ab6830fa3306ffb2591b
SHA256 c39eb84e508f9b2ecb0d4102b33cdc53b5dc1f0ebd95aea1076589202f076762
SHA512 1417d451ae3adb89ecac845fd05b914d1859ee98c567a6b9f0aaf21312ec307d4281a1731766a20552a4f77f212c2aaf6f111409149858a260c33f8edbc408e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6ce2d68b37e21b9bc9e2a984af418439
SHA1 a97cc2e3e95d3d35d6781cf70cbcc4219443423c
SHA256 51684767b359f4171d220ae2d359af5586142e406f019b2af53d0ac4357242e0
SHA512 b906bb5e495c8bd59656b704a1942907ede30a5ded87d19a8df3315c37b8e3b0a10ce495f9a54d69ffe8768ca11a0b597b36b0a2aeb5f5840c7cec0d24c763c9

C:\Users\Admin\AppData\Local\Temp\~DF623637CE2773C446.TMP

MD5 6e1c990b9d22921039b717b62469787f
SHA1 84cac4406c2776072fecab3425ff32e6dac29cc7
SHA256 e4bda1406d9dd08b04512f485a0c455485ffd8375cb5176972cb44d0b9f71ffa
SHA512 5828a31e04824249dc8b02a7b4729aee7bcf1daf71ebd852644e84f8113cb33f07ec2557a5bb21ecabe870ecae6e1e5136c438b8aa2550d8174d161bf665a1d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9f4f369da610e5439c84c8da8613c6ff
SHA1 f7af1cccad1a3b2fe6e35c10d2fbe7c78d0e912d
SHA256 0ed9a2e6a8f2073c9c1bd31c32df1abcb8cc5b96f473804139ef94e31aaf8dac
SHA512 6a9d0d04317d3a2bfb982a9a901edbe6b08e4c8e58be9ab08aa43a13392a849cd800c3bdcc6092193692d6227723e472b78b5bd2f81c3ea947618b342f3c549d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ee83a782ace4a69a8486ab9e72d26090
SHA1 3645a82ab5305d46c55c44744a0cda7ed4332117
SHA256 4da3f2c3ef8fc344ce0d55cd9cd48fe9213a370509bcc38719304d58f1bb5066
SHA512 4a3e6ee874a7a50e2a8b662a967dd2f81dcc82ebe73ca55dcb334bf634f2b9d07b05b48676cd3f22fe56965501664e85a333e385e03e323aadac8e77bd9a84e8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4cd1eab383d31e1effff5c0997f2b296
SHA1 3487cfb33e56a14918e08ee726b14cade6db857d
SHA256 f54689285e8a5e241670e70fd505a3d194987c32635d29759af5df9101738ae6
SHA512 52341b5476cba612aa39edac3cae54dc5fd706ec34b82e0bc579c0c4bda9f865b6b848fa05b212ae0f24c3279d067de36fb5db5ff5950f8905d0a2e6fd7d0883

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d1eff298383c3b815bbcaa90d29bc6db
SHA1 1964ecacee017d0086d7f7d8be871b9d09c2a16a
SHA256 fb8b174ec11361a4238aff98828e45f06241dd8e4a1e690ee256af5b107fe473
SHA512 feeb26c1c11276396cc7f2d0af9ec9cdb8a80db1f7a32d9a3840b651e13da7251185956a2a57f1a1e46305821398b3c6900f70448d4002393cf6b456ae043941

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b22ec47d660c85960c542a9f5f08498a
SHA1 1b33618317dc58fee2403692824b37743715781e
SHA256 9f4eceb793c18aa17c15fd9c5ae1623aabde2cc43bbe6ed445af9a30f3de5a4e
SHA512 f8b43d1c0f3c24750f48cdc209234ad61f50a6a55712a1a2df8659dcb48726f7e7aad8227fb31a817ec92ed7b322894ccbc87b351155e0862e82f6bc3cc28709

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\635173200124313B1FF34FAE0FFBC6198EB7019D

MD5 03504f431f502e44811706ad9557d7a8
SHA1 b1ace476de0bb742f9898725437db583e840d448
SHA256 98327a734a9e1bb65ef645a0f738676ce23b8d12cb8150ac7dbc0ebafd887670
SHA512 d86ed99bf0bd0ddecb7779a1e42ad0f1219cd0e62eacb2e5633d652b91ed10354b4da07ff7d8b133a0569c7f02547479b6fb85b815333f29e0cde3a9355065e9

C:\Users\Admin\Downloads\wp4073802.webp

MD5 23841987bd74c46b47729c083846ccdf
SHA1 1266b1410a3117ee61985beff945446de5c31065
SHA256 04d7585614c33f39a84d90f555332c2561ae78e366075524e37cd2470791b022
SHA512 e8c6d5e7a11c3e1031ad0b68c8f3c5ff323856f0239d0ea834e1d17f8908b33b9f3353f19a6368a08bfd0f0d1e0f85553c397e9c9474a4a4fe5e4b28376d67a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5652e7e2ecf9b0c05281e1eded5ac56c
SHA1 ab1c57df6e603b598d4000a31a3ff4e606511128
SHA256 1e09cfc14679cbe337051385c7d064b894cedefe263cc3bfdcef0d51200bab6a
SHA512 7dc0fd462cfd50b29f7dfe6e2eb86dd8a70e56a913c14c340756e78394a398c1c0f6515bf756d281242a2f14918f9d19d623461226d2dc8c7101fda9887f9e2c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4

MD5 f7e71655176e894a4a10e6db21edf871
SHA1 82c89af0e358ec836ce8024c3bee4aa7df63bbdd
SHA256 18809078a25f02e4c8db0d3f1dad98e5905034ef979826ba37d45f1c80057434
SHA512 02c38fe4f8a0bf07b968c81f1582d4849a9efc627287c18d7860ab6364a40fc1c95e5e0b936eb066b7b8e3ba5d92cdf2888c8c3f45a0fda88942f02683825a13

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

MD5 2959a0ef3312150c5523b42c0a29c3c3
SHA1 83b8b16458ac274d6c8c71300a3cdc6c03b87f4b
SHA256 fea1641bdbbdb2403e96c459a9948d2a6c83a927112bd3949138f01cd75dec1e
SHA512 fffa9800fefabb9a2f811313e3c4120d0f73d7f7b9b90fffd2877256baa3b1fd0add601135547af99f39c3a85c6f1856e9cad4b777787c5c86cedb70a1101fe6

C:\Users\Admin\Downloads\Bon.zip

MD5 65259c11e1ff8d040f9ec58524a47f02
SHA1 2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd
SHA256 755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42
SHA512 37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

C:\Users\Admin\Desktop\BonziBuddy432.exe

MD5 06d87d4c89c76cb1bcb2f5a5fc4097d1
SHA1 657248f78abfa9015b77c431f2fd8797481478fd
SHA256 f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc
SHA512 12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9

C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp

MD5 8e15b605349e149d4385675afff04ebf
SHA1 f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b
SHA256 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee
SHA512 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d

C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp

MD5 596cb5d019dec2c57cda897287895614
SHA1 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa
SHA256 e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff
SHA512 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20

C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

MD5 7c8328586cdff4481b7f3d14659150ae
SHA1 b55ffa83c7d4323a08ea5fabf5e1c93666fead5c
SHA256 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc
SHA512 aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d

C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp

MD5 4f398982d0c53a7b4d12ae83d5955cce
SHA1 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc
SHA256 fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2
SHA512 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913

C:\Windows\msagent\chars\Peedy.acs

MD5 49654a47fadfd39414ddc654da7e3879
SHA1 9248c10cef8b54a1d8665dfc6067253b507b73ad
SHA256 b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5
SHA512 fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg

MD5 108fd5475c19f16c28068f67fc80f305
SHA1 4e1980ba338133a6fadd5fda4ffe6d4e8a039033
SHA256 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b
SHA512 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a

C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg

MD5 e8f52918072e96bb5f4c573dbb76d74f
SHA1 ba0a89ed469de5e36bd4576591ee94db2c7f8909
SHA256 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82
SHA512 d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f

C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp

MD5 94e0d650dcf3be9ab9ea5f8554bdcb9d
SHA1 21e38207f5dee33152e3a61e64b88d3c5066bf49
SHA256 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e
SHA512 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3

C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp

MD5 b3b7f6b0fb38fc4aa08f0559e42305a2
SHA1 a66542f84ece3b2481c43cd4c08484dc32688eaf
SHA256 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b
SHA512 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c

C:\Program Files (x86)\BonziBuddy432\Uninstall.exe

MD5 578bebe744818e3a66c506610b99d6c3
SHA1 af2bc75a6037a4581979d89431bd3f7c0f0f1b1f
SHA256 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71
SHA512 d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36

\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE

MD5 93f3ed21ad49fd54f249d0d536981a88
SHA1 ffca7f3846e538be9c6da1e871724dd935755542
SHA256 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc
SHA512 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f

\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE

MD5 73feeab1c303db39cbe35672ae049911
SHA1 c14ce70e1b3530811a8c363d246eb43fc77b656c
SHA256 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8
SHA512 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153

\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE

MD5 8a30bd00d45a659e6e393915e5aef701
SHA1 b00c31de44328dd71a70f0c8e123b56934edc755
SHA256 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a
SHA512 daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb

C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx

MD5 3d225d8435666c14addf17c14806c355
SHA1 262a951a98dd9429558ed35f423babe1a6cce094
SHA256 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877
SHA512 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1

\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX

MD5 12c2755d14b2e51a4bb5cbdfc22ecb11
SHA1 33f0f5962dbe0e518fe101fa985158d760f01df1
SHA256 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf
SHA512 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf

\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe

MD5 c3b0a56e48bad8763e93653902fc7ccb
SHA1 d7048dcf310a293eae23932d4e865c44f6817a45
SHA256 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb
SHA512 ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a

C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx

MD5 66551c972574f86087032467aa6febb4
SHA1 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9
SHA256 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b
SHA512 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089

C:\Program Files (x86)\BonziBuddy432\MSINET.OCX

MD5 7bec181a21753498b6bd001c42a42722
SHA1 3249f233657dc66632c0539c47895bfcee5770cc
SHA256 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31
SHA512 d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc

\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX

MD5 9484c04258830aa3c2f2a70eb041414c
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5
SHA512 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

C:\Program Files (x86)\BonziBuddy432\Regicon.ocx

MD5 32ff40a65ab92beb59102b5eaa083907
SHA1 af2824feb55fb10ec14ebd604809a0d424d49442
SHA256 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42
SHA512 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43

\Program Files (x86)\BonziBuddy432\ssa3d30.ocx

MD5 48c35ed0a09855b29d43f11485f8423b
SHA1 46716282cc5e0f66cb96057e165fa4d8d60fbae2
SHA256 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008
SHA512 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99

\Program Files (x86)\BonziBuddy432\SSCALA32.OCX

MD5 ce9216b52ded7e6fc63a50584b55a9b3
SHA1 27bb8882b228725e2a3793b4b4da3e154d6bb2ea
SHA256 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13
SHA512 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7

C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX

MD5 97ffaf46f04982c4bdb8464397ba2a23
SHA1 f32e89d9651fd6e3af4844fd7616a7f263dc5510
SHA256 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1
SHA512 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002

\Program Files (x86)\BonziBuddy432\sstabs2.ocx

MD5 7303efb737685169328287a7e9449ab7
SHA1 47bfe724a9f71d40b5e56811ec2c688c944f3ce7
SHA256 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be
SHA512 e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03

C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat

MD5 4877f2ce2833f1356ae3b534fce1b5e3
SHA1 7365c9ef5997324b73b1ff0ea67375a328a9646a
SHA256 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff
SHA512 dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e

C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

memory/3284-3520-0x0000000000400000-0x0000000000424000-memory.dmp

memory/3284-3521-0x0000000000400000-0x0000000000424000-memory.dmp

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 a8ed45f8bfdc5303b7b52ae2cce03a14
SHA1 fb9bee69ef99797ac15ba4d8a57988754f2c0c6b
SHA256 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b
SHA512 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c

C:\Program Files (x86)\BonziBuddy432\Reg.nbd

MD5 4fc1deb8f4846d001bfdaad8f9f457dd
SHA1 0bcd73e26380e9fd2e0bd6d798abdf871094c9c7
SHA256 9bb25c5466cfb526a83ec1ffa0730d2cfe050838cd7a6c8df30f07b316dfeb82
SHA512 8102774f87c48d8156c61d938bf44a7b93640e9af1f798f6654a5b77e65a05cc4f0b3165abf45fc490ea76528692c8af2a14cbee0f8bb51d7bd1e4bb3db4f3ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin

MD5 dec4bc50ec9bfa344fce89a390a0d027
SHA1 0999931e265445fd3884a01fda8b3afb518d1ad9
SHA256 75b661d917c469f9b5ece2f1086185cd7af2892fff62a0de13e5df462c235e17
SHA512 e7a0be43015e3eda21077fecb442627256fcc07b638298dc2c2a6af8f67f023713b64f1c8cd196e786e736b468a560232f94aabbced912c30807e616a8b829ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\db9f4241-ed18-4a1f-8801-e6bcf1105023

MD5 9c72d7aa34ed6cd449c089804d42440e
SHA1 3d55443361e11e32841cc95caa088966c59299fc
SHA256 f83313a9407b8fa6602f2b71b64a21f3781f4e93efb27461c2a4e3ff6a0c6984
SHA512 e68c2265136eeeac6c6dbb75dcb984bee45cfadbbb193dfc0bbf22950b580d1dc4c74cf29930bddc6bd8da70ef311f5e2d0323c18ece86f7376b122e4ba78a37

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\6e337061-1cad-4bb8-8b4e-31c136116a27

MD5 6e1ade82711bfc90c9084798096a80ad
SHA1 af145d8298d28283d5f3960e886bb03cfea85d00
SHA256 1f7cbc637eff2e813eab3d2050c713dd6ff2f7fc33f4192bc4c2ec7e568fdf24
SHA512 3555ab2397db321fb1471d476667d8c782b96e1ecb012222f26a0c4348570e73f4dc27f4731aa34e17f3ed814823e9017e546e15374ae932039ba9d534404cf6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 efb44737ff0645817ba8474baf47d79c
SHA1 c0b9f971161e412ed273adb3585b7cb4a766be8a
SHA256 b4f8743107407722563e5f46ef34eef00ab66a216c9a5d8d097f3bd283abab51
SHA512 2f32b74fa9dc56ba0e2aab967e7cb95a9e2dad819c5598729ef40d4aa95877602511c373da537eb2bbd5f9cbbef87925bc1bf11ad4185c70187f2bb2409e4336

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c22830454434b3c1081d60db75f7f4e8
SHA1 eeb4e1c83f968e879308ef35bae8d1adbd284b9c
SHA256 cd166e88ca7d3e03f80cbcfdaa45d77209b96858481e679540bfafa979342153
SHA512 099b788e97a87c9f8f834061a3a29afd6f3be0dd2419a260c14baac36fccd60e686bbe7e2b158e2fdac0c7a8737db51e93b7e28fafad49fd3433a1541483b06f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

MD5 c08e886d91ea78afddb13d217d2f5e9f
SHA1 992ef7cfd310f970407caccd0b0a149e60cd2384
SHA256 ff8faa5dd2173f778e7bc51b606ebd0322e933cc6a98e9077431673d45f968ee
SHA512 0fc492b9f70ce3d92ec0442152b45cc83ae8e223c8801cf8d15d67f52cf66e754db308b43797bb861dfd1a588c5e0753f617b1f74cac47ef7d071f60773e2937

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\3804D14882C6E522E96092EB023F05E390BBD516

MD5 3bdd48a6339cb5859336b795dd560bf2
SHA1 073d8dd9ab4e7cfff367e3f0fd6912c9bd2a61ac
SHA256 f7a439f2a9879c5613c7486c1af4566c8f05b1dd06f0cf2e12b51a711d9771b3
SHA512 fbf6cbe236b4cc0c58b049beb7b8dfc5ea24f3cabd5068de478397b7898eac87116429c7a50c9e0b6e30c9ba8fff0e0dd067c7820ecae28e88f90ee9e2ce6a15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\storage\default\https+++uploadhaven.com\cache\morgue\121\{2e1170f2-e641-46cf-b78e-f95b767dee79}.final

MD5 7cb947b2600a10b9c25acefe29b67965
SHA1 2f622219a1df7bf60a26a58a34085202c375afc9
SHA256 71f8698b23db46414f2edeaa950c94cbfe3dbe3eb6b758819d53fd31a7918270
SHA512 3b4c643052fe2a76ada40c1294895b01da3848ccbc6aba33d53d204be08ba2a570c99d809a885c770ad83a1826cbdcb91c3e3a5980a4dd6407956f501cf66c73

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0e3489ce358564247c5081523bc93687
SHA1 01d69ef5d26482742af86804b4ddb798def938cd
SHA256 0de50add5c7d91fc2cb97b98aaad9c5e80db467e3cc746dd7af3db0a7e38efdf
SHA512 f1865cebf47b261633ce606784199193d019611438857eac74c6a7a3965edfd93f918bdc019463d5636d210ff793fb28934f3cb1e0a156d33951024d9f2e39e7

memory/3560-3846-0x0000000004570000-0x0000000004572000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\crashes\store.json.mozlz4.tmp

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ec4256ac61f97c9ffa08b761fe243dc1
SHA1 980c5f09689efc0d26e279932ed9628308093aa9
SHA256 bfa2f2dfcf6071ad359a6367696a1a4b8565f2c5c20423253d66e3013fc6670d
SHA512 1ada134371c6e6718cb47155afa2ead50db40597dc4a147e56e5a2e39d471a35cb0437b24bfc6145aa68ff6884de162de6c7693382cab7e8726aa8bcf2d952f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 aa72bc847e2ce938e11a7e36343890c4
SHA1 36ac3235f6c739f50b06309c76be2d1013bb7fb6
SHA256 349753dc473ff99724881bdf1fc05a6b3ebfc5180e5e53bf81fdca7f6a33a237
SHA512 5e8a5d8dd60efa89dac11e5d365a9c88ea149acf701f319854a326670354e7510a439a104858acdaf557600da803a1c523258a040fc7ddb545da1914d354d2bb

C:\Users\Admin\AppData\Local\Temp\tmp-b2k.xpi

MD5 d9eee6c4d38cb93615fc11314b1c777d
SHA1 e3ed9b7fe3b50c62aa97d819f88a21f4d01a1d59
SHA256 429a589d391b2eb25ec526f2b7276a4d89bb84aadabe57dd3300ce09dca5482a
SHA512 bb63db726f2e73fa5da4ffebea0c4696ee4fcaf8a378efb8bac39966cd72ddd3be665e2c96e90a19a32addb8fa6fcf13debf2b1a93f22e211986662d34e8e22f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 db0bed95fd8177c2ff5124e7190e6e7e
SHA1 db3b11b4e24b86448da7e1f9968c3d6377a2e9bc
SHA256 a47aec5b453fefab294162aaf3ff6b05320ae1c06c440f706f23c54c148265bd
SHA512 e42441c0e77c1ccc6e079bc1743eb3230b24c94d4ee825fc679aef5668f01593071104715af06400d63bb42053bf4eeebf922f6924a7c139092f87507e10e585

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 150f6843b81da34fee233113c972a8c6
SHA1 8f1f83e7ab4293aade80ea6f730d454116bb30fd
SHA256 e279cf681308a49bb89a4ca695cc3a7477bd557e0452fa4b7afaa00a41bf4e41
SHA512 c850317317f3f5597b1beee4407926b71c9fd08ad98838f274ee13a7e62e5ff9d2634810367bb72bc74362d8d6de8ec8ef86548c526227f226875da8bc049772

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82a942ca24581e12ff97b43f9b712e25
SHA1 f4044c0a646fd9ef1e87ba8b60552835c2556770
SHA256 d7ca0f05e6dd95e52f9409b91d6203bdc834ec77919e15f9f9dd341a7ab411bc
SHA512 26a4e3e44d7ef17a045fc675fad68e57f9f949f1908f30df4c59b53a9f443bbb3c399fffee41ed90c953eb1694deec24b5f674584879afe61bf2a2471acfff10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb8f3acd0994b96ecac8c6ab078b331a
SHA1 3dc2c3555706eac2f58b7776dc7ddb9885e79ab0
SHA256 af19bf72c2ed7a3615e2b5c8d3634bce9bcd45f3a88fac5bd87a28cb51d97fa1
SHA512 99c2ca732f1f9ccb242bf33f9fc01ed35369c77b4a5676cc575d8e0e6d7f1f68346e789b8db5809e4954fca9fc2174402c9b810ac0015bfb5546f148dbe07f97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97c876fd607b944447655e6c197293b2
SHA1 d158b7becf7e22fd803eda437a395e5f4d4f9a75
SHA256 a231153b546012e36a516e247c409609183b81ae9faf156a75093ab2f88b056c
SHA512 16e7680ebf278c382ba48ebcaf104363bd50d77960950855f52a1600cd1ebf052188ef55f173a995089f0f1baf5f13663c1b0eeecd1b25c26be8ac22adc8f934

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21d0c9b5834cfda2f968baeb2f286706
SHA1 deca7a16a3cfb787e4a2403b6ed7c871ee92aeaa
SHA256 64d59be758848e54bb2d9be2f41d90cd00657ef3875d2a3c96605a020c6eda10
SHA512 9363057497029bfdb3b142ab75806284f2e610835bc3abdbaf317875e17350150f7d3ce7ca7008946880ef2781263cc00e55ff6cb0daa1106ebcdbc25082e509

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\779FFE4C3579D1E62C970F535C0DA0314A369D0A

MD5 34f0aaa213fad095caccdbf0fc5565e7
SHA1 9af6ad5fe5f913b79f30681e00fe5719731153c1
SHA256 23fc43f4e8c3757895125f491fff4068574209d7535aa88de8b8e0c872e002c3
SHA512 a71ee0361d8a73af9ce4b980df081b52aefef4e83c50de1f9a6017f36a916bbec49b0356d5848b474014a14ecf63e5a0542c6a83d88f7d80e4fd3d4b43761f20

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\568BE820794A6DCFB0DF6FE5FC8802CF3774C4F6

MD5 742cfc2ea6ec1435736285f1feaec632
SHA1 efb3f599f367acf15b0124b9575047c86dc49512
SHA256 d0c426baf278cc8ee294cd593a555312612b10d6a0fbf6e69a09c64f0a1981c4
SHA512 31a2e147bad570549b16075f82ee11a2d8db5f90d4ab982b2215f3db742be30c9ab9e6a4cb37580a9be3e8cc8de9e46f901c4eacb416967e7b6912d1eaf0eeff

C:\Users\Admin\Downloads\KinitoPET.1ZYwJAyF.v1.1.0.zip.part

MD5 000f4890c77397f9c6a7dd14e7b3df21
SHA1 a350f84031ab53a8fa82a08399de8acd991f5b59
SHA256 a4403e61cd1dcf5c90972bb53279eee9bd7fa433a08fe4fd58b0e99557606d17
SHA512 7333e8dcf8ce1d7ea361db179a3c1bd70793c715e455b855a4f4cdf6d56eaadfaf56c3110371a34afbdbbaa30e24c6f43b7f3bee4d3e0eba866b574111c7dc2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 18064a4246ef4be4b94f30a21c213fce
SHA1 2add55e367fd3cee8059889dbd3de70e88830bd5
SHA256 0a443f34a944a973251170dbc8b646c904ed9c2c0d3f1a337b15abd775a95577
SHA512 d5b5fe285a6a263fdf991c675ea91ffbf1f284519fa61dc77444a33b85a59085f6700be2489dc1c19a784065d77606f0579e5728bfd16ca5e1eea6346f24446b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin

MD5 580ad328e7b131fd465481d754580236
SHA1 1fe2fafafead342150efd986c8ab66ee65d9fc0d
SHA256 40d53196ee99c0e463c35d1363366150194dcaf272cdec503d1a471d914633ec
SHA512 90bab671d37978d43ea8aa403275b55418a80e17a592529465f114bf95f50a38c684d7f7d803add895114c30b6ca004df18c7f59f64c194f415fb131f59d5047

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\9cbf3d46-aae1-402f-9ffa-4ced59d58d4f

MD5 5bee0a57d9c2e96d132f7c262470c526
SHA1 e19677c000ea616ca97964ca5fc3a1c2e9946e62
SHA256 3019cd62d8f43345dde170ae8f2a3ddef518631919c132563a878db445b04189
SHA512 61d3cb12cc81868ec47e865d295083e44e75dce4459bcfbb8559f720c17b8620ba7814e7c649f4a662518eebeb0535ddcb49d68785bf26f9ced596c47ccffab1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\59743308-a5a9-4086-95dc-7c853708a016

MD5 ad708d2117283d18ee67690dfe8847d5
SHA1 58d237321d00867aed6d51b54f29ebe6b87ec196
SHA256 d1fb998cdc95caa7f0c30bb208c0be0efb43e465b6ff3f5a3a8b5a516b8348e6
SHA512 7d17087c244054290fe8876668706ae585ca0a7310d43eff5034391f5c99da4c2fa5b5176c6207a1066115ca33271366c6e12033846c0c3f5f4d777f80036a5f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e4f1b56d19959d0a2c3a5a8f85d7700e
SHA1 a9528d75898ea6fa6b7b62101ecdc5ece38165c4
SHA256 74df8c77c07f4eafa9db43c6575b3b6b85bff2a1cf77ba26c0759a7d9d11c2cd
SHA512 923477ed19b83b786dab29819e473ae7531e422a455aa31ad5fd65d394cd6d0280a27241df2c20ddfa58b262e6a50799ecfa69e864ed1960712bb6e8098c8540

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 42433f30c27140fe636fa409ca179d9b
SHA1 de988a2fc3e6af34d444008eba732a3154d145dc
SHA256 f532c9ef476726482bc36cb2f7da24e984c57171377f7ffcc5ee1fb904760362
SHA512 4f0ba6ebcc98b85d41b231d958e7c0ae4cabb439bdbb5bbb4aab2234e560e1ef3d0802245951e4acb06b89cd6cb745e9b140d794177466cc535455d4896ea434

C:\Users\Admin\Downloads\SteamSetup.exe

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\downloads.json.tmp

MD5 c46c9fb488faf64fc9a2bf866994960a
SHA1 f86728893b7b0262786876f6a3eb30c1e0f636d8
SHA256 a0c415d1bdf2d10a95990c446789e6e6b6453d9975d5f27a18a25de3d25d8f4a
SHA512 0191e29e372e904f33da5e7b542f45b18d36db14a0ab979371788f4e9af20137f101d604e41dc38ead619a24c600193022aac61b51e5d800f2ff8bc85825279f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 85d6cad6b8bd41560757f8f47b2105e8
SHA1 c1436d5dd3d81ade65af7a4347630fe6f6af756d
SHA256 98c965b6d8a8b6ef33c0b2076b8e08e1d914a4518b32af550e20372986f8296c
SHA512 ae9359e754574605de3d5e676a426bc537471a8dddb315b7f13690cf2ef5c49e167d6192465afcc3b59e927605eec5b03f37a05fea84c9fdb9fe2c7598db6809

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 754b42b6c2bfce20ea39aa89e77f75fc
SHA1 7059e02d806c23d428d8fc4e57d336eb2e994700
SHA256 fb1ba8e4fb9e8fb420a5eeaad72ff29c50457ddd60c32a214a5d6285f41e6740
SHA512 080965484db599ed91ae329140a653044f2ce4f5555b3d0a5e0fa086a030faf9c8d89070654da8f63da5559f030ba8b3eb4d1294e417d01637f4b6c792f61dd6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d3c413f2cd32677286294c8d26101b29
SHA1 e1ccd8cdb9abf246988ca68df837c93ce089bce3
SHA256 cadf095f7e3bd70c864f95bfb88e996b5f1de135436a72bd52513dd7c5ed672e
SHA512 8f7278fd6adb9b3b19deaa8f1c684015425834919a43c5eb317a33f8b5460450ac27b29aa5a668d6123dd1e2eef0fb1ff94722ad68b5019cd900165129662398

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9f88d1dd315248dbe2b98c59fc4a3697
SHA1 538dd5342fc024e6b47f7fedb8ff0e0065bb0037
SHA256 37a42db6ad9a0fff46bf89d2996415f223cb5027ffbc3c1c067b15d59f29e008
SHA512 4200461fce79be6e089d254ba8c6d70f1ee1405b8ba80de4e9bae84e5a59ff2df3c3a938f5265efc18fb50d8cf6c6242d6b83446d1286c5e109a6aa43749f241

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 84db8682446b2e49fc011b2cc15aef37
SHA1 ec9ac6b8353b8be0f8cc0c24755f82fffbc969e7
SHA256 0ae95c86379390ee8fe9ca8516036dbba6fb8dce89fa098b0638a9f63d60ee18
SHA512 d48d995c03eb2d62967b86e0e3cb5ab12a9096327f32bb691fcde1e281527c232179be928a9cd3a42e00e8ffe3f44dee67db1cc80145809cf943a3db33c24b43

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 995fe542fdacbdd433f7820467b7486e
SHA1 8887386845e8a1888665ec712428dae7cd7c4c2d
SHA256 8bb45c70daf90c8023e2eafa196cd6a4fbaf25f31c9a9f75557681ab644655d1
SHA512 22de3ef8c97bf8930834165aef8e193adf8573aa2f31aa6be1e24df16e977ed7e31983a756792237b68dd01a6a1134e23953093dcc2710aa3c1d1527655e824f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 606f1e79a803ef427c6ad4e0b6ed6b11
SHA1 d8b2d905c7a4cfd1ce6c56f014360c094e8f36fd
SHA256 72cb1a5143fe69da5ef56e8ddc79c34ac4b9fa96adcef5d182d1c27a5380dab5
SHA512 e3eea167eaefd269eebe1237b18213bbbf3a2b16d4221a0aa8ef3c361641da0b7eae3fb5eccc8a0743e23136056bb13950d0333140c6f91d09a3587aa3a30281

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 01e83f91c2a7042499ff63f61dbcc2c6
SHA1 a80eee7b21845b77a1b35aada3a1be6b9108c2aa
SHA256 abd2b2f1d63cb4ad867d455cbf5a9de3524d4296d58a8d8af508944166e06134
SHA512 ba64c370271433d2e6171e2b95e6b249518ef2b5543c6c51a4a07855cd0321340fb6d9d8576b22cc1bb6fd3e75befb44bfe8d94cd1fafeaa9597129061324f8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\extensions.json.tmp

MD5 d000adad77672b9cb98fae2083cf2cd7
SHA1 6e14b79216a5657a3acda83b778a5d2f1753b441
SHA256 c84dc9994f0f894f1d636fe3a69b88cb4ff93ed24675e765ef5a409afa162abd
SHA512 768989a5a2fe4fa79aa9aa51c5bd1e4c6f7c79c45a9cdac4535da58930da7c8526b9a32ab954e12777c50379db9333a2bf081cd561fa059a77890005848c4e76

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

MD5 2ed6b27040702704271d54b2bdce8122
SHA1 0c56341987433e7b8f211c263387a8f8abaf4b4b
SHA256 0baa487e3219570c81458faca136ad5c79861454042e25b0f9a75fb222cc620d
SHA512 d9569bea38599c4419758464269b169c5204f1df10b707c38571d01aa24376a40e97e3070a63e00aa9d9f88a9a876dfbc359974b519ab4e74914d516f85e252c

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0a444616a6f5099c4eab940e08fed082
SHA1 ab12aeed49ebb87fa60f54192746bebd4711a632
SHA256 4ba762b50db4eb88035c20b17a620a0db1edeb39e6246e39bc61144a36f0ef8e
SHA512 10736f90b36ea5426fdba845adf76aec139994d6ba37e19be16fbda4916a91f5f9c17ab3914deb5725c2caa1657620180379bf4720ef8113415b089e3cbecdca

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\49f25ee5-1e77-4fce-b63a-2879b16282bc

MD5 624319e37bd6945715a87bc5b4a91f33
SHA1 8421cde659ff559e8302e84ac0b7ed18e3823a09
SHA256 ffc57c2c1ec0d5e263d1ae80ca995acf956dbada467d9dd3cfaacd5b76b56a6a
SHA512 3f8feec23cfb1a263c0ee1b86e16c9f843123becae3216f7fdff5a4bdf05a4164404e6b0f03f1298afcdaa91d51fd746b5caf8ddbc5d85901009f2f014a2e140

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\7fa05034-c05c-4912-b531-f5dc3b0cdbab

MD5 c565003f9f8f06a605b65cbe5a0b8e67
SHA1 367c98bc1067f7dd583c9d6efa3345d829d937b7
SHA256 b693252bea2eef47929346d3ad855f43fbd5d7a76341576f36bf4d8e3b776007
SHA512 2288ad637c1b33401a84140c5c6086b1bded0ee1b1408903a5c910eb289b4702339613ab93f1faaf207f07daa9cf3d4a9716847598a03634b1e2123a17effc21

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\ECDCAC02BA516C8E7D07B971A01197260F341D74

MD5 9063c7f801de746375b623048f2b2722
SHA1 c7932b066f97dd884fd966f5982ed5ed101039a5
SHA256 244e5277fd7639a6635d21b6ddefd6da834610d4e59ed6f4d832fa24ad1dc4db
SHA512 cb3f3adaa2248c4709f827344ed7b256345a993ed7c17e4490de285a2e465eee41d2008f50360b3e7b85c09be12655502c9c28000fb3b5e2bd29caaeb827305e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\thumbnails\1dbb17a98f851b3bdad5dedd90f72387.png

MD5 f5392ad92c9d20b5fb7f5fcbcce6fd76
SHA1 81880c412af81d20be31ebcea924f76334d69c77
SHA256 1d05b80d52d6f94a0945219f97db3d14d8d27c4558df6c6e08582ba93e8fb6c2
SHA512 311a60670dfa6cdea664c75aea7dd4021ea2d931da441d3a800cc4eee33a08010c31637fa30f7a01dd16f6ff80a460fc436f4c5d5195797d9e560ee982ee81af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f69c43a9a16fe1edde61d5ad6d13ee27
SHA1 a42470ff416be9d0fcc9ab1918f2e33b68c37edd
SHA256 5546dcf1b9170b7d43e642a42700d1b6d611633c9cb8dbb7f569b06320bd0ea6
SHA512 551da5a31f77ffc5122da44c1f6757ceedc3c285c365ecd7e2af705faee2a58d9375996d83f0131d9c3d1391987da9d5a16edc9a1072656a380605bb227c71ba

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\doomed\12164

MD5 aa2e68ac9daff17bf8b2c913ca6743b8
SHA1 b3b3d9aaff25ade0ecaab413f21d8420b5a953e9
SHA256 97aa9a0fdacb60078cdfce5657d478fa36fc9e25caf8e18b09bfeb06727b6d8a
SHA512 6a72cd3ed919a906540135f3acaa0d5d1a1567ab405f0a5449ce12e58208297cc22f942259c75faa35ecbc39f2ead1f6b951274ede66299478ced898751efa2d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\thumbnails\1efb8437e720d2dd19c2da2a783bd64c.png

MD5 c95d7177b6d97eb6e15eddd3e8965c9d
SHA1 52c12039600f80d3fb30ca41fb88e2353c33c4d9
SHA256 52838bd078cdbaaad2e121ded2a6f1c14d6f1c45e8d6963de092c57d4985ec8f
SHA512 15c37f80523d5e8540ce72573bbe61fe05b639b76d1e5148844e5080c09823609372462c11955e1bdfa543f93c86ca9a388a61301f6aaccfefd83571ca154526

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\thumbnails\4b66d06d970f8960be1f55d5fdebfb85.png

MD5 fc02db049d091e42f9c9857bd390b101
SHA1 ea1574b2d0bd9b2c8645dbfe80915a52e82812c6
SHA256 40b1bb64fe8a4fee70a2591cae2574171fd43255f51f051c285c7a32cee7b172
SHA512 fdeb347870ff94f55faf91c32d1906c552eddf8091bf52df2b2fc3fe0ee4c8846382b1b5cd5b8a947175abece84565356efc68a27c00aa64421c98cd9c09d6f8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 02fd343ff5680437c56138953ebda0cd
SHA1 4a12c23281248fe0386038537ee073fe1c6185b0
SHA256 32cb241ff063fc9facdbd08e4e742bdb8527fd19d7add186aa44384a9a574b03
SHA512 2828a6e9e1644aa042d8c4c0d8f33bdb41dd2065a23f0d1662fbfbe979bcd635a69f140484756be26a8a4f28983d01e726a02fbf2fbde2a74f481ea27fa79183

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ac7874b9b4321f60a3e82a91c1e8e637
SHA1 cfd6ac50a7c84363af0972f1fe806871d96b87a3
SHA256 ae501a63b1b3379759ce326394f54bfeb044795c1762bdbfdb42cb8b7388c3ed
SHA512 a13a9bd98e5ac7b963c03f69b92493b58b833582bfb9f90e8bba12d6a26196b43aaa65a8c98e835cbda8e00faccf09597f58a1d5797eb123ffaeab300a2f0342

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\01ABD05F24B7C929E9BBF7B620E2289C4EE00CD6

MD5 0f06bc83dedba1ca58a6c906464bc99a
SHA1 80ab714d250a44071973a3e12b8df1199793731e
SHA256 ea5c1564b02731e30c16a01a44fec7a8d672e7ac2cfaa5e3a4730ca96af9b7d3
SHA512 327e3183a238e6e07312da3d508fc0347b15016dc94352dfaacc489283dd388bb924ef0d63df0a0fd42f805629671ab37f084371d19002f9bc930ec2cb550e0b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\1243152E7867EAA24697321508C34F9CEF98EF1A

MD5 7785eecf50a49e03619a5e37ec738f3e
SHA1 343cf42727989cce79b2304ae6ba34295ef25cbc
SHA256 3190f5ad1a6811c2250cd79d09d123bb1d6e5de8cb6d173aa93d88832f1d9c98
SHA512 e8c81371e170c3ae415f55624f5b4ae2ea3b5312b2c93d6eeec89ad981bb664db10a5663cd539a651638ef573c5aa21cdf7ecc74fd50ec85f6cba4e57ae89ed4

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\D105AB5F954C0907C9073BF810F90A3C36C6D3E5

MD5 3a13a1d8fd6abbe1f7fab8c05cf18eec
SHA1 15d3bf3dc3a5ba827633b7af01621bd237852620
SHA256 23a0f0fccdf48c0f36273e4fc08f745031948ecf8d9e8a74e82ff61cdcb24170
SHA512 343f129e26b7365af69e426b4acecfb3cb5fe050c5178c87b2e7871772da2e843cc3438c5eccadb30e18cc35c651b901bde1c6ca05984af68e206be6df638f4d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\B7337353FCAEF82D4CAB849A66CBEFEE641105EE

MD5 412dd073687889e8ebbfe709d62d3928
SHA1 e18669b8b25107a8a8505bf5ddb7f104f66dbf5f
SHA256 691e4c49f48643181f82585b7716f5522b91e853f509b4eb0c77859282611c4f
SHA512 27e73710f8746e19098617aab1c0107f2fcc32d8345b319b6c1009203544e1f2224efd2f22fa29e425802b9d82575b79d125db4ee799d7c5ab612a4bc97071cd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\BB5FB70C74C290CCB9F25BF1EAEDFF4CAF215688

MD5 9f3168f5f922c5d09a438b160c9c6d22
SHA1 edac08011ce3cc1a762746c42944ad08ba842fda
SHA256 38c0fedd4eaf8929d42430a511aa6ea6b80c0b6892a10bd40cdd2639dda85431
SHA512 d2edcf9a315d9650d80e525fbca0ba294e3a43dece68f8f6a1dda50c94d0d79b69d7a7747eb9e8a986cdb2f1af54be79694dc0b13a1f4f4a40d1819a36c8823b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\BD518506D48E5D9A2A1A812001B343D87149620C

MD5 5c321860901f3a3564b21e32365653d3
SHA1 75b38985d1dfe55a2b96a4778b32ae7a30c0f8f5
SHA256 857809b35923c96608a1b8103d91c2715d37a6a90295da4c86f383a0d3edbbca
SHA512 12fba610d5ff341d5c8b2f679697facf69695252f4a5a8cb41f4af30913640ed66ba8351d8d14de1d9f55d29293c63ce710803a7fcf593ca56df8bf1d85c0604

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\80285EC16EDB2FCB53FE4D6500B0396AC776DCD0

MD5 237aed1afe8726960a2ccaa53f6ec15c
SHA1 5be4a6e716220373f6a57f3d372597785c2d6f7a
SHA256 74701cc453c08049ee6adf0f327cccd1bf29fc28ebc5bcd701988b9cc06e28ea
SHA512 1dc20461f3e34e550d335658a4941e3937d766d34e5fc6904e5ba8a500007aea603e457c7714ecbb6227fda8f8875c8ca111e29d5e61f7ecd2daa3e1f97f951d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\D2764A516583A378D0BA2325F933EF3C538EF129

MD5 be3472a708023212f18a721e5d019c42
SHA1 e50c102ee745072c282f8acd2fc320d78f431937
SHA256 e67dd6828de9d5d6565c4af4e1cf61cf104acc0f0ad83f589380375f95c6ad89
SHA512 4127149b3c928923c6a80db831a92ef819a1babaf26b85ffe8bb7321a06d69830f4eb78909c6283271a9888636ae74de05ef7880e5cf75db02f08ed397147cd5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\E44D8EA2BB95FA202605B58E615B3400B72A14D2

MD5 1e1fc02ef6198639568fd536e2f6e615
SHA1 4541c0501d132e7a63e3e74992ba7ee474d06d4f
SHA256 e3bc2e7216667f2fa567312f7f1a2e7c08ac8a0f7a6e07ebadce3f776abe1468
SHA512 540f767ce5e9dff773c8de268fdd98cbe1a9f8eb4d50776a2f2f7547a250fad53f106c922ad52788fc8bdbae0b0ed5444c920a50dde4b7c27f06581cc3caafe0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\45C13727B6DB444F70F2FAA20129C63BE433735D

MD5 7f530673d01acd0c354f8aa9dfd68e53
SHA1 0a9b9feb798ba6cc8f41ba2c6b02d8f8689377e8
SHA256 16300fcfac04bfee6c71abf8ea72d45d10dd07556fe151d03eefb75383e108d2
SHA512 9531bc45609f6763d8f8445bc2b92bf89ccea594e0d5f6c75c7ac57c394fed17837814fcd0fb004ccc2d42f6de27152637909d5fa7eb14dce36cbf711c6da0a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\ADB77CF89BB7C3EACBA0400910D8956D4F8A5D23

MD5 fe75d310c96859b15868930609afa9c1
SHA1 c8a8e61c74454f4dd7e8ffe635b473dbf64eb381
SHA256 2a5c780a66404393d32bdec3b1428c024b66a45c8046020dabefb88aed01332e
SHA512 b0baab6b57d9755fb9149eac2bf762bcbd2af98cdfc753aad7f19a50de5c3d3b7e7d3c3f85d68ccacc0632095cff91d6838deba22d54c0ccb06d7f1baf71e60f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\C471E1231FEC7D8FDB41B016DCED83CAE4DBAF27

MD5 e967322854506621d93c54af09d0ab9c
SHA1 199a7cb2d856a5eb78caa05931d6c40ea705e2c0
SHA256 64a5099ccc1a21820efbe57a0d6f3a537e5e09c567676f1c5f2f02ce2ee0e684
SHA512 0186938f0a6aa8eb741b29397951b5c71ac69fc6184141d62358b00d7d3793128939d1875f91588d59c91318fce03679eb7583aa85474c771853758f4947a27e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\F54E7030F181831909BFCE5EACACBD3D867BDC0E

MD5 7ab246ba023beb15bbb2594ce69cbcea
SHA1 68bafbf918d0ff97a6405a46393a9b0f3d19e104
SHA256 f925366c696692db4cf03a949fcac205a8c1edcba2a59e4e0af538bea5849545
SHA512 698a59d47a6eb0baa66979c3053b394e7b63471c8710ee3b3c7bf2ae8826ad573d141a5a502697ada4bccb72baef003ff80cd65b679331665594ef39a65f6b25

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\1A46D3B03B4914D068209FF81CDD6A6313AE1758

MD5 4995ad9bb0b0ce5f2947b0d0820238a0
SHA1 e75313b539c522df5e15e4ca39d922e257b48489
SHA256 918b706c52d7999bb1a2407b40b541c270a0f8e5901e4e22935ba75744cc2b98
SHA512 4ee4bcfaba06fbae60aec2c695e5455bf22355c5e835e17dc9cd52fc363c9757e243025a1aa2e6df9373b945b8ad35ad3ec65b7fbcdb5d6235cd2927c22dbb8a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\93A3F61C53110DFB2A449EAE79580128ABAB08D7

MD5 015409a4767f6e583a9aa701dabb9e97
SHA1 dafb4c8611dccef84e62fa4a2da4ea1828e22f84
SHA256 e1ed170d92c35fab8ca69a76770b2acb2832ac20b51ea4202c6773d3e35d6a0d
SHA512 66fa4d9bc49537ffd5ee31fd2030c866194418803061848504f9c60f25a8200aee09265e58d49ef7a0fd9544d2ac408a0be66766d626354c728926680853345b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 249bd8bbb34c86ade7866f5a72f3f321
SHA1 8a855ca007f842ee3c74ccadd63ebc69af684c4b
SHA256 39c557a49fae117081adbb75c1c05942a7c02420bdb73c1a1fb959c38e353a28
SHA512 2f8f2d955a9256dd66f8c04719b4faaee7dbc727d4218f0f72b27abf4c32cd9ec67ed864f8d5bb4a69bb5ea95738b3e58b5f4e7014fd87a7cd48fd5021fe4282

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-18467

MD5 fba93d8d029e85e0cde3759b7903cee2
SHA1 525b1aa549188f4565c75ab69e51f927204ca384
SHA256 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA512 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5551bffb56b00b147e5a652ec3135da6
SHA1 b4e6793d0c831ac1526139f044f09e58f289646a
SHA256 a799dc3d27530b4cc8afb26692add4d932bdbd8dcf3cb6c2e6d93b8fbfb03d06
SHA512 7724b956cb2550067a254702d9083fb6cef3b572325a8da23f72eb8918d13638d25c17ec7d10cd10c090097a8ce3ece407f9df50dddfdb99c44f988d3fe12903

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NK5R7P2JQALSJOWUT8LD.temp

MD5 e2ed3a3a709cd3e18f467e65602974bf
SHA1 bf3547744371d36f495a603e81127afed2c3f8fa
SHA256 995005478f2f73651cb1d05036f1d96bb3362802c6feb40a6d2fc867b54fc221
SHA512 fe494c4c09eee310046738064aa335e4435ba9e2bcfafffc823694903700f2c6938f8eccc25db8fdb552f7f6b8393bed7970fe159a576734d4a65c7e8dd371b5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4

MD5 17dd94e3b319c64468e7d55a0a6c198e
SHA1 d34e91b3fa2ab4ef3ea7885d72d9a7e78d033a2b
SHA256 be999c68e4a559b883c232b4ad18a8d74066f8c22dc8901afe55070d6a45625a
SHA512 3775459b2f4c9b0fecec8f9242154e94e180df6c72c744c3947bab7ed748f3c72c1769ffd5adf155bcc86cafb2aed97b9b4586b93e8e59eed7b7f87c64fd62c1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\places.sqlite

MD5 546bb4cebdb2e67ca1f8e91b0149ff8f
SHA1 d216069689482ded8ad42a91de78e4fe32cae0e8
SHA256 49c2f4fe54f1bf6f12c622a99b54a0ee83178728df6503b894eac21f1582d308
SHA512 22459cdf70fb6f173adbf46fa7039b1f9b0967b05cec26a43b5c33700faea3337a01ca1c624bcb21b51e6a94f0de509fe1cbacb08222da7c06e0412eb6eb4b7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

MD5 51ad5ac620e99ddd1da3ece8ab7665a0
SHA1 4227cfb47f860c3a545b5f5c2a82245fe78210c5
SHA256 29a4f4775447ed3162f7ce22041c3898a6f69db910d8d5a0674dd702403910b0
SHA512 633e9eced16b36071170ed640f516c43a45505f69b598f783ddfa698cd1d3e9233d9052ca1c10b47da3fc046cbaf74ad40006cc6899a64f688bf9fef43fd1518

C:\Users\Admin\AppData\Local\Temp\KillAgent.bat

MD5 ea7df060b402326b4305241f21f39736
SHA1 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2
SHA256 e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793
SHA512 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0

C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat

MD5 f80e36cd406022944558d8a099db0fa7
SHA1 fd7e93ca529ed760ff86278fbfa5ba0496e581ce
SHA256 7b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7
SHA512 436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTEULA.TXT

MD5 7070b77ed401307d2e9a0f8eaaaa543b
SHA1 975d161ded55a339f6d0156647806d817069124d
SHA256 225d227abbd45bf54d01dfc9fa6e54208bf5ae452a32cc75b15d86456a669712
SHA512 1c2257c9f99cf7f794b30c87ed42e84a23418a74bd86d12795b5175439706417200b0e09e8214c6670ecd22bcbe615fcaa23a218f4ca822f3715116324ad8552

memory/3048-6817-0x0000000000020000-0x0000000000027000-memory.dmp

memory/4692-7022-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4692-7021-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/3132-7056-0x0000000074FC0000-0x0000000074FC8000-memory.dmp

memory/3736-7057-0x0000000074FC0000-0x0000000074FC8000-memory.dmp

memory/4692-7058-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4128-7059-0x0000000004500000-0x0000000004510000-memory.dmp

memory/3676-7093-0x0000000075710000-0x0000000075718000-memory.dmp

memory/840-7095-0x0000000075710000-0x0000000075718000-memory.dmp

memory/3140-7094-0x0000000075710000-0x0000000075718000-memory.dmp

memory/2728-7133-0x000007FFFFF60000-0x000007FFFFF70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

MD5 075ed61ad7472a41fd0959e6339b71a7
SHA1 ac4e734a94974bc3030e28cbc8ecfddcda9480d0
SHA256 73c817ab79f1766619bb6ae9d0bb7ca157feb815141845923fc8393ffd2d0350
SHA512 3b9d192b4e1da9c504d63587c1cb547aa5089b04602967cff02c0f97e5cd151cbc0bad49cd1222588b3401f87ac65f4da1a300798b41f6e48aba8bc0bebe0907

C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

MD5 a6e6612df909f96f46b14bac4d1b8664
SHA1 48fba2f5e1150c3f397acccd3278068f50eed6f1
SHA256 b7c495c03c30005ac0b33812789fbc8a614ed2eb54b3b8e82d37aa7ff0095f02
SHA512 11565a758019259b8ac720a6ee341d6799d17b8c8f0947dda2f9d275a38c766508344a5f2074b4b05087a0ce1293360cdf9d25a2697989539de74cc05e3206c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d82fef162c56cdf7c655a5d651e1af0
SHA1 bd626aaefba6b8bedf81bcc0c6c9830a32bdf29f
SHA256 cad6c2339f19dcbb64da7d108b90d8b617a63c8c4f38b2fe2d21919635c2d4f8
SHA512 a84205962c826e6c9952314dabc6db4bcd88bb5a68363f629535af099f30e65d50e4305d7061c389ad8845d3cf15252063bcc33cb4cf56e84b5695d2f68aee01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c730a59693c91a7911514bef8cbeba0
SHA1 e8ff2d48ce115a430d3b4624a48349a08dbca9d7
SHA256 44a7d15d2b933eaa4e35b04f1fd5bcc15137879b698c061b8af100b9f9ed9da1
SHA512 8ad85a59f26b3f671c11b186bdf0be19b1a477c1e0f7d914ea95df317307251c60d0fb12e73b0ea7f4ab21e7a3e85faa7708acea4b5954956380d987ae0d1aa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4b1697287ee9819602bec59ae546025
SHA1 422c11ec73f7885f556cc3939e780a5caba34b57
SHA256 4eef3967080c628ee93cdd9f8c56da2b7e1179957c45ea92cabef88a18443ab1
SHA512 4af8932733101a6c55e8dd09c0c2f15f0a8cf2d46925184d86ef05850af8a394a942c103fc212c365b44bb3038fad4502e2592d105491d09d17ca52d3466fd8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d799e57cca6e9bce0bcfc9ba8d05c09
SHA1 13a9c7040752bd52a0823de8014ef61712beae7c
SHA256 ea4efbaee20d490e495b2a3b895802481f700aaa4deb88e869d9d3166023ae02
SHA512 40269f3736269039af7bf245c8c6548f421d5eba2cfbb31a916ab62a07619ac706177b40d6167325f2004994f248a5aedf175eeec07c14ef5c6e585f546afcaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12ca6f57043b6715db09423452319b28
SHA1 cc6423e5759ee6e8e1a2dd38ee74f502a2781160
SHA256 92805b8e898aaae39b1463bf2f75a496e42554ac6b1a9c61881d8f7bbe99c5a0
SHA512 a7f54d84b72ff367c10f1ddb70eb0d527d82e57eba7c2f60935a13ea03c33a5a08e1646989e3a967b79e0435c630e2cc859b8142e7e50827a009c5a6999b7ca1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74fba4d17fb61885d04c6723218c88ac
SHA1 a05ab5e88aeee1a41fa75183271b6ea64aacf0fe
SHA256 c666b0b52a13fa64fafdbd86cfbef3d1590cc9fc667b58107ce742fed548b152
SHA512 c90546b1dc5d1572cbc2c3ed95b3c9b626305d67d6ca6a6c4efcae46c18e7cc9f71b2c6c4b06c8ec2c01946bb9aa47883dbd7c2f88eb3821c3afd0555c8cb632

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1c7e5fb84c33a1b7ba1704fd438f3aa
SHA1 1891f74ad81053a29bc3702c148ce397a0352af0
SHA256 7cff46615f56731ebb975cf031388a73e3c186327561b1c4536417f9b5117194
SHA512 6472cf8e997b5829204f49638e32d3153bf4150bece12b6a0a6fc70f2642c2a1d326e6df58e95036c69c18de7c274b9b7a2c96f92fbe1d8fdf6f9ea6ec4d053c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a133ec4edf2343739c7e49102d914552
SHA1 463a37981d9b2f3da54d8612c8047b601fde37c5
SHA256 1cd92e392f19c4ba116715bd1183effa8e5d235047990ac9a5f9776073facc4f
SHA512 3e23274766ded1433de5ffea116a41840bfb8c222dc5309ff3b1731115bcf940237e8afa20226191f9b8c5b7e8780fe6db77db339e5cb35ca026b8206c76c7ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0af4d8e312e4bc427d2f20dbf25611d3
SHA1 f618f28f7d95e107205e703854674bcaf07f52e0
SHA256 7438ff0ebf967e41458ab62fd045068ca286dcbc96714886e059e76fa28d9095
SHA512 c0dc04437d3d3b57728e9ab59a70387c4f03a5bc147cb1b995eeb620a38d2a06f1e6494591638caaa55fa220853616152a53e3dda095d6a5c1dd9d79cc199e8e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin

MD5 6324de8fa4a6cfbeb82c18420e9a2292
SHA1 988883d2e030f7a3464f4df900812461549aa097
SHA256 e83fa3f48429fbcd09a6c4ae8b1def9fa6bf3edc6e5e4061a32f3069968c4ae6
SHA512 1ec0c00669977bae08f2f38fcbd7e13ad0748bcd2e5299787849ec8ad3f2034abfea20c97bda444735d01b3cef66fcc312e7d3ab844fcb98450346f75fc3014b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\f0bea17f-0a67-4c9c-85a7-cc9c8fed6752

MD5 9c80486877f27999683e87e8578d242c
SHA1 fe2780354d66e5e94553f5b47f40843e1a28b6ed
SHA256 6a9122bb06d06ecb38a8808506c295f34487b5305f2ae531a4a3bfbb5f0a4b57
SHA512 849bc3d5978b4f1305d6f052a38de8b819cca93661adb45790a9ee425db3f371caa097d1b58baabc3172a904059bc8e207d8ffbacc1187fd99ef2495362ca11a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\2395c5c1-b05b-437a-9656-16e577a092fe

MD5 b9fed83f3cb60b2a07b5ed675c8209de
SHA1 4613b1cff7577fc57a8595ff07d14b86a35fc781
SHA256 8e3a453ec9ac0acf1fdfbba067b0a22651390152fb6671ab2bd2fbb1a48118fe
SHA512 d4e947297b0d099da1c20e10da27503f97788334ab8fac857fcd7a48201c46d28560d52bab29cb921f88e43c2ee6b2f1430972e8f36ece6eca2d13685d69dcd1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\extension-settings.json.tmp

MD5 34922a0c15d7b026452f83d1a645bbc4
SHA1 2261e6a97105afc22f21987e6d395c73781bdadb
SHA256 2dd72e0fac57fedc5a57fe4140acd292be6fcfe8fb5dd71dc6613983ad84aafa
SHA512 9a91cd84bcfd3a63d5976478f2ed41fa2a119facd58f9e071923136b4ad02103919150ae487451fa9985ec8549e57730834adb27cc6a2d0a46d46a1ffcd392d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

MD5 bfd13d688d8e4eaf8ecaf299deef5bf5
SHA1 6d0d9aaf851975e53f3b7ecdd564e277b65c6fb6
SHA256 0aa265805d7c4145f565179671271b2c237df08789c0660f058e4575fda0660e
SHA512 b3ffff6d4b95b7ed07cd88ea36f14f152a06e367777cb7f8f314307d0ee588d3041c4c0750f4770b830d00f019706ef125e97912649b9eb217f05266f02da595

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

MD5 ec43271fd3b87b83bb37938e49ab8ab0
SHA1 88a97a3527ddfaf2303c949fbbf6caabc2c620e3
SHA256 3a36cde94e2d0a7e2aca9a7e708e13804c0be8f21d3c6d33feeeaf7ae8d137a5
SHA512 8296d3a63ac206c465d1f05d9cab28b421582a28ecf189328033ac363b8d8611535b7b4630399f362e4afbd5211d4fac4c9ac11dce02f9ebcbf44e04f59a8812

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4

MD5 2619a2c27677cae3a89c2f90f29391dc
SHA1 e403e5b1f6a335c07f6193b22e0c23cc001e820f
SHA256 7162f78a6eec63df8513058ac2a92cbb8a3d83eb580ad89dc755b99681b72330
SHA512 3a1fde537016d821796be1580585db840457c67766f6bb0cc8df357e52decc9ba0d3627512fdf41159d1808f4ed5d455a21b5989107344145af29b7ad5bd16d8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp

MD5 66bdbb6de2094027600e5df8fbbf28f4
SHA1 ce033f719ebce89ac8e5c6f0c9fed58c52eca985
SHA256 df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc
SHA512 18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp

MD5 2d87ba02e79c11351c1d478b06ca9b29
SHA1 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1
SHA256 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524
SHA512 be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp

MD5 362985746d24dbb2b166089f30cd1bb7
SHA1 6520fc33381879a120165ede6a0f8aadf9013d3b
SHA256 b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA512 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\xulstore.json.tmp

MD5 e68cf528f9dd6a24c883de1dfed4efba
SHA1 c289b211eb0b7e74aa265601a0a434a5fa69a539
SHA256 06d49441553ebe0645fa10f278b50a45517899751236fccb18293d6b4eef3bb3
SHA512 a0eb7ee19d7dd0587e3e8f159c26a463ec78e56585e0d3079ed64520192955dd386fc09b95809c7fe2eb671d82534f196f96e7f09b0e62a9c07cf54ea5a08567

memory/2728-7986-0x000007FFFFF60000-0x000007FFFFF70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

MD5 191e349e16e030b4c66ee6322df469a0
SHA1 c46fd1a1ab5739938bda014042cd53aeff044581
SHA256 95418de670a6330414a753a441fe62e8e916b8317f9597ce56901bf48526dea9
SHA512 3cf8424d3420500007f48785a0f8db019add3871d4758daf2e87730c7dd9f2b7cd014f5b4a51cd6a654ec355a327da274fbe0af4970e094ba7427d6cb5b60241

C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

MD5 aaa925d637359951e611da824cc6642c
SHA1 0f114b1da3e265b51bcb4ecee62914c041abd691
SHA256 667cf0332db8aec49c2f0143a36e7240b35ecca8600c4fc73be4e5249ea82f0b
SHA512 0ff96d3eb584fa4b7369274070f6cc9d9efc7b0f983718a8a2e822136bae81472d6a523768cdd6ef98368c0c2f2fb0e90165e83cb4c5e69115a793f922bdab5a

C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

MD5 1d01f30f72c9df9d9a21e5a22009335b
SHA1 a05f0a282cfd0a9e0cfe44cd39a51aaaf0797572
SHA256 d65731a648fea6bd44c632befcee7b08b3753eaf37f7f1ad0c2dea44db11215d
SHA512 71f664247eaed58c77fc6fd997bb7419c2221e5bb7c3ef5525362334b6293e6d6caa86a31fea87e4b18f21e8bc029c68dfaaacdbccaf6e68634b893bbd630c5c

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini

MD5 988ea61855eab89ff1f69e884a6bee04
SHA1 5d4792d34fe3939301eefa968ab5b5e8d415aec1
SHA256 010436597702c768cd6f56b169a523c69a64459e5ef04fefbeaaa1bd087a6fe1
SHA512 eb8df971b4dfacb0772571147e32a191161848464d24ab3be690f7308378004259c03375618ffbb332316b8bf21f637ce7fe694322590d9b56af65695e3d3b9f

memory/4848-8098-0x0000000075710000-0x0000000075718000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms~RFf870af9.TMP

MD5 e137890250f3d8a1ee59907e01fab402
SHA1 db870f37394ab43f63030d4b96dea52ef39204bc
SHA256 fc7b5edf0d7b01bbf919e53f1623a21630a70d738b2b78491bacedf726db0194
SHA512 a25cbb24207abf1552e30eb494db31c543e3f4ece3f10181b6e3fcde50ecca22599effa8758186b10fb223ad6bf9934e5efe6dc198a6bff944fb955388e5b4c2

memory/1328-8111-0x0000000075710000-0x0000000075718000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk

MD5 a47c0d861431cdd3a1528c589832ab42
SHA1 52e2f8d63f99c1f038e25d85104792b6d47c73be
SHA256 70692c56664371ef27e70fa63878f77740688e157500effe6f96234423dfd037
SHA512 10153baa8a5e86fc0878956f1632b139c1f2722ee457a72c23a4f24543fd639dea127166b18c459080fa714cfa578920041b18b00684c23ca750c10cd1099439

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BonziBuddy4.lnk

MD5 1f8ef181c872ec50cef8f93f04ea6b13
SHA1 57166ce3a8ae76826af7e8d4e52ee4c32764dc6f
SHA256 b0cdba5f399486f68e18bed54f3ef4ffcd7ebdad3559511c1d4a92fcfeec1f50
SHA512 326ddefbd7936d7d3671faa091f54ee971c5e0f63c2b58e11f4e2b52a132b3e415fa534a8840db5e9986292692f4f6262015587ba6841bc937207e3108cc45b5

memory/3244-8144-0x0000000075710000-0x0000000075718000-memory.dmp

memory/4420-8151-0x0000000075710000-0x0000000075718000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bonzify.lnk

MD5 5b2d2573129110b9c3aa353ae80704e9
SHA1 ceb1a065df4a4afc7d1645399ea9cac3ad1986a6
SHA256 6f83cfe6285e0171602acc3c236490fa520829e1f01513dad8d615f440726cfc
SHA512 3d14bad0728b0a6e4424fe598154c392be3f8f0b7f6858c621dbb4409d3a8c8dde24341a145f4f971e9e13c9c076d17c00b029e95eecb8483c0e0630e621d237

memory/3296-8219-0x0000000075510000-0x0000000075518000-memory.dmp

memory/2860-8220-0x0000000075510000-0x0000000075518000-memory.dmp

memory/5008-8221-0x0000000075510000-0x0000000075518000-memory.dmp

memory/4716-8254-0x0000000075510000-0x0000000075518000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\$ITW32Z4.lnk

MD5 761534380f278aa2efc85036acba9247
SHA1 89e0a82ae5b12b954a0aa6d268a46a7d964adb78
SHA256 b17d5c887a7f93d48d836291d66c5a5a30581ddc03e405c176b7c03a24c4fb84
SHA512 97eff78d1e42fc9f5e1ee3ead8f5ed5460be99cb8f2ede624b638e2b0281371176df90efac90a3982139708d2ea0f517eb2c53346931a3ba858292e8d2dc8044

memory/4388-8488-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-8487-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin

MD5 b9120bf365a8dfdc5e431beff934d5e0
SHA1 ae27ca9b246f1f9fb24b926c314b86497d93a7cb
SHA256 8921ae35725609571da34e05ffb2bd7864ce7e6dfa68afae9bdf8f74e09f3c0a
SHA512 dfbebe77f301d50ceded2c35465d9b5609b811541ec233349eb5ce8c663929e16d7f8edb1696abe91ac2e8ca77c0738c187a09a83406bd3ae1f11c5f1d163a41

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\d61b0231-afa0-4b57-a6e0-9b8acf561de6

MD5 4bd84b8c45f45cfb3a8de62b9d62c019
SHA1 7525c1e67f86e847859f7698f58dfb18d24d6214
SHA256 240323d4d009ecf0e86f0a89b4a5b137600a23c5dfee54f65c8d7f0708d7087d
SHA512 55e684821c4bb16d23a43f7c8aaa95442e9557c2bddecc04f8eca878948699fd1551390bca83199b0983b470c3e42fc34ee3ddf3b4cd3c80043188a9f1bb2051

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\7f32184f-ad5f-4baa-8760-d242ea052e21

MD5 a6528ed4c9acf2bdb8deb729e636ef6d
SHA1 e1e22036f3f4cc2eb87059b176366c4df6e1692b
SHA256 92a3eb3885f1f5cd09504cd7ef8abcb24fa35124cd908c8f45ff1515e950f677
SHA512 91ae7c79b226248bc14f109a5c73deb9c87e157f18e32db6ce7bfc351c9327aff60aebbf0928c1f36c0648e4bded7f6e2d884c90f1f6e8b98797635752156a52

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\doomed\22203

MD5 4abfa893f63a09847e2450b31acb3d0d
SHA1 8cfa65089e4bd7253fd6a759858e70554ee53c46
SHA256 539bab79b7e34e313eb060c1a1cb008d87975027b2a4f22bf095488a2d400a54
SHA512 a1ff2055b62e9e1b1e32c79b2d5ca15613d147f90e92bd4132c6007c1773ce41eeb2781ef1e1db2d3f703edf1ae7e163aa525f5ad8737e18cb7f514c3a6ac0a3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

MD5 c539569fdfe8ea23b5ef78412b77dcca
SHA1 c8613ac5c3faaa13e50391ffd97ea61ee59f6f1e
SHA256 6631d88f61b0d5bbc71901a2a29d9e272426618415010065fc5fcc76ac403837
SHA512 3fcf6997801a81ace0ed36603a275bde3df715b3c402e84a665e83049acd267f50465f4dcd33814a183a3bee7a157e38d87adfa3cb80f7ea789294c59dc5b86a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4

MD5 d1608fa61fb88cf0cb04c7b78e7783e2
SHA1 e76dbbea03bab3a4a1aa2807ace82a1887fa11ef
SHA256 d427ea2d56bd0f82d2c3a7d8869a8f446d347fd0141c7272b491d20b0e3c29af
SHA512 2d78b96f06fda778f5988fdced44cf69d0c328a6f4afeb565f300ffc3d8c58d2f630fae8fe1d2ba165ffbf2e1b00c4ff2d678def383fa238eff3bce2ff07e62d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\xulstore.json.tmp

MD5 3a4c4f73df9e0e741f38bfa61a101461
SHA1 71979eabcfbddc5e32749d09e44c0909d506e63e
SHA256 1bb8ea03f0f0c4be81905d74785be4e9f67372990022ce67b242c63c881d58a5
SHA512 981f773b2ef74fb65c706f4107753233392b0378e9f568395ecd1408514f1c8e384d73992af711e5e6f316c688203cfd79d3d4eb229e47a1d6d97d688efe456b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

memory/4388-8885-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-8884-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a8e369b13565da0186b455c7947df980
SHA1 bcc77d2d7b9e910383b4c86daf0ba7577e5645c5
SHA256 d2d1cdd3be76e0894474ada95ff8bcd8e66354259eddccbef33a9e7a6d7f0f16
SHA512 d7acf4569719111a937d7a201488d596c8d91d2ea4a1e2c28de9b061da286d5f792bf277fbd169d8cb99d6c593c948d19efcdde6352d563e15eb9853122e2579

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e533ef37860cc86715ee239fd7ebbd14
SHA1 201a823ab35f2acbd4310465134bf70af27e52c4
SHA256 c91bd0218b388bd29684b8f9f2757297415797c7c2376967d660a61e316c7ec1
SHA512 75add577c3c06df2a007e1a1c5ef3120b2c9a1aea5d10dd948eadf8452f8891eca493803620d01c165405221542fe84bc0edda8ebe354b5f84ad04c839933baf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c86dd4a2-1e92-4ae3-a166-7b221a477e33.tmp

MD5 677275bda4b20f3f5186396025691a0d
SHA1 ed4dc4f13067f6b22fd4a751c9d170d4ef4c0ac4
SHA256 0ed9a93049c890bd945e9682c35e6194ca1b86090090e2a60552d2331202a389
SHA512 dab8741b8d23f69fd30da7c56b35a36b13da487f6e9907bfaea495b1cac2331b00764efef118c23a1e19af47250af24ba02f5cea46a00096950f33a3f04de995

memory/4388-9000-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-8999-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-9019-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-9020-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\$IB54H7I.lnk

MD5 9f16199c3e0f1c065a0ce180889335e4
SHA1 2db44798e333031fbac4dea9307d8e6b8462b351
SHA256 4ee0225f766890328be779cb34788a6b6b6409a962406d95b6421f2170ace84d
SHA512 98783019bd006da86d5df012a582504b2c1db7ceaeefa3046bcecff0cd5d14a0a7151a945b98696eee873de9c9bb7f31927023c34d594badcce6fb258a7f08ef

C:\Windows\Temp\SDIAG_0ac963df-e249-4df5-98f8-b20346862a68\DiagPackage.dll

MD5 e382ec1c184e7d7d6da1e0b3eacfa84b
SHA1 9a0d95eb339774874f4f0da35d10fd326438b56c
SHA256 786d95dc0d59089e14055385cce8765888f55236b5220fdfd28cf2d9b07e63ee
SHA512 019bcb4f41b5bc5853db2fa528ef126e839c5b0d0dc096dd441ba02d8c71e7913efd16b74aed93952ad2cc5422b151c12d3017fc22a65ae5ce2e7e1fc72a396c

C:\Windows\Temp\SDIAG_0ac963df-e249-4df5-98f8-b20346862a68\en-US\DiagPackage.dll.mui

MD5 526bcf713fe4662e9f8a245a3a57048f
SHA1 cf0593c3a973495c395bbce779aef8764719abf7
SHA256 c8190f45d62c5c03013ffc66b3f9bf60f52a32464fa271d2fad5fd10432da606
SHA512 df7e93617461c2fd25b5b684311126e66b7cf9f1ecfbf4c8a944f65fb2c904194ec635a9c7b962d4583ea77b0312435c7dc1b5ecbcb1fb3a5a74fc1eb2c21d04

memory/2716-9330-0x0000000002120000-0x0000000002128000-memory.dmp

memory/2716-9340-0x0000000002140000-0x0000000002148000-memory.dmp

memory/2716-9350-0x00000000021E0000-0x00000000021E8000-memory.dmp

C:\Windows\Temp\OLD6D3B.tmp

MD5 126b75d50756fe204283d418ae1a66df
SHA1 83bbb6b142db7351c5547fbe46df56c8cc596aef
SHA256 3d12addcfd4d7233c787101c848fd1d7a62b6b6386fb2043b3d8f45502950312
SHA512 b782c79e2428eba1d8035a36582ccbbaf2fc3e605720fa4cb9a1d135edfe971034cc39f48d271e5ea1096ee7043b5024f7c73135703b54d88e7cae1877728d16

memory/4388-12803-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-12801-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-16103-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-16985-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-16997-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-17808-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-17815-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-18769-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-19032-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-19243-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-19242-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4388-19245-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024080915.000\PCW.0.debugreport.xml

MD5 3ce46b84405e22baa93cdd41643e3e44
SHA1 81ce34bd756ee7e67af471f18a251da82c816de3
SHA256 a0057568de7513f5095c53580a7d9cff0dd936c1f18654cc243f21e5ba1fd08e
SHA512 d336ccdb72129de9f251d7347294388a355c384d7e4ec8bd8339e5465e85e8d554c661d8c237478349300bb75624d50a33767578afb1ced3604c0fb74ef1d727