Analysis Overview
Threat Level: Likely malicious
The file http://bonzi.link was found to be: Likely malicious.
Malicious Activity Summary
Credentials from Password Stores: Credentials from Web Browsers
Possible privilege escalation attempt
Event Triggered Execution: AppInit DLLs
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
Loads dropped DLL
Executes dropped EXE
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Drops desktop.ini file(s)
Enumerates connected drives
Checks installed software on the system
Network Share Discovery
Adds Run key to start application
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Detected potential entity reuse from brand steam.
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Event Triggered Execution: Accessibility Features
Browser Information Discovery
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Modifies registry class
Checks processor information in registry
Enumerates system info in registry
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
NTFS ADS
Modifies Control Panel
Modifies Internet Explorer settings
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-09 14:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-09 14:55
Reported
2024-08-09 15:21
Platform
win7-20240704-en
Max time kernel
1330s
Max time network
1535s
Command Line
Signatures
Credentials from Password Stores: Credentials from Web Browsers
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Active Setup\Installed Components | N/A | N/A |
| Key created | \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| Key created | \REGISTRY\MACHINE\software\Wow6432Node\microsoft\Active Setup\Installed Components | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: AppInit DLLs
Possible privilege escalation attempt
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
Modifies file permissions
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Windows\CurrentVersion\Run\Sidebar = "C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun" | N/A | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini | N/A | N/A |
| File created | F:\pee\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini | N/A | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\K: | N/A | N/A |
| File opened (read-only) | \??\M: | N/A | N/A |
| File opened (read-only) | \??\S: | N/A | N/A |
| File opened (read-only) | \??\E: | N/A | N/A |
| File opened (read-only) | \??\G: | N/A | N/A |
| File opened (read-only) | \??\I: | N/A | N/A |
| File opened (read-only) | \??\L: | N/A | N/A |
| File opened (read-only) | \??\O: | N/A | N/A |
| File opened (read-only) | \??\P: | N/A | N/A |
| File opened (read-only) | \??\X: | N/A | N/A |
| File opened (read-only) | \??\Y: | N/A | N/A |
| File opened (read-only) | \??\A: | N/A | N/A |
| File opened (read-only) | \??\H: | N/A | N/A |
| File opened (read-only) | \??\F: | N/A | N/A |
| File opened (read-only) | \??\R: | N/A | N/A |
| File opened (read-only) | \??\T: | N/A | N/A |
| File opened (read-only) | \??\U: | N/A | N/A |
| File opened (read-only) | \??\V: | N/A | N/A |
| File opened (read-only) | \??\N: | N/A | N/A |
| File opened (read-only) | \??\Q: | N/A | N/A |
| File opened (read-only) | \??\W: | N/A | N/A |
| File opened (read-only) | \??\Z: | N/A | N/A |
| File opened (read-only) | \??\B: | N/A | N/A |
| File opened (read-only) | \??\J: | N/A | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Network Share Discovery
Detected potential entity reuse from brand steam.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SETD9FF.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\SysWOW64\SETD9FF.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb016.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\sp001.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page4.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp003.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\t3.nbd | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page6.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page0.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page15.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\AUTPRX32.DLL | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\book | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page9.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\BBReader.EXE | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\J001.nbd-SR | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page2.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page5.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Apps.nbd | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSAGENTS\Peedy.acs | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page14.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page2.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\book | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page6.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\SSCALA32.OCX | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page16.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page4.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp002.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\BonziBuddy432\Uninstall.ini | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb007.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page13.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page0.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp001.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page3.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page1.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Reg.nbd | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb005.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp005.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\MSINET.OCX | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Snd2.wav | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb013.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\favicon.ico | N/A | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page5.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb014.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page13.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page12.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page6.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\BonziBuddy432\Reg.nbd | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page7.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\ODKOB32.DLL | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb012.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\page16.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\cb011.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page5.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page11.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Alpha-net\sp006.gif | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Options\bonzibuddys.URL | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page17.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Treasure Chest\page1.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page14.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File created | C:\Program Files (x86)\BonziBuddy432\Reg.nbd.temp | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| File opened for modification | C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\page3.jpg | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\msagent\SETD59B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET6C5A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET6C5C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SETD59A.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET6C5E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET6C71.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe | N/A | N/A |
| File opened for modification | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\intl\SETD5C1.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\fonts\SETD9EE.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File created | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Desktop\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\help\SETD5C0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\help\SETD9DD.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SETD9DC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET6C85.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET6C73.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SETD5AD.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SETD59B.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD5AC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD5AE.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\SET6C72.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\SET6C74.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SETD5BF.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\SET6C5E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET6C6F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET6C85.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETD5AC.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\fonts\SETD9EE.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET6C5D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET6DC1.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SETD5C2.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\intl\SETD5C1.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET6C6F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\help\SET6DD2.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET6DD3.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\INF\SETD9FE.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET6C5C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\SETD5C0.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.app.log | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe | N/A |
| File opened for modification | C:\Windows\INF\SET6DE4.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SETD5BF.tmp | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE | N/A |
| File created | C:\Windows\msagent\SET6C5A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | N/A | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\Schemes | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\MenuFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\IconVerticalSpacing = "-1125" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\CustomColors = ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00ffffff00 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #21 = "6908265" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\InactiveTitleText = "67 78 84" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #1 = "0" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\InfoText = "0 0 0" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\MenuBar = "240 240 240" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #18 = "0" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\SmCaptionFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\Scrollbar = "200 200 200" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\Schemes | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #1 = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #3 = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #14 = "16777215" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #11 = "16578548" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\IconFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\IconSpacing = "-1125" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\InactiveBorder = "244 247 252" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\CaptionWidth = "-315" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\AppWorkspace = "171 171 171" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ButtonHilight = "255 255 255" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #30 = "15790320" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ButtonFace = "240 240 240" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Font #2 = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #0 = "13158600" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #16 = "10526880" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\MenuText = "0 0 0" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\WindowText = "0 0 0" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #6 = "17" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #2 = "13743257" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\PaddedBorderWidth = "-60" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\CONTROL PANEL\\COLORS | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\BorderWidth = "-15" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ActiveTitle = "153 180 209" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #3 = "21" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #27 = "15389113" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ButtonShadow = "160 160 160" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\ButtonDkShadow = "105 105 105" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\CaptionFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\MessageFont = f4ffffff0000000000000000000000009001000000000001000005005300650067006f006500200055004900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #0 = "1" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #4 = "15790320" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\UserPreferencesMask = 9e3e078012000000 | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Desktop\WindowMetrics\SmCaptionWidth = "-255" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #22 = "14935011" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\HotTrackingColor = "0 102 204" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #4 = "21" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #8 = "19" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #9 = "0" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #10 = "11842740" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Size #5 = "17" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #5 = "16777215" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\GradientActiveTitle = "185 209 234" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\TitleText = "0 0 0" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\MenuHilight = "51 153 255" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\Background = "0 0 0" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\Window = "255 255 255" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Colors\HilightText = "255 255 255" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Flat Menus = "1" | C:\Windows\system32\rundll32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Control Panel\Appearance\New Schemes\Current Settings SaveAll\Sizes\0\Color #13 = "16750899" | C:\Windows\system32\rundll32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC61B68D-5661-11EF-890B-725FF0DF1EEB} = "0" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | N/A | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000004adc2b7fa03361790d36a89fb9e4403128a4f589805d6026a6c211d134b5f1de000000000e8000000002000020000000a931630ec2dfee7368deae4169b1c74a426d55904036a0eb22a5deefcebbf3c820000000f21ee78c030464f57f3277cbcc20d8ea9166754b0ebbab75fdfc0c4c198dbeb540000000a650043aa03b8325c203311f5d8bf624de7e68bb590c2b04434eb2ffb7ff6bfd46a543210070ccfb58e5324a6cc9b148ff789101b8a325d847c577caa5f255f5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU | N/A | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TypedURLs | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD1FA5C9-565F-11EF-890B-725FF0DF1EEB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000ac8e8c35421fbd2b68ec22eeb83568e8c741beaa95dc4c7ce362ed52e167b8aa000000000e80000000020000200000007508303451ef8c07493c28087851100eb511c649d7ee8c7c20c4666f51dd6b509000000036f782e984a0c8ae77010db1f6828ff61550d9d97aaa71632718acfc0c50b87580fe938d0c90ceaefd95c51e7fe5e204c4362b7c4404d5992bd19bb20eae2f5fef473ef8f944126849b05fa1fe7a0ce97f3ac3ef73c345552e07db765460336e04a15151f33ee803c83ddbe9c4b850ecd4ba35ce21a7d79429b868348fae9a7e53b920862d31beb1bf4f99a6c6c9d5af4000000022b6ee1e93037517a11fa034bdbd666ee22fd213b804dc391351e96b2ad8b0b022544bec4cf6cd31f156073c19a4671475015049d573b7267ef32bfe7e4a5e6b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\MINIE | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00b957846ceada01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57DA7E73-B94F-49A2-9FEF-9F4B40C8E221}\VERSION | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C6D21D6-7470-4555-A8FB-6C2292B39C46}\ProgID | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\MiscStatus\1 | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Implemented Categories | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD9DA665-8594-11D1-B16A-00C0F0283628} | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8671A88-E5DD-11CD-836C-0000C0C14E92}\Version\ = "1.0" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A45DB4D-BD0D-11D2-8D14-00104B9E072A}\TypeLib\ = "{0A45DB48-BD0D-11D2-8D14-00104B9E072A}" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "8" | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6B1BE807-567F-11D1-B652-0060976C699F}\Forward | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}\ProgID | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.clsStoryReader\Clsid\ = "{F4900F6A-055F-11D4-8F9B-00104BA312D6}" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1533A365-F76F-4518-8A56-4CD34547F8AB}\Control | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6BA90C01-3910-11D1-ACB3-00C04FD97575}\ = "IAgentCtlCommandsEx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B2676D5B-8D53-4569-AF2C-A55A0D90C132}\TypeLib\Version = "1.4" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628} | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{916694A8-8AD6-11D2-B6FD-0060976C699F}\ProxyStubClsid32 | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE9-1BF9-11D2-BAE8-00104B9E0792}\ProgID\ = "Threed.SSCommand.3" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}\TypeLib\Version = "2.0" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D45FD301-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F4900F6A-055F-11D4-8F9B-00104BA312D6}\Implemented Categories | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83C2D7A0-0DE6-11D3-9DCF-9423F1B2561C}\TypeLib\Version = "1.0" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{920FF31F-CA25-451A-9738-3444FC206BCC}\TypeLib | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EB61DB30-B032-11D0-A853-0000C02AC6DB}\TypeLib | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E8671A8B-E5DD-11CD-836C-0000C0C14E92}\1.0\ = "Sheridan Month/Year/DateCombo" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveTabs.SSTabs.2\CLSID\ = "{0A45DB4F-BD0D-11D2-8D14-00104B9E072A}" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CA478DA0-3920-11D3-9DD0-8067E4A06603} | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0A45DB49-BD0D-11D2-8D14-00104B9E072A}\ProxyStubClsid32 | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\MRUListEx = 0100000000000000ffffffff | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C4D7E3C7-3C26-4052-A993-71E500EA8C05}\Programmable | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93C91-7B81-11D0-AC5F-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22EB59AE-1CB8-4153-9DFC-B5CE048357CF}\ProgID\ = "BonziBUDDY.CPeriod" | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB64DF2F-88E4-11D0-9E87-00C04FD7081F}\ = "Microsoft Agent DocFile Provider 1.5" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F59C2A4-4C01-4451-BE5B-09787B123A5E}\TypeLib | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{53FA8D4B-2CDD-11D3-9DD0-D3CD4078982A}\ = "_ISkinLabelEvents" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ImageComboCtl.2\CLSID\ = "{DD9DA666-8594-11D1-B16A-00C0F0283628}" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F053-858B-11D1-B16A-00C0F0283628}\TypeLib | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE3-1BF9-11D2-BAE8-00104B9E0792}\TypeLib\ = "{065E6FD1-1BF9-11D2-BAE8-00104B9E0792}" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\SSCalendar.SSDayCtrl.1 | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F4900F6B-055F-11D4-8F9B-00104BA312D6}\ProxyStubClsid | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{065E6FE6-1BF9-11D2-BAE8-00104B9E0792}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{065E6FD2-1BF9-11D2-BAE8-00104B9E0792}\TypeLib | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA1CA04-8B5D-11D0-9BC0-0000C0F04C96}\ = "ISSReturnBoolean" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BA90C00-3910-11D1-ACB3-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628} | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDD1F04A-858B-11D1-B16A-00C0F0283628}\ = "ListViewEvents" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Threed.SSCommand.3\ = "SSCommand Control 3.0" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{065E6FE0-1BF9-11D2-BAE8-00104B9E0792}\ = "ISSCheck" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ActiveSkin.SkinScrollBar.1\CLSID | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComctlLib.ListViewCtrl.2\CLSID | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48E59294-9880-11CF-9754-00AA00C00908}\ = "Internet Control General Property Page Object" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{62FCAC31-2581-11D2-BAF1-00104B9E0792}\ = "DSSOption" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{14E27A73-69F0-11CE-9425-0000C0C14E92} | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BonziBUDDY.CCalendarVBPeriods | C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{53FA8D42-2CDD-11D3-9DD0-D3CD4078982A}\TypeLib\ = "{972DE6B5-8B09-11D2-B652-A1FD6CC34260}" | C:\Users\Admin\Desktop\BonziBuddy432.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | N/A | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | N/A | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\wp4073802.webp:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\SteamSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bonzi.link"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bonzi.link
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.0.783634963\1044154913" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc523fa8-fab1-4453-b62d-c31550297b91} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1304 10ff4158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.1.1256526970\1654260514" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9da7af5b-7ced-4020-aff7-16de02ddfd26} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1504 d71658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.2.1447415296\1826440924" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6fc75df-27ab-4eb3-a3ca-1c6f0bb04c51} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 2088 1a2c9558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.3.1792370936\1728790187" -childID 2 -isForBrowser -prefsHandle 2680 -prefMapHandle 2676 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82e3dc60-af98-424c-b916-165c69ae3d44} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 2688 1c33d358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.4.441131577\1716624618" -childID 3 -isForBrowser -prefsHandle 1108 -prefMapHandle 3852 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b5f5ea9-bb69-4e2c-9f05-33f597270d5f} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3872 1ec9e258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.5.366477787\1811566002" -childID 4 -isForBrowser -prefsHandle 3984 -prefMapHandle 3988 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41ed8e53-23ce-4a3f-9747-e6ca01c7d874} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3976 214ae458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.6.1043808884\1414091929" -childID 5 -isForBrowser -prefsHandle 4152 -prefMapHandle 4156 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1f65596-0783-4655-98e4-01dafdc24fde} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 4144 214afc58 tab
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,Advanced,@Advanced
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL desk.cpl,Advanced,@Advanced
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?LinkId=109286
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:275457 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.7.1776352154\1653856721" -childID 6 -isForBrowser -prefsHandle 3812 -prefMapHandle 2800 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bb373e7-a9cb-4912-8d68-4645d712873a} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3332 21ff5258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.8.1860701603\1618749644" -childID 7 -isForBrowser -prefsHandle 3068 -prefMapHandle 3204 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {235c3b69-7f0a-4ac0-a9e9-4c940585d8cc} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3056 21ff8858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.9.1519736350\207174318" -childID 8 -isForBrowser -prefsHandle 4452 -prefMapHandle 4456 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af8376bd-4648-4326-93a1-06caa027bb0c} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 4440 21ff6158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.10.112867821\323520896" -childID 9 -isForBrowser -prefsHandle 3008 -prefMapHandle 3004 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1983b08-56bf-4b7b-842e-98aeba666311} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 1808 d65358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.11.474540957\1211949853" -childID 10 -isForBrowser -prefsHandle 7996 -prefMapHandle 7988 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1671072-8e78-453f-9c29-d321a71dcf46} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 7884 11498358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.12.443530358\1186059856" -childID 11 -isForBrowser -prefsHandle 7768 -prefMapHandle 7764 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed6ecedc-0a83-44fb-abe6-52662cc2603e} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 7780 11498958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.13.668857870\1151972314" -childID 12 -isForBrowser -prefsHandle 7680 -prefMapHandle 7676 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91fb7f27-c122-4806-bc77-f20f6671dc97} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 7576 24f58c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.14.809333211\151112326" -childID 13 -isForBrowser -prefsHandle 7788 -prefMapHandle 7792 -prefsLen 26836 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ab5965b-b934-45f6-bf81-df09bd14b4a4} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 7872 11498358 tab
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2920 CREDAT:799753 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.15.1500237683\874152225" -childID 14 -isForBrowser -prefsHandle 7612 -prefMapHandle 3792 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d059a43f-1a96-4648-a108-de599f3dc2c2} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3492 21e26a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.16.1934110989\332552057" -childID 15 -isForBrowser -prefsHandle 7592 -prefMapHandle 7896 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e58e8bfc-ee6e-4cc2-b09a-982261ee1f32} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 4564 2641e758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.17.1435641827\1858738757" -childID 16 -isForBrowser -prefsHandle 7392 -prefMapHandle 4048 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55985354-43af-4cdf-baf7-3bab35dafea7} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 8528 2684e658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1336.18.1965308762\1557587052" -childID 17 -isForBrowser -prefsHandle 8200 -prefMapHandle 3504 -prefsLen 26845 -prefMapSize 233444 -jsInitHandle 812 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19cf130c-32b8-4a25-a5a9-96c2be0f839e} 1336 "\\.\pipe\gecko-crash-server-pipe.1336" 3000 27697358 tab
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap6140:68:7zEvent31887
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap6995:64:7zEvent7175
C:\Users\Admin\Desktop\BonziBuddy432.exe
"C:\Users\Admin\Desktop\BonziBuddy432.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat" "
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
MSAGENT.EXE
C:\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
tv_enua.exe
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\system32\SndVol.exe
SndVol.exe -f 68945686 18467
C:\Windows\system32\SndVol.exe
SndVol.exe -r 68945686 0 {0.0.0.00000000}.{494ac999-4740-4e72-9bad-a3628eb24cfa}
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.0.812832610\245215714" -parentBuildID 20221007134813 -prefsHandle 1124 -prefMapHandle 1116 -prefsLen 21306 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc532df0-964d-482b-83af-86dee8e09d61} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1208 f7f9258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.1.759974804\1688194283" -parentBuildID 20221007134813 -prefsHandle 1336 -prefMapHandle 1332 -prefsLen 21351 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb0c2dbb-d617-4692-88b0-4ec5d92ad914} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1360 eb3f458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.2.1583442817\664879438" -childID 1 -isForBrowser -prefsHandle 2016 -prefMapHandle 2012 -prefsLen 21812 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c61703aa-fcf0-43d8-9fea-3166facba522} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2028 1a277258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.3.2039220711\1697076402" -childID 2 -isForBrowser -prefsHandle 2528 -prefMapHandle 2516 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40e73e9-f7e7-4f83-8552-344ca51fd7cd} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2532 1c19ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.4.182310759\1086348581" -childID 3 -isForBrowser -prefsHandle 2756 -prefMapHandle 2752 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4bb7d73-fdf2-4465-80d1-3a4e5efdd8ad} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2768 1c9cce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.5.1137447730\1713784441" -childID 4 -isForBrowser -prefsHandle 3364 -prefMapHandle 3380 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae124a29-bb64-4612-b39a-39d912f33204} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3360 1aeaae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.6.1104476266\1990714617" -childID 5 -isForBrowser -prefsHandle 3544 -prefMapHandle 3556 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd45cb6c-a251-4a35-a831-1fec4791a2ae} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3532 1d9e2e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.7.1322895084\2093808617" -childID 6 -isForBrowser -prefsHandle 3624 -prefMapHandle 3628 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12a98283-7394-4759-b501-4fff0704ac8b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3612 1eef3e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.8.381944852\102800740" -childID 7 -isForBrowser -prefsHandle 4108 -prefMapHandle 4124 -prefsLen 26997 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2b862ee-8ccd-47fe-a160-c025a81a2483} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4140 21a94c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.9.215003069\1981387574" -childID 8 -isForBrowser -prefsHandle 1588 -prefMapHandle 1584 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f31aaaec-c26f-4642-b230-e75f4ba11dca} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1852 1c21ab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.10.1372264191\1217637551" -childID 9 -isForBrowser -prefsHandle 3776 -prefMapHandle 3716 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fde287af-6ea7-45aa-92de-d4baabf1644d} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3612 1f77b858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.11.1788152548\902271762" -childID 10 -isForBrowser -prefsHandle 4524 -prefMapHandle 4528 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {227e84ba-eeee-4581-806b-0a95add54733} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4512 1f77d958 tab
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.12.1965912592\2057399211" -childID 11 -isForBrowser -prefsHandle 4120 -prefMapHandle 4176 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cec6cc4-2f6f-4dc7-a43f-06cfbab82f44} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4244 21ad3e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.13.1125509121\116013301" -childID 12 -isForBrowser -prefsHandle 2768 -prefMapHandle 2892 -prefsLen 27006 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a590be48-2b10-4bae-8bfc-b721a80c5423} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1620 21993a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.14.1910673715\2126979476" -childID 13 -isForBrowser -prefsHandle 8604 -prefMapHandle 4416 -prefsLen 27342 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf541732-d5a3-480f-85b7-ec42059936ff} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2768 1ee49058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.15.1494907295\1634345245" -childID 14 -isForBrowser -prefsHandle 8460 -prefMapHandle 8464 -prefsLen 27342 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39309536-db5d-4160-894c-61b5704e051a} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4416 1c219558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.16.1964472680\1979185737" -childID 15 -isForBrowser -prefsHandle 8324 -prefMapHandle 8460 -prefsLen 27342 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13b0d228-e16f-4832-b575-8f91fc731b3c} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8516 e65058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.17.819143908\371894513" -childID 16 -isForBrowser -prefsHandle 7684 -prefMapHandle 7680 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5414bcbc-7de0-4558-a4c4-f0b120d10195} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7644 229ef858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.18.1402918675\91659363" -parentBuildID 20221007134813 -prefsHandle 7472 -prefMapHandle 7680 -prefsLen 27351 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4318aa1e-e921-4e76-b313-204b193b7c12} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7684 2925cb58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.19.1731632904\182859897" -childID 17 -isForBrowser -prefsHandle 8384 -prefMapHandle 8372 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {589d4876-c3e2-470d-b64d-af12a5c88a89} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8388 1f77d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.20.391115887\1656660924" -childID 18 -isForBrowser -prefsHandle 3968 -prefMapHandle 8576 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea08af41-4011-4d34-9dae-585d7f2c63b5} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 1620 1f77eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.21.581971575\438386730" -childID 19 -isForBrowser -prefsHandle 4668 -prefMapHandle 8436 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01335d20-8ccc-4f4c-8ea1-f36a6ebf98bd} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3608 f1e1058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.22.1180876731\559222321" -childID 20 -isForBrowser -prefsHandle 1780 -prefMapHandle 1884 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {153f9fe7-bc20-4e2b-9a55-24abc2bc2ca1} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4396 1c21c958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.23.740285367\104406705" -childID 21 -isForBrowser -prefsHandle 8600 -prefMapHandle 8332 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f2bb7c0-ebb1-489e-bc97-b2b602a76e2f} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7960 e65058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.24.604238685\790644739" -childID 22 -isForBrowser -prefsHandle 4212 -prefMapHandle 4480 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcde7687-d68f-4566-81b6-516f8f0c1f50} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2824 1f77e558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.25.216679311\1634333904" -childID 23 -isForBrowser -prefsHandle 4660 -prefMapHandle 8336 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe272de-00d4-476b-9b57-7a9009d0933b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4604 f1e1f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.26.1817764562\1882892051" -childID 24 -isForBrowser -prefsHandle 4688 -prefMapHandle 4596 -prefsLen 27351 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {190626a9-e0eb-4b32-8c51-c27872a5bc07} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8584 1c2f7558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.27.1159200782\848186151" -childID 25 -isForBrowser -prefsHandle 7664 -prefMapHandle 7964 -prefsLen 27360 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e2fdfc-1fc6-48ca-80ff-54ebf24b5691} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7904 21994f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.28.1523615548\172129068" -childID 26 -isForBrowser -prefsHandle 2836 -prefMapHandle 8236 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2494e261-3ca4-42a6-9363-de6e7350e8fa} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3612 1c21d858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.29.1041142459\52594251" -childID 27 -isForBrowser -prefsHandle 3808 -prefMapHandle 1796 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4430bf3d-1eae-4055-b5f4-1002cf6872b7} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8432 1c9cce58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.30.1169455923\1496046373" -childID 28 -isForBrowser -prefsHandle 7952 -prefMapHandle 2748 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e6ba0d0-60ae-49d7-9e3c-38558d9c58ff} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7592 22492858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.31.958516904\873474316" -childID 29 -isForBrowser -prefsHandle 7244 -prefMapHandle 3852 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d249428b-925b-480c-82a9-2efbcf711c6b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8060 2248fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.32.1109537557\999472241" -childID 30 -isForBrowser -prefsHandle 4236 -prefMapHandle 7920 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8da91fa1-d0dc-4539-85cb-bab82341fcd6} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7528 2916dc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.33.1714109139\724376332" -childID 31 -isForBrowser -prefsHandle 2996 -prefMapHandle 4204 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26cf9788-f8dc-4b7d-925c-ce1d368c26cf} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4568 22335658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.34.1687168056\950938215" -childID 32 -isForBrowser -prefsHandle 7520 -prefMapHandle 3580 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1c1d8af-c26c-49d1-9a2b-6364ad62e214} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3780 29480c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.35.1209663147\119431065" -childID 33 -isForBrowser -prefsHandle 8512 -prefMapHandle 3560 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24704b31-1e6a-4bf9-8ecb-5d2a21095d61} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7904 f0a4c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.36.1421675917\1097031120" -childID 34 -isForBrowser -prefsHandle 3660 -prefMapHandle 3968 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f30a9e5c-1625-48df-917e-6f7d8b030a6c} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 6988 ee47058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.37.981024071\1563320119" -childID 35 -isForBrowser -prefsHandle 8392 -prefMapHandle 8320 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {208ddb24-91a5-442f-84df-338132f2427b} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8388 e2db58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.38.1433830682\301898445" -childID 36 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c1b0df-db13-4a05-af7f-ccfbb833f6d6} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3476 296bc858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.39.1083045442\2038991706" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4288 -prefMapHandle 8644 -prefsLen 27895 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32529583-f8bc-4779-af72-b8368678e956} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 8320 2b73c658 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.40.208508694\145172663" -childID 37 -isForBrowser -prefsHandle 8480 -prefMapHandle 3540 -prefsLen 27895 -prefMapSize 233536 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b94028e-ce01-4997-b086-49bcfc504326} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 7616 2f8b2058 tab
C:\Users\Admin\Desktop\Bonzify.exe
"C:\Users\Admin\Desktop\Bonzify.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\GAC_MSIL\WsatConfig\3.0.0.0__b03f5f7f11d50a3a\WsatConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\5f1a06c0108b2c81cde1dc491d74043d\ComSvcConfig.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\dfsvc\2c3e7fda8de40e45e7f5e004094dc7c9\dfsvc.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe"
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\c899de3549784161aa66610d5735e4f0\ehExtHost32.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe"
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\MSBuild\af28543d9b3e7d9f110448ecce53cd72\MSBuild.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe"
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\Narrator\0bae62c3fc6c327ed24989263988173d\Narrator.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\b3ade8d5c0d4bb5d4940bcafd3453642\PresentationFontCache.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\1bc1ee3c3aa45d28dcf4657bceb2fcb4\SMSvcHost.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\96a8bdafba9f9d3e33cd974bfaa67e58\WsatConfig.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\ComSvcConfig\d632b7434f821829827657e23ac98589\ComSvcConfig.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\dfsvc\9bc0d921859b039d6e9f642148333949\dfsvc.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\ad37b6e3a1cb1081592f1c5797ae9dad\ehExtHost.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\LoadMxf\d09b54cd68bc772b3be3832926e940d4\LoadMxf.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\mcupdate\f30beba36940b5a2b55a32ea7f42d694\mcupdate.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\MSBuild\1a154709cdfe214029ea88c51ab2b579\MSBuild.ni.exe" /grant "everyone":(f)
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\Narrator\4cc02fad33053737088d4c18267ca0a0\Narrator.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFontCac#\0246845f487e5f33d3564eff578665a3\PresentationFontCache.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\SMSvcHost\04d794428d635f6a82ac57dd3d6f3628\SMSvcHost.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v2.0.50727_64\WsatConfig\36ca2928b2191011831ab673861c6ac6\WsatConfig.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ComSvcConfig.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ComSvcConfig.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\2bd538d545e15452202ef3b41080e2ce\ComSvcConfig.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\261c09179eae03d67c9b6f3e70b603bd\dfsvc.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\261c09179eae03d67c9b6f3e70b603bd\dfsvc.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\dfsvc\261c09179eae03d67c9b6f3e70b603bd\dfsvc.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\df459c0a2762c33e0699703f186b1751\Microsoft.Workflow.Compiler.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\df459c0a2762c33e0699703f186b1751\Microsoft.Workflow.Compiler.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W71daf281#\df459c0a2762c33e0699703f186b1751\Microsoft.Workflow.Compiler.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b93c627ec2e15c2675bcc81edafb10be\MSBuild.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b93c627ec2e15c2675bcc81edafb10be\MSBuild.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b93c627ec2e15c2675bcc81edafb10be\MSBuild.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\e88db1688b08fbb889b0b9d4b1a51493\SMSvcHost.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\e88db1688b08fbb889b0b9d4b1a51493\SMSvcHost.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\e88db1688b08fbb889b0b9d4b1a51493\SMSvcHost.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\537950d9c71af966e1d8c9deb550f842\WsatConfig.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\537950d9c71af966e1d8c9deb550f842\WsatConfig.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\537950d9c71af966e1d8c9deb550f842\WsatConfig.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\9a69a26417a09c2d9d7f67bf7592bd74\ComSvcConfig.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\9a69a26417a09c2d9d7f67bf7592bd74\ComSvcConfig.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\ComSvcConfig\9a69a26417a09c2d9d7f67bf7592bd74\ComSvcConfig.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\bb4a1994db088e84b9d383271b082250\dfsvc.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\bb4a1994db088e84b9d383271b082250\dfsvc.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\dfsvc\bb4a1994db088e84b9d383271b082250\dfsvc.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\5ada68cfa2258a2d4e3c3779106faf9b\Microsoft.Workflow.Compiler.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\5ada68cfa2258a2d4e3c3779106faf9b\Microsoft.Workflow.Compiler.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.W71daf281#\5ada68cfa2258a2d4e3c3779106faf9b\Microsoft.Workflow.Compiler.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\f4a88265ac4ad47978daef8c5482fd30\MSBuild.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\f4a88265ac4ad47978daef8c5482fd30\MSBuild.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\MSBuild\f4a88265ac4ad47978daef8c5482fd30\MSBuild.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\0b4d4e172e8054cb61d27f5ab9e0e445\SMSvcHost.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\0b4d4e172e8054cb61d27f5ab9e0e445\SMSvcHost.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\0b4d4e172e8054cb61d27f5ab9e0e445\SMSvcHost.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\9683999d889dc0b8782c782e2fc1aee5\WsatConfig.ni.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\9683999d889dc0b8782c782e2fc1aee5\WsatConfig.ni.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\assembly\NativeImages_v4.0.30319_64\WsatConfig\9683999d889dc0b8782c782e2fc1aee5\WsatConfig.ni.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\bfsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\bfsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\bfsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Boot\PCAT\memtest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Boot\PCAT\memtest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Boot\PCAT\memtest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\CreateDisc\SBEServer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\CreateDisc\SBEServer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\CreateDisc\SBEServer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehexthost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehexthost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehexthost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehmsas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehmsas.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehmsas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehprivjob.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehprivjob.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehprivjob.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehrec.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehrec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehrec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehrecvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehrecvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehrecvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehsched.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehsched.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehsched.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehshell.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehshell.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehshell.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehtray.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehtray.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehtray.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\ehvid.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\ehvid.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\ehvid.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\loadmxf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\loadmxf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\loadmxf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\mcGlidHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\mcGlidHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\mcGlidHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\McrMgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\McrMgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\McrMgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\mcspad.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\mcspad.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\mcspad.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\mcupdate.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\mcupdate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\mcupdate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\Mcx2Prov.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\Mcx2Prov.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\Mcx2Prov.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\McxTask.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\McxTask.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\McxTask.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\MediaCenterWebLauncher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\MediaCenterWebLauncher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\MediaCenterWebLauncher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\RegisterMCEApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\RegisterMCEApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\RegisterMCEApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\wow\ehexthost32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\wow\ehexthost32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\wow\ehexthost32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ehome\WTVConverter.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\ehome\WTVConverter.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\ehome\WTVConverter.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\explorer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\fveupdate.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\fveupdate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\fveupdate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\HelpPane.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\HelpPane.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\HelpPane.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\hh.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\hh.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\hh.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe" /grant "everyone":(f)
C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
"C:\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE"
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{90140000-006E-0409-0000-0000000FF1CE}\misc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInProcess32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\AddInUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\csc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\EdmGen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\MSBuild.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v3.5\WFServicesReg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\AppLaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regbrowsers.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_regsql.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Ldr64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ngen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegSvcs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ComSvcConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMConfigInstaller.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\WsatConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\XamlViewer\XamlViewer_v0300.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInProcess32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\AddInUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\csc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\DataSvcUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\EdmGen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\MSBuild.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v3.5\WFServicesReg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regbrowsers.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regsql.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ComSvcConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\DataSvcUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\EdmGen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\Setup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\Setup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\Setup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\SetupUtility.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WsatConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\NETFXRepair.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Microsoft.NET\NETFXRepair.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Microsoft.NET\NETFXRepair.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\msagent\AgentSvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\msagent\AgentSvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\msagent\AgentSvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\notepad.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\notepad.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\notepad.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\regedit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\regedit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\regedit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\GC64\tzupd.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\GC64\tzupd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\GC64\tzupd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\servicing\TrustedInstaller.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\servicing\TrustedInstaller.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\servicing\TrustedInstaller.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Speech\Common\sapisvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\Speech\Common\sapisvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\Speech\Common\sapisvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\splwow64.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\AdapterTroubleshooter.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\AdapterTroubleshooter.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\AdapterTroubleshooter.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ARP.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ARP.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ARP.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\at.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\at.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\at.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\AtBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\AtBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\AtBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\attrib.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\attrib.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\attrib.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\auditpol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\auditpol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\auditpol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\autochk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\autochk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\autochk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\autoconv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\autoconv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\autoconv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\autofmt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\autofmt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\autofmt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\bitsadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\bitsadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\bitsadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\bootcfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\bootcfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\bootcfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\bthudtask.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\bthudtask.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\bthudtask.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cacls.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cacls.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cacls.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\calc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\CertEnrollCtrl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\CertEnrollCtrl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\CertEnrollCtrl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\certreq.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\certreq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\certreq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\certutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\certutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\certutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\charmap.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\charmap.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\charmap.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\chkdsk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\chkdsk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\chkdsk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\chkntfs.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\chkntfs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\chkntfs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\choice.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\choice.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\choice.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cipher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cipher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cipher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cleanmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cleanmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cleanmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cliconfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cliconfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cliconfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\clip.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\clip.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\clip.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmdkey.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmdkey.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmdkey.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmdl32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmdl32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmdl32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmmon32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmmon32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmmon32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cmstp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\colorcpl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\colorcpl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\colorcpl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\com\comrepl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\com\comrepl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\com\comrepl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\com\MigRegDB.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1129964966189833787144038674126514774619881172251621712906-433896764-1757282414"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\com\MigRegDB.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\com\MigRegDB.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\comp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\comp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\comp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\compact.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\compact.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\compact.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ComputerDefaults.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ComputerDefaults.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ComputerDefaults.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\control.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\convert.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\convert.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\convert.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\credwiz.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1781932378-1766328095-532771661-10708243636610611391606137928-648178787-912705441"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\credwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\credwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ctfmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ctfmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ctfmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cttune.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cttune.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cttune.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\cttunesvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\cttunesvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\cttunesvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dccw.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1133427642-673777740397756849-17882039517769876371295412466965003397-177872429"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dccw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dccw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dcomcnfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dcomcnfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dcomcnfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\ddodiag.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "256710130-1705162402-2951070633061003451863202341-1398341669-1707678573-1966991597"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\ddodiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\ddodiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DevicePairingWizard.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DevicePairingWizard.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DevicePairingWizard.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DeviceProperties.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DeviceProperties.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DeviceProperties.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dfrgui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dfrgui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dfrgui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dialer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dialer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dialer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diantz.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "260761619-1357678329-4016496183635818411500310561-1852795486-996265461834913524"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\diantz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\diantz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskpart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\diskpart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\diskpart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskperf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\diskperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\diskperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\diskraid.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1929571302-8116319221185742595960466495-20083367211976054103-1329848024-124215138"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\diskraid.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\diskraid.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Dism\DismHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Dism\DismHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Dism\DismHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\Dism.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "517170059638385239-2102462785-728983640-2413061241320130617-1225651140606568306"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\Dism.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\Dism.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DisplaySwitch.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DisplaySwitch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DisplaySwitch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dllhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dllhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dllhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dllhst3g.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dllhst3g.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dllhst3g.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dnscacheugc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dnscacheugc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dnscacheugc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\doskey.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "193192629227661306-92496568419594957141958258861385175989-1844141876-401080173"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\doskey.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\doskey.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dpapimig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dpapimig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dpapimig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DpiScaling.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DpiScaling.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DpiScaling.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dplaysvr.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-59727792617255525651801297489-16985016352036510586-1447823601-452860981-1947197612"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dplaysvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dplaysvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\dpnsvr.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1920396353890976458-1062280222-5949874892078014483-1072173438653809126-1745036594"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\dpnsvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\dpnsvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\driverquery.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "469487295594041979-267390071-21160013081708137941758986125-563356732-328941176"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\driverquery.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\driverquery.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1279795146-550034502586952945442256614291757257-3793915198873548741907868723"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DriverStore\FileRepository\brmfcmf.inf_amd64_neutral_67b5984f8e8ff717\BrmfRsmg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-497418409208167589921701655-19342664-1924003363-13864562242088457022318578101"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DriverStore\FileRepository\brmfcwia.inf_amd64_neutral_817b8835aed3d6b7\BrmfRsmg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_e54666f6a3e5af91\fsquirt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\ditrace.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DriverStore\FileRepository\divacx64.inf_amd64_neutral_fa0f82f024789743\xlog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe" /grant "everyone":(f)
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49201 | tcp | |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| DE | 85.10.211.177:80 | bonzi.link | tcp |
| DE | 85.10.211.177:80 | bonzi.link | tcp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| DE | 85.10.211.177:80 | bonzi.link | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| DE | 85.10.211.177:80 | bonzi.link | tcp |
| DE | 85.10.211.177:80 | bonzi.link | tcp |
| DE | 85.10.211.177:80 | bonzi.link | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| NL | 142.251.39.98:80 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | d36ee2fcip1434.cloudfront.net | udp |
| N/A | 127.0.0.1:49207 | tcp | |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.179.174:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | www3.l.google.com | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| NL | 142.251.36.3:80 | fonts.gstatic.com | tcp |
| NL | 142.251.36.3:80 | fonts.gstatic.com | tcp |
| NL | 142.251.36.3:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| GB | 184.25.192.150:443 | support.microsoft.com | tcp |
| GB | 184.25.192.150:443 | support.microsoft.com | tcp |
| GB | 184.25.192.150:443 | support.microsoft.com | tcp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.174:443 | www3.l.google.com | tcp |
| NL | 142.250.179.174:443 | www3.l.google.com | tcp |
| NL | 142.250.179.174:443 | www3.l.google.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| NL | 142.251.36.42:80 | fonts.googleapis.com | tcp |
| NL | 142.251.36.42:80 | fonts.googleapis.com | tcp |
| NL | 142.251.39.102:443 | s0.2mdn.net | tcp |
| NL | 172.217.23.194:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.102:443 | s0.2mdn.net | tcp |
| NL | 172.217.23.194:443 | googleads4.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.39.102:443 | s0.2mdn.net | udp |
| NL | 172.217.23.194:443 | googleads4.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| DE | 85.10.211.177:443 | bonzi.link | tcp |
| US | 8.8.8.8:53 | bonzi.link | udp |
| DE | 85.10.211.177:443 | bonzi.link | udp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| GB | 184.25.192.150:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| GB | 184.25.193.234:443 | e13678.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 13.107.253.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.fb-t-msedge.net | udp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.23:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.23:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdwus16.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus16.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus16.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 8.8.8.8:53 | iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | iris-de-prod-azsc-v2-weu-b.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus16.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | support.content.office.net | udp |
| IT | 2.21.52.76:443 | support.content.office.net | tcp |
| US | 8.8.8.8:53 | e12627.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e12627.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus14.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus14.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus14.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus14.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdfrc00.francecentral.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdfrc00.francecentral.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus17.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus17.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdgwc02.germanywestcentral.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdgwc02.germanywestcentral.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus01.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus01.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus20.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus20.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 2.18.27.82:443 | e86303.dscx.akamaiedge.net | udp |
| GB | 2.18.27.82:443 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 2.18.27.82:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 2.18.27.82:443 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | tcp |
| GB | 2.18.27.82:443 | th.bing.com | udp |
| NL | 40.126.32.140:443 | www.tm.v4.a.prd.aadg.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | ts1.mm.bing.net | udp |
| US | 8.8.8.8:53 | ts3.mm.bing.net | udp |
| US | 8.8.8.8:53 | ts4.mm.bing.net | udp |
| US | 8.8.8.8:53 | ts2.mm.bing.net | udp |
| US | 150.171.27.10:80 | ts2.mm.bing.net | tcp |
| US | 150.171.27.10:80 | ts2.mm.bing.net | tcp |
| US | 150.171.27.10:80 | ts2.mm.bing.net | tcp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.28.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.28.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.28.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.28.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.28.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 150.171.28.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 150.171.27.10:80 | ax-0001.ax-msedge.net | tcp |
| US | 8.8.8.8:53 | testfamilysafety.bing.com | udp |
| US | 8.8.8.8:53 | wallup.net | udp |
| US | 204.79.197.201:443 | testfamilysafety.bing.com | tcp |
| US | 8.8.8.8:53 | explicit.any.edge.bing.com | udp |
| DE | 144.76.39.8:443 | wallup.net | tcp |
| US | 8.8.8.8:53 | wallup.net | udp |
| US | 8.8.8.8:53 | explicit.any.edge.bing.com | udp |
| US | 8.8.8.8:53 | wallup.net | udp |
| US | 8.8.8.8:53 | wallpapercave.com | udp |
| US | 104.22.53.71:443 | wallpapercave.com | tcp |
| US | 8.8.8.8:53 | wallpapercave.com | udp |
| US | 8.8.8.8:53 | wallpapercave.com | udp |
| US | 104.22.53.71:443 | wallpapercave.com | udp |
| US | 8.8.8.8:53 | tse2.mm.bing.net | udp |
| US | 104.18.33.89:443 | www.bing.com.cdn.cloudflare.net | tcp |
| US | 150.171.28.10:443 | tse2.mm.bing.net | tcp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | secure.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| N/A | 127.0.0.1:52856 | tcp | |
| N/A | 127.0.0.1:52860 | tcp | |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 104.27.202.89:80 | steamunlocked.net | tcp |
| US | 104.27.202.89:80 | steamunlocked.net | tcp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 104.27.202.89:80 | steamunlocked.net | tcp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 104.27.201.89:443 | steamunlocked.net | tcp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 104.27.201.89:443 | steamunlocked.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | steamunlocked.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | uploadhaven.com | udp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 8.8.8.8:53 | uploadhaven.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | uploadhaven.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | signamentswithded.com | udp |
| US | 8.8.8.8:53 | atethebenefitsshe.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| GB | 18.239.236.13:443 | signamentswithded.com | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 172.67.202.198:443 | atethebenefitsshe.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | signamentswithded.com | udp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | signamentswithded.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | udp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | atethebenefitsshe.com | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | d3nz96k4xfpkvu.cloudfront.net | udp |
| US | 172.67.202.198:443 | atethebenefitsshe.com | udp |
| US | 8.8.8.8:53 | atethebenefitsshe.com | udp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| FR | 108.159.117.197:443 | d3nz96k4xfpkvu.cloudfront.net | tcp |
| US | 8.8.8.8:53 | d3nz96k4xfpkvu.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3nz96k4xfpkvu.cloudfront.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| IT | 157.240.231.35:443 | star-mini.c10r.facebook.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 8.8.8.8:53 | uploadhaven.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 8.8.8.8:53 | uploadhaven.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| IT | 157.240.231.35:443 | star-mini.c10r.facebook.com | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 103.224.212.215:443 | jecromaha.info | tcp |
| US | 8.8.8.8:53 | jecromaha.info | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | loaksandtheir.info | udp |
| GB | 54.192.137.68:443 | loaksandtheir.info | tcp |
| US | 8.8.8.8:53 | loaksandtheir.info | udp |
| US | 8.8.8.8:53 | loaksandtheir.info | udp |
| US | 8.8.8.8:53 | retronewtab.com | udp |
| US | 134.209.43.73:443 | retronewtab.com | tcp |
| US | 8.8.8.8:53 | retronewtab.com | udp |
| US | 8.8.8.8:53 | retronewtab.com | udp |
| US | 8.8.8.8:53 | retronewtab.com | udp |
| US | 134.209.43.73:80 | retronewtab.com | tcp |
| US | 8.8.8.8:53 | retronewtab.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | cdn-4.convertexperiments.com | udp |
| GB | 2.19.252.211:443 | use.typekit.net | tcp |
| US | 8.8.8.8:53 | a1988.dscg1.akamai.net | udp |
| GB | 23.59.65.108:443 | cdn-4.convertexperiments.com | tcp |
| US | 8.8.8.8:53 | e5289.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e5289.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| GB | 2.19.252.218:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | a1874.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | a1874.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 8.8.8.8:53 | dev.retronewtab.com | udp |
| GB | 2.19.252.211:443 | a1988.dscg1.akamai.net | tcp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 8.8.8.8:53 | rpt.retronewtab.com | udp |
| US | 134.209.43.73:443 | rpt.retronewtab.com | tcp |
| US | 8.8.8.8:53 | rpt.retronewtab.com | udp |
| US | 134.209.43.73:443 | rpt.retronewtab.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 35.186.235.23:443 | cdn.mxpnl.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | rpt.retronewtab.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 35.186.235.23:443 | cdn.mxpnl.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| NL | 142.250.102.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| EG | 108.159.102.29:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 35.190.25.25:443 | api-js.mixpanel.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| EG | 108.159.102.45:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 134.209.43.73:443 | www.retronewtab.com | tcp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 8.8.8.8:53 | cdn-4.convertexperiments.com | udp |
| US | 8.8.8.8:53 | e5289.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e5289.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 8.8.8.8:53 | www.pixelhere.com | udp |
| US | 8.8.8.8:53 | realiukzemydr.info | udp |
| US | 8.8.8.8:53 | ad.propellerads.com | udp |
| US | 8.8.8.8:53 | eu.rollerads.com | udp |
| US | 8.8.8.8:53 | tracking.utlservice.com | udp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 172.67.200.44:443 | www.pixelhere.com | tcp |
| US | 8.8.8.8:53 | www.pixelhere.com | udp |
| US | 104.21.44.154:443 | realiukzemydr.info | tcp |
| DE | 136.243.249.75:443 | eu.rollerads.com | tcp |
| NL | 34.91.218.141:443 | tracking.utlservice.com | tcp |
| US | 8.8.8.8:53 | ad.propellerads.com | udp |
| US | 8.8.8.8:53 | realiukzemydr.info | udp |
| US | 8.8.8.8:53 | www.pixelhere.com | udp |
| US | 8.8.8.8:53 | ad.propellerads.com | udp |
| US | 8.8.8.8:53 | realiukzemydr.info | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | eu.1push.io | udp |
| US | 8.8.8.8:53 | somoto.g2afse.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | eu.1push.io | udp |
| US | 8.8.8.8:53 | somoto.g2afse.com | udp |
| US | 172.67.200.44:443 | www.pixelhere.com | udp |
| US | 104.21.44.154:443 | realiukzemydr.info | udp |
| US | 8.8.8.8:53 | lottie.host | udp |
| US | 172.64.154.50:443 | lottie.host | tcp |
| US | 8.8.8.8:53 | lottie.host | udp |
| US | 8.8.8.8:53 | lottie.host | udp |
| NL | 139.45.195.6:443 | ad.propellerads.com | tcp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 172.67.202.198:443 | atethebenefitsshe.com | udp |
| US | 8.8.8.8:53 | ad.propellerads.com | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | cdn-4.convertexperiments.com | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 35.186.235.23:443 | cdn.mxpnl.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 139.45.195.6:80 | ad.propellerads.com | tcp |
| US | 8.8.8.8:53 | a1988.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | e5289.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1874.dscg1.akamai.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | e5289.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1988.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | a1874.dscg1.akamai.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ad.propellerads.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | api-js.mixpanel.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 169.197.82.18:443 | uploadhaven.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | download165.uploadhaven.com | udp |
| US | 8.8.8.8:53 | download165.uploadhaven.com | udp |
| US | 169.197.82.22:443 | download165.uploadhaven.com | tcp |
| US | 8.8.8.8:53 | download165.uploadhaven.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | steampowered.com | udp |
| GB | 104.83.1.150:80 | steampowered.com | tcp |
| GB | 104.83.1.150:80 | steampowered.com | tcp |
| US | 8.8.8.8:53 | steampowered.com | udp |
| US | 8.8.8.8:53 | steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | a1949.dscb.akamai.net | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | a1949.dscb.akamai.net | udp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.130:443 | a1949.dscb.akamai.net | tcp |
| GB | 173.222.211.130:443 | a1949.dscb.akamai.net | tcp |
| GB | 173.222.211.130:443 | a1949.dscb.akamai.net | tcp |
| GB | 173.222.211.130:443 | a1949.dscb.akamai.net | tcp |
| GB | 173.222.211.130:443 | a1949.dscb.akamai.net | tcp |
| GB | 173.222.211.130:443 | a1949.dscb.akamai.net | tcp |
| GB | 173.222.211.113:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.113:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.113:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.113:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.105:443 | store.akamai.steamstatic.com | tcp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| GB | 173.222.211.113:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.113:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | dlscord.com | udp |
| US | 15.197.148.33:80 | dlscord.com | tcp |
| US | 15.197.148.33:80 | dlscord.com | tcp |
| US | 8.8.8.8:53 | dlscord.com | udp |
| US | 8.8.8.8:53 | dlscord.com | udp |
| US | 8.8.8.8:53 | dlscord.com | udp |
| US | 15.197.148.33:443 | dlscord.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 2.18.27.70:443 | img1.wsimg.com | tcp |
| GB | 2.18.27.70:443 | img1.wsimg.com | tcp |
| US | 8.8.8.8:53 | e40258.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | e40258.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | api.aws.parking.godaddy.com | udp |
| US | 52.22.43.124:443 | api.aws.parking.godaddy.com | tcp |
| US | 52.22.43.124:443 | api.aws.parking.godaddy.com | tcp |
| US | 8.8.8.8:53 | gddomainparking.com | udp |
| US | 8.8.8.8:53 | gddomainparking.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | consent.truste.com | udp |
| IE | 108.159.120.120:443 | consent.truste.com | tcp |
| US | 8.8.8.8:53 | consent.truste.com | udp |
| EG | 108.159.120.94:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | consent.truste.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| IE | 108.159.120.125:443 | consent.trustarc.com | tcp |
| IE | 108.159.120.125:443 | consent.trustarc.com | tcp |
| IE | 108.159.120.125:443 | consent.trustarc.com | tcp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | dlscord.net | udp |
| US | 8.8.8.8:53 | www.dlscord.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | dlscord.be | udp |
| US | 8.8.8.8:53 | www.dlscord.be | udp |
| US | 8.8.8.8:53 | discord.be | udp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | discord.be | udp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | discord.be | udp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | www.domainorder.com | udp |
| US | 8.8.8.8:53 | www.domainorder.com | udp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | www.domainorder.com | udp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| NL | 216.58.208.98:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| NL | 216.58.208.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 172.217.168.195:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| US | 8.8.8.8:53 | sold.domainorder.nl | udp |
| US | 8.8.8.8:53 | sold.domainorder.nl | udp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| US | 8.8.8.8:53 | sold.domainorder.nl | udp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| NL | 213.132.197.230:80 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:80 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:80 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:80 | www.domainorder.nl | tcp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 8.8.8.8:53 | www.retronewtab.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| NL | 213.132.197.230:443 | www.domainorder.nl | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 13.248.169.48:80 | peepee.com | tcp |
| US | 13.248.169.48:80 | peepee.com | tcp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 13.248.169.48:443 | peepee.com | tcp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | www.afternic.com | udp |
| US | 8.8.8.8:53 | e126871.dsca.akamaiedge.net | udp |
| GB | 2.16.167.123:443 | e126871.dsca.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | service.force.com | udp |
| US | 8.8.8.8:53 | img6.wsimg.com | udp |
| FR | 85.222.146.190:443 | service.force.com | tcp |
| US | 8.8.8.8:53 | location.l.force.com | udp |
| US | 8.8.8.8:53 | location.l.force.com | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | e40258.g.akamaiedge.net | udp |
| GB | 2.16.167.107:443 | e40258.g.akamaiedge.net | tcp |
| GB | 2.16.167.107:443 | e40258.g.akamaiedge.net | tcp |
| GB | 2.16.167.107:443 | e40258.g.akamaiedge.net | tcp |
| GB | 2.16.167.107:443 | e40258.g.akamaiedge.net | tcp |
| GB | 2.16.167.107:443 | e40258.g.akamaiedge.net | tcp |
| GB | 2.16.167.107:443 | e40258.g.akamaiedge.net | tcp |
| GB | 2.16.167.107:443 | e40258.g.akamaiedge.net | tcp |
| GB | 2.16.167.107:443 | e40258.g.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e126871.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | tcp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| NL | 142.250.179.174:443 | redirector.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5---sn-4g5lzney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5lzney.gvt1.com | udp |
| DE | 74.125.163.138:443 | r5.sn-4g5lzney.gvt1.com | udp |
| US | 8.8.8.8:53 | ds-aksb-a.akamaihd.net | udp |
| GB | 2.18.190.72:443 | ds-aksb-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | a1910.dscq.akamai.net | udp |
| US | 8.8.8.8:53 | a1910.dscq.akamai.net | udp |
| US | 8.8.8.8:53 | gui.secureserver.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| GB | 104.103.200.146:443 | gui.secureserver.net | tcp |
| US | 8.8.8.8:53 | e8843.dscx.akamaiedge.net | udp |
| GB | 2.16.167.107:443 | img1.wsimg.com | tcp |
| US | 8.8.8.8:53 | e8843.dscx.akamaiedge.net | udp |
| NL | 142.250.179.163:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| NL | 142.250.179.163:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | events.api.secureserver.net | udp |
| US | 8.8.8.8:53 | csp.secureserver.net | udp |
| GB | 104.103.200.146:443 | csp.secureserver.net | tcp |
| GB | 104.103.200.146:443 | csp.secureserver.net | tcp |
| GB | 104.103.200.146:443 | csp.secureserver.net | tcp |
| US | 8.8.8.8:53 | e8843.dsca.akamaiedge.net | udp |
| GB | 2.16.167.130:443 | events.api.secureserver.net | tcp |
| GB | 2.16.167.130:443 | events.api.secureserver.net | tcp |
| GB | 2.16.167.130:443 | events.api.secureserver.net | tcp |
| US | 8.8.8.8:53 | e64861.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e64861.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e8843.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | peepeepoopoo.com | udp |
| US | 162.241.253.204:80 | peepeepoopoo.com | tcp |
| US | 162.241.253.204:80 | peepeepoopoo.com | tcp |
| US | 8.8.8.8:53 | peepeepoopoo.com | udp |
| US | 8.8.8.8:53 | peepeepoopoo.com | udp |
| US | 8.8.8.8:53 | peepeepoopoo.com | udp |
| US | 162.241.253.204:443 | peepeepoopoo.com | tcp |
| US | 8.8.8.8:53 | peepeepoopoo.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 13.248.169.48:80 | peepee.com | tcp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 13.248.169.48:443 | peepee.com | tcp |
| US | 8.8.8.8:53 | peepee.com | udp |
| US | 8.8.8.8:53 | www.afternic.com | udp |
| GB | 2.16.167.91:443 | www.afternic.com | tcp |
| US | 8.8.8.8:53 | e126871.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e126871.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | img6.wsimg.com | udp |
| FR | 85.222.146.190:443 | service.force.com | tcp |
| GB | 2.16.167.121:443 | img6.wsimg.com | tcp |
| GB | 2.16.167.121:443 | img6.wsimg.com | tcp |
| GB | 2.16.167.121:443 | img6.wsimg.com | tcp |
| GB | 2.16.167.121:443 | img6.wsimg.com | tcp |
| GB | 2.16.167.121:443 | img6.wsimg.com | tcp |
| GB | 2.16.167.121:443 | img6.wsimg.com | tcp |
| US | 8.8.8.8:53 | e40258.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ds-aksb-a.akamaihd.net | udp |
| GB | 2.18.190.72:443 | ds-aksb-a.akamaihd.net | tcp |
| US | 8.8.8.8:53 | gui.secureserver.net | udp |
| US | 8.8.8.8:53 | a1910.dscq.akamai.net | udp |
| GB | 104.103.200.146:443 | gui.secureserver.net | tcp |
| US | 8.8.8.8:53 | e8843.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| US | 8.8.8.8:53 | e8843.dscx.akamaiedge.net | udp |
| NL | 142.250.179.163:443 | recaptcha.net | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| NL | 142.250.179.163:443 | recaptcha.net | udp |
| US | 8.8.8.8:53 | discord.be | udp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | discord.be | udp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | discord.be | udp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | www.domainorder.com | udp |
| US | 8.8.8.8:53 | discord.be | udp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| US | 8.8.8.8:53 | www.domainorder.com | udp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.232:443 | www.domainorder.com | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | discord.be | udp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| NL | 213.132.197.99:80 | discord.be | tcp |
| US | 8.8.8.8:53 | discord.be | udp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| US | 8.8.8.8:53 | sold.domainorder.nl | udp |
| US | 8.8.8.8:53 | sold.domainorder.nl | udp |
| US | 8.8.8.8:53 | www.domainorder.nl | udp |
| US | 8.8.8.8:53 | dlscord.com | udp |
| US | 15.197.148.33:80 | dlscord.com | tcp |
| US | 8.8.8.8:53 | dlscord.com | udp |
| US | 15.197.148.33:80 | dlscord.com | tcp |
| US | 8.8.8.8:53 | dlscord.com | udp |
| US | 8.8.8.8:53 | dlscord.com | udp |
| US | 15.197.148.33:443 | dlscord.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img1.wsimg.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| GB | 2.16.167.128:443 | img1.wsimg.com | tcp |
| GB | 2.16.167.128:443 | img1.wsimg.com | tcp |
| US | 8.8.8.8:53 | suggesting.retronewtab.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 134.209.43.73:443 | suggesting.retronewtab.com | tcp |
| US | 8.8.8.8:53 | suggesting.retronewtab.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | suggesting.retronewtab.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | shared.akamai.steamstatic.com | udp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | a1949.dscb.akamai.net | udp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.115:443 | cdn.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.104:443 | shared.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| GB | 173.222.211.121:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| GB | 184.26.57.136:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 184.28.176.40:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 184.28.176.40:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 184.28.176.40:443 | e86303.dscx.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ts4.mm.bing.net | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| GB | 184.28.176.104:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| GB | 184.28.176.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| GB | 184.28.176.10:443 | th.bing.com | udp |
| GB | 184.28.176.104:443 | th.bing.com | udp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| GB | 184.28.176.10:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | www.bing.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| GB | 184.25.192.150:443 | support.microsoft.com | tcp |
| GB | 184.25.192.150:443 | support.microsoft.com | tcp |
| GB | 184.25.192.150:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.bing.com | udp |
| N/A | 127.0.0.1:57360 | tcp | |
| N/A | 127.0.0.1:57364 | tcp | |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e11290.dspg.akamaiedge.net | udp |
| GB | 184.25.192.150:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | e3843.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| GB | 184.25.193.234:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.fb-t-msedge.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| GB | 184.25.193.234:443 | e13678.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | support.content.office.net | udp |
| NL | 23.51.76.237:443 | support.content.office.net | tcp |
| US | 8.8.8.8:53 | e12627.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| NL | 20.190.160.17:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 13.107.253.64:443 | s-part-0036.t-0009.fb-t-msedge.net | tcp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 13.107.253.64:443 | s-part-0036.t-0009.fb-t-msedge.net | tcp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| AU | 40.79.167.8:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdaue02.australiaeast.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdaue02.australiaeast.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | iris-de-prod-azsc-v2-weu.westeurope.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdcus00.centralus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus10.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus10.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | redir.metaservices.microsoft.com | udp |
| GB | 173.222.211.58:80 | redir.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | onlinestores.metaservices.microsoft.com | udp |
| GB | 2.18.190.80:80 | onlinestores.metaservices.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | opensea.io | udp |
| US | 104.18.20.168:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.80:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 104.18.20.168:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 104.18.20.168:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 104.18.20.168:443 | opensea.io | tcp |
| US | 8.8.8.8:53 | www.bonzi.com | udp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 54.241.97.167:80 | www.bonzi.com | tcp |
| US | 104.18.20.168:443 | opensea.io | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| US | 104.18.20.168:443 | opensea.io | tcp |
| US | 52.52.122.181:80 | www.bonzi.com | tcp |
| N/A | 127.0.0.1:58283 | tcp | |
| N/A | 127.0.0.1:58287 | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
| MD5 | a1d8b895585306af9618c2d6c41757b1 |
| SHA1 | d883213b781bbb6cdfbcfb2fb5cfc2861102b8f1 |
| SHA256 | 30036dbce5ca9a6478c2fe91c3f18ae756d0a35a6b917ee0bbf3fd32dd42dba0 |
| SHA512 | cb6d79c0b63bddd011c8dcbcaa596299252ee0be2cff6d3295f72ac6ac2520185918ad6ee1402621d5d9bdf58169a7f3ded24220e337031812f76dfee438fd66 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\da1eaa42-9f5f-4ae2-8002-969e2038211d
| MD5 | 19cbb128348cf606378ea4fa97a59aa3 |
| SHA1 | 13b9c9e42a44c68285d03094772844b3d4a05685 |
| SHA256 | c1f57bb2ef35a948630fe5e73d5c2f106f3e9d68d7c6d52bcee6ace598631821 |
| SHA512 | 08561b4346b22655f7b8b6a67738ad22b5869e3b7dabd4680f684195d48e672d2ac2dfcf4bdc75e893337ce409742b3c33f87db6f1bbc7b7678d6fe3c8a467b6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\84316188-1d0d-42a0-a1b3-3d8fa8ff2d9f
| MD5 | 59a630db8422d80083c603d25439f331 |
| SHA1 | fa893a68b379daa13591ddfe40fab56078d64e81 |
| SHA256 | 248d1ed7c36ff6c1f2075b7a19d35ac853dbbc78c380895cfcc642ad8c10a2ff |
| SHA512 | e0e432cc982749610216bd0109eb4d1a080dc40cd0ff22ab646e25b255f53163cb74bc744c15e91ed1b93a9ff7396422dfd217f477e52cba656e4afa71ca928c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | bb1d1d7fba6951cf60becf5c909f4996 |
| SHA1 | 6b6a38d811d1d16296f066a6e99ee0b0bcaa2d88 |
| SHA256 | 653c72f7b404fd49a331e476e0f7986dbdb5f9367582e523e0f4f8bde23df308 |
| SHA512 | 2f897ea0ce144bd83cfcadec4c8ec46a008eb41b8f936187216e7433354a25530c58a6fc371275d23ef58786a60cfd0dfe5d8090e00956dd30a18b8a77f5f8b0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d2c6eae46281a10a5d8d3bdd0120c64c |
| SHA1 | 0be55041a2f217ce5c4909998606e5c2f337d658 |
| SHA256 | 7c9eeed7075960f828a446697684c25efe27a705d55dc9c98013be28ad3cb038 |
| SHA512 | 7d87e43e4122f5600757f7a72ac7d6fa42829f62f7da9077a4b171df75527487b6771b57248355cf23da5a1e68773b96b5f3f9a6bca5f10c14d64d587948fafe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs.js
| MD5 | 3f7726d66ec9a049c084eb6b85746d96 |
| SHA1 | 9fae68bf74b0f3dab36cb9c3f6ce100ffc23950d |
| SHA256 | 3c3e2b6e445839c4478fa139b8985b892a8f207c3e62fd037f149b988b33893f |
| SHA512 | 500ca0561e30e4936609ae24b183348ac94a3039e60ec0d993f724eaa86fc42d58424804639eddf5aeae052100caa823c47cd4bfa4651398948026c1e09bb41f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs.js
| MD5 | cc3f25cfd8568a82154b16587fc5b132 |
| SHA1 | 85f36927b3c54017b00b0bc7b301ec137bbe8ae6 |
| SHA256 | 03a6793c1656c9ecb6c6db42278fe2711db1c01e4540825ca9f83b5429d7c9e0 |
| SHA512 | 6286006fd90c493bc1d36504dc3724107675e5ac3edb413133e56a76ab1634c183267616c21a7e1cc8e76bb709976600c0786ea14b6857c75eb6a61cda8510f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8d7df9a6a061ddca3b181c986bcd8d79 |
| SHA1 | bf86e022d5ae00e39c7b260510bdd6ff9e1b67dd |
| SHA256 | 7718d83a0d2089af6152420e7158fa34676f02656ac70e4a8228bed734334109 |
| SHA512 | dd2afd62522e26ac3644735cac70b6ca75f280b059946e2186c953608569f3198604accfa41193165bf97c1119214e0df1b67633ba8b13f1000f1be8615b5631 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | 2a4affe7f34a4728f894463f1405c698 |
| SHA1 | 974bd12d72ea247948fba0c51d971c0763d5dc05 |
| SHA256 | 57f536c4495510423a513fef03604d0905004e80b66ef08bf520096e2f4d7b88 |
| SHA512 | 415c678a297cf1bbfe08f8ee1f4f79f09e92bf7d7dfef21240fb9d7a8880f73146072d9c08e25dd63fd77a61e618031afad149e5e2b1068ac0d7b3b7a904102e |
C:\Users\Admin\Desktop\DisableRead.js
| MD5 | 115a51b49553c1228eac134a0d08cc98 |
| SHA1 | 250fb89bdbf59c30dd964b3b801b8c7ef5fd05ae |
| SHA256 | 687ea586302ceb265f7e4d6b4b2f06f435964db546d0cb24980cbfa5f580dadc |
| SHA512 | 868d6d0e7090c4fb81b7793931a9825a808bd47f893853c45205ebca53d695217cec74204c1711273e7fd7e93c4701d07a82d4b881ee45eadbe49248dc95458c |
C:\Users\Admin\Desktop\OutEdit.jtx
| MD5 | e604551a3ab41769310e3d88751d241c |
| SHA1 | 92467efff23e74a232f7cd17438d53282f9a79ff |
| SHA256 | 98d63be90181e0f5c27d995d7fb970787f3aa6d1b6fb16aa7b6d0e7ae3c7a889 |
| SHA512 | 523544ed496201ef528787677b02c2aa0ffaf547876b1ae6b99fc70342825b406295f21e12d3f517a0c048fd011ac3dbb3afaad1ca3a4c0c54b73aa117fcd1a4 |
C:\Users\Admin\Desktop\MeasureRepair.xls
| MD5 | f759455ab1983311e8e9e2cdd045f564 |
| SHA1 | 56baa2d72e5257a01a51c2342fdc8ef69cdc3900 |
| SHA256 | db6aff6cb6acabd5a45f9cf507b540be1ee6d0469b4e3e2de86320c1de373516 |
| SHA512 | deaf1811acf2a3e1106da03c2f1b753b0ce31f06066fa33be80613ed6e579a21c77af8c1e2dfc9ac3b4c53e9e10424f44a62f5f84611d23c4c957b12bd296167 |
C:\Users\Admin\Desktop\ProtectBackup.dib
| MD5 | 62f02f52fced5ec691220d1ce258b707 |
| SHA1 | 67612de0dd4721f0056a712ccd022ab8a3cc8f0a |
| SHA256 | f44464997460f3c0fa0b24db6ea1e4cd6c0d9818f5f391474f1fa99e193d6b18 |
| SHA512 | 41ff6b94f3aaa1a46bbf5850e86192de41614c8fbfa7b6e1fd694934ca10545ca318440842b2079136307475c82133ab03423c7c6eed2720eabf1f6e5c3b639c |
C:\Users\Admin\Desktop\RenameRemove.3gpp
| MD5 | f3673907f349140b5747e8fb0793103d |
| SHA1 | 89cb22956004cba7c48cfa3f933cbcd20b0a27a8 |
| SHA256 | 137d2080b50fd45ad174e3cbaad6f7be0af63a69a05a01952c306641308fce10 |
| SHA512 | 694afacd190afa184df19701be56c1719e97ab5beae580b27f784c77329ed740138a421f8c7f3260e874ad4c37c59c8281b40d1f7cd978d4481b87e23d9d8cd3 |
C:\Users\Admin\Desktop\SearchUnregister.mp2v
| MD5 | 85dd1a97f56e39b9612ddb2c47a9ac30 |
| SHA1 | 6068c6a30eeab4d6ea333ee3cc3f52fd36c2a7aa |
| SHA256 | 80650a9dda26c6bbc37712b8ad4872231f81361592f3242522a8131ef2491ac4 |
| SHA512 | b9c5a779d55ed9e1b5b4832a67db537a35a8f38f0c3155ca22395f425c65c879dc4a277e9baea605008eaad8e1b41998ff9181cd193ff9536fa83d5aa298daf4 |
C:\Users\Admin\Desktop\RequestSubmit.docx
| MD5 | 98debf3f04b7af6fb99c2bf09af9ff73 |
| SHA1 | d34e3d128658fd6ac24e851e7d65caaada440238 |
| SHA256 | ba4d230f79582b2a3e64e1049a3694b36e0e1c9de77d9e5ecb782da5e4d7561f |
| SHA512 | 59cfe65c9009463ac2ca55aa83dc1b8ba7d0e2354d5583b5215ff11647969237f1341ae813bb7b20d340cc13ff52e041e5a643a955abe2977658e6c79bd556da |
C:\Users\Admin\Desktop\ApprovePublish.xlt
| MD5 | e16385000dd93c1f5e7c75b4a8edeea3 |
| SHA1 | aac82dd56470e9fab116eab2670a8d0c696d23e7 |
| SHA256 | 227527dd4292134aba9b445ff72f19790476e36f7ab112bbea0dd9f9bd96b80b |
| SHA512 | c8cdf75fa0886f6720121ebc006c17ebca1beb7eed762dabfb9ce39984c05a63a7c39e71376a281f94312d9f8ce4804ddb0a2f938c50c5384500b66350c3d1ec |
C:\Users\Admin\Desktop\ConvertRemove.vbe
| MD5 | 59c0991dfbe10539ef99ee3b6fc225ef |
| SHA1 | 75f7121e632778e912a35af06df33175f6b55a7e |
| SHA256 | 16f7be2b14ea9d2ae503b7660ac46c11c9d5b6b8d804d785b6df00e3177ae159 |
| SHA512 | 61cb91f911377b62914f041062e14464c28ad192bbbaed5ab8dc1920a55bbe5cef7338785f168892f2f9a00e59077428639c7aae27ee6062785d87667fb31a00 |
C:\Users\Admin\Desktop\CheckpointSplit.mov
| MD5 | df3669d9e0c8d6a697b79a8b8c173ac7 |
| SHA1 | a2714fdbcc4dbf8fa4e1630471ffee64ff475fce |
| SHA256 | 00eca1d75c97e11976a6e41e5a0c2a45839ce15d9a6dc96ecf8c873dabc58406 |
| SHA512 | a5e82e7721da653d7d4d1fcd1dd4c4ff5948f034936d86789bfe5c0cb55394ba835b186b16a63c23d298d7f0bd2e435e06fafaf9242b6acc01d4a4bd85acba06 |
C:\Users\Admin\Desktop\BackupStep.TTS
| MD5 | ccdd71ea56ced6f9ad854e227620dae3 |
| SHA1 | 11ccdd6038c937b4560915097c6f919d683ea35a |
| SHA256 | 980530ea7c937049381d2334389903a338095dc81db1b6a5864a453f1fc87c98 |
| SHA512 | a5d8e19a10b1b7bbd06e1323640f4dda085ffe9257f18b73331fde966e9af205b2effdeea9c20220f12eef5b980ab745b51a1cae521764ad4d4da906149ccc6c |
C:\Users\Admin\Desktop\AssertInvoke.wdp
| MD5 | 7ccb0dfc4f11541dbe86ee98f4e38bea |
| SHA1 | 5f93eee6c5138366c246cf2ede19e7d6138954b9 |
| SHA256 | 81621b751309dadd11124b63ea4e5f5cf02f8342c0ab924acbb1f5ca26552f4a |
| SHA512 | 617417e6af54ee9a84c7cf2f1a0f663dcfabe6a1c549e5843e4a3659ae756db3511c0aeece279dfe413ac7674ec6a78036f8e44a92a4bb535dd31f15886d5568 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 689fa6f6c7947af06af51af67597e137 |
| SHA1 | f46bea57602f343703ae7c4ab8f42f4e144916e0 |
| SHA256 | 73c142cfe2b34fdf1b7465e363b08056427f02a557ce082ce9cc01b054dadd93 |
| SHA512 | d3ed06dd6ae85eb59d2de420437f8b1ec7128ab107c6eaa6ca7e77bfa1604c04852131066c8ceb2d958927d3d6999cd97d00bffa239f442738717a9d8241827c |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | 31d1513128a0d3e21d92d532faeed7b2 |
| SHA1 | 4c2de145f5799652688edfa4409307b2dce41311 |
| SHA256 | 11d68271ca489b9dfa8e99a0481c01321f81f112a8aa7eccb205582adefa6784 |
| SHA512 | d9907800908d4fb4534ea44c1842ea1f5ff242b8e99685ece2dbdbc9f6cb53ae4711c540a71fa507fd92ea79c2aec585ba135866f3b8867c68b801f164a65641 |
C:\Users\Public\Desktop\Adobe Reader 9.lnk
| MD5 | b9c64d90b8c6431729bd42345553157f |
| SHA1 | 9d32b8456d2e4334140b16c8e3f5b44416de4b1c |
| SHA256 | 57fe0dae4545fe2cf5a3db1bfdf582961ded2cbdd3d4a521f3d46612d0b655fe |
| SHA512 | 75469f8c8cd6bf654f1aa7212557f2e2c5d1c032ebd0eb514dde712734d80b9f2243f92b1e2d68372a8e9ba0108dd4106ff652c9a192fe604a2d722ec869d028 |
C:\Users\Admin\Desktop\MountReset.docx
| MD5 | 46690034ed50088e2bf9b28a0b57c33a |
| SHA1 | d3171480f49ade09e037e35f1571a92a968c18f7 |
| SHA256 | 6bc32cc5a49771bfb3ad23b9e08fdddae78c42df84eb0e94580b771647bb210c |
| SHA512 | 80916946572007fbd34488bc999d7e49d4e0dc147487fd0a7b89fad53711b18f6d7980ffc600ee2f711d5db1308fe93867795c394798b6dd776625a6a40a9e7f |
C:\Users\Admin\Desktop\UnpublishGrant.vsd
| MD5 | ec2be0ebd6ed66ea9a4cc4281eca30c6 |
| SHA1 | e5823adf4cc50522447e32a7ef9d6602bcef2c0c |
| SHA256 | 917f4d758fbc60d045cd5d93b6126c7ba83ad6e6d36ac675a50950fb902a887f |
| SHA512 | e5bf957bdfe4af33fc37110678b0dbaeb0347de7326e04c7125512334a262e924c3c37ed99160c7d59981f3f0090149fb31b6ac4b0055205c8eb830ba2ea6c6d |
C:\Users\Admin\Desktop\SwitchUndo.rtf
| MD5 | 367dce21cb1524db260369dbaadd6d60 |
| SHA1 | e1f7a8c72b8e2e1a892bf8a613ce844e3c880fef |
| SHA256 | 78213c9f5bf96daa705eb891dbd12abbf322f92bf378116460246fbd8effe983 |
| SHA512 | c6ef2498be302279b79f28540f964c4bb8fc7f02718db3d561890f82415b19df22815d57fd614777d76495815480bf56ec702cd2c3b5a6208668b54dfbbb86ca |
C:\Users\Admin\Desktop\SendGrant.avi
| MD5 | 8550979f5d83c1a2cfb909c7db2354c5 |
| SHA1 | 55e5f4266aaddbbf6f4c85644ad31d49a068130f |
| SHA256 | 4b00b298d3fa9373a482967eb34f76b2a4386007eab4bae4ecf56e29913be121 |
| SHA512 | 8fefcf05eef8bac75e2f59471b71eca0dafea3fdfb0fc3f4291488d2f0253b8500062ddde3932fc43e28a2427f6b26241682d4c4ad4900ec5a0357fcfb607586 |
C:\Users\Admin\Desktop\SelectResolve.M2V
| MD5 | cd0b0da2939f80c18b99e4019688d594 |
| SHA1 | 98f68b3299df545bdadfa5bf4ab86f22958ce0ab |
| SHA256 | 52a2ebf5900019482ad32f8ed6666e8f8cc7d189928b87f392b634a2b7e64e25 |
| SHA512 | 6c116c0321b5afcbd6aab4e006e726d90a4c0334b36d3f805aeb2aed96284450372fe8e7fe2298a47a84be992c5553d8212ae94eaa4591e889ded5fa095d5fff |
C:\Users\Admin\Desktop\SearchRestart.ini
| MD5 | 568bce2b42a20f84fb90a58ff84219d0 |
| SHA1 | 197fc5c9f250824620288bd814bd79ed5dc62c1f |
| SHA256 | f2a881cc7cdae0ad4c08661d06f40ede5c53746be79a3116a2e456e217516ad4 |
| SHA512 | cbd965758ed6cea4a5f84680eeb9ee6e64e6bd012863bf323712e3158becfab8d031b929ff1e525429ef6e04142d395da3f67a58a111d84efe3dc48a3eca924c |
C:\Users\Admin\Desktop\ResetSkip.vstm
| MD5 | a03c99cf71ec36117aecc42bfed24f48 |
| SHA1 | 0c021b164338b77a03a546a2608fd6ce5a7aed06 |
| SHA256 | ec388a8fcb1d6dec29149b7298d7d31d786ec090522ae7d2268a443e58e01e6b |
| SHA512 | e1f2198e507e4085a3f90d9760886c9c46a0204aa66180c8e7a6639186a3a126fae06c420fc1f4bbf71c59043fb97b5d1d04ff6e3da823f79cddbca52301614d |
C:\Users\Admin\Desktop\RenameHide.dib
| MD5 | a8490f933b538e469b700e4231629675 |
| SHA1 | 529ae8048a73df9385b274bf598b392baaf80e75 |
| SHA256 | a3b565f1dd58b85bd2f8d86fe5b9914d00ec67e6dbe45a91bc4b393d0647573d |
| SHA512 | 34d4af2d637c8230bc90e2a57409427002da3a3911c126b909f5f92e439aaa70418b2b9fd1966686ebd38dd8d0bb33334d18a7b3de4e8a23f6dcf27b99b108f1 |
C:\Users\Admin\Desktop\RedoSave.asf
| MD5 | cedd3f3b9c7d050f63cc6adacd9faa03 |
| SHA1 | 5033a6c44771b0dc5cfcd7bf4ba665da5dfe72da |
| SHA256 | 6f84bf40d61dc7e2cf699e22141546608cd072c8e94cad66a961512caccd3b80 |
| SHA512 | f1d6df864bb4f609f725caad22d37c7cbe3ac628cf57b077269e2ad34b3821cd4a0449a108913b5fa872376adecfb3983040167898b8729f1ec2517ef6daf00a |
C:\Users\Admin\Desktop\PingInitialize.tiff
| MD5 | 46ae11201cfcbf32f97ae678275e7f54 |
| SHA1 | d109b019ba5e282436befeafa113f2ef87a552ab |
| SHA256 | 80023c5a7be766b652039bf67e4cb345bcd9e19413c3adf27c3f24ac962a7be5 |
| SHA512 | 46249b210ad0a02ff0251216e15eef84111cdf2fbd1865381ff1cf3f57daec56abac2eddd4d5b5524dde6360bcabfac3c6c49dd1e502ad8e13d3834247688725 |
C:\Users\Admin\Desktop\LockUnpublish.rtf
| MD5 | 2e5a5f2a1fc45bea129dcc5c012e7e8f |
| SHA1 | 2d7d1c9142de6061f66fdf66940850945a406375 |
| SHA256 | 63b2052c61f4e53a5665bfb4fd719d27477b7a011931b705feab1945071b15b6 |
| SHA512 | ade5b133b1a741a5a25e566357d4e551d65d9a4cc147adb0fa7b8d7f03b47c3f0009e673cb5551ec0d4efae6835beac09287a3a00abc85849e0681b794d79b03 |
C:\Users\Admin\Desktop\LimitStop.vbs
| MD5 | e855e5e463da14cd14d0274dae6a065b |
| SHA1 | 84c72f723e8d0f06e245790051bca8604101e42e |
| SHA256 | 99291fcce15d929de1a221693cda5fac9f6736f6d56524104efbc22410d3b4d6 |
| SHA512 | 8d268ee34d57e0b9edc963a6f5b2ff0a0c734c2a1a10e065517390f8dc413716dfb7779714e1641b31e0c64cf2a94e4a453bfb11b1e16130c4283cf7b17ce429 |
C:\Users\Admin\Desktop\JoinApprove.TTS
| MD5 | 295c9751b7285365b93ac3897038a2f3 |
| SHA1 | 76fccb6e99069c8faf357e4b7846eaebeb9a6aa9 |
| SHA256 | f46f4fef63b0f2ac63b85c38f84d6b61dfbf6956f9de7ae39e747f7bac911197 |
| SHA512 | aa084c74ea626964d4e56f614722fd59c6b911d84f13b2d99f6d99ea74109dc3b411fc8eb2040b1af941176b286907b58002f67f190e36e0bc5fe2e14f1571c2 |
C:\Users\Admin\Desktop\InstallSync.3gp
| MD5 | d5fc94fdcb0fbb27cf52df4ef53922a7 |
| SHA1 | 2b2014bf6a38812ce0851da39c8764c90536bdc0 |
| SHA256 | 7f8fae4a16bbf24aedf401a71cdefc3126e94f010279cc7a714ffea980713f2e |
| SHA512 | 4a27e8f9e71a04ed4fe02ef35a26510b827da75d6f2b538670f499249a4358d2e48c7a2007d54b4ba85c0256e3b9c5dde3367d8967b458337783b9824835e766 |
C:\Users\Admin\Desktop\InstallHide.vsw
| MD5 | c23b77221bdae82277a43c3c190ad187 |
| SHA1 | 13476dcc88edfeddf215ef35c6efacd836925bd6 |
| SHA256 | 16aa266beb6481ede4c4511dfdfe2d9c4a99053de1effe2b7c0fc8055782da5e |
| SHA512 | eb310c81938d5b59b2b49cc253499b8c5dc1d8065f18a3f072f38229d8f721af21cedf2f623a539f5482547f4b4aec6572f636710d26fb044d14524498f1a0ec |
C:\Users\Admin\Desktop\FindApprove.MOD
| MD5 | 376e93af605ceff095ed259256cd6997 |
| SHA1 | ce927e25546476366fa6805d9f454f20e048b831 |
| SHA256 | 3048ed134a9839ed1251d29994b912a86df2be44abcf5f7c81c931fe8c1efdab |
| SHA512 | 7d14ea91826752fcd62ff088f5874dcdfbb925ee99a8eca50b42fb3bf15d104d85198b6d72db887080fc5b2e0de4971b2dc933b97930071013984800ab1ad024 |
C:\Users\Admin\Desktop\ExportUnblock.mpeg3
| MD5 | 4a7dda6eebc98b0370452caa6134737c |
| SHA1 | 3e99f96bf1b87699602ed5ef59566266f4474276 |
| SHA256 | ea69749b7566076118851453f5ede740356e217b84b4ff8677488b7a114d56be |
| SHA512 | fbb73941ab5b8fc811cd58f94f6608e3482807469f9b4f9cbc56dd98586e7aebb93be5a24bc5da0c210b7619cf91533c0f4ac5eaac075f9727b81b188d17f638 |
C:\Users\Admin\Desktop\ExpandSelect.tiff
| MD5 | 28954447b3b2a7da81819bdfc5d4d277 |
| SHA1 | a59303b840883bfa6cbf7288f72e9e669700add7 |
| SHA256 | e70ed4381312cc6fdef67cee0451189f8572098c11de47779aa6bcb49907cb8f |
| SHA512 | 1f3919e37eb2377b5b2f9d32461141b73b70dc8d021fc78a685ff153c4f766dd3148a9d7de90ee18a80f71931907dccedb70e7bb0fa0bac48e3f674f77c800d4 |
C:\Users\Admin\AppData\Local\Temp\Cab2DB7.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2E75.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 605e6da4be6fffbe476dbd08dc0cfc80 |
| SHA1 | 02aa5a9e432781b5280e3f26236a946e7936c46f |
| SHA256 | 137f395e3414dee8ddc8251f6cb460145fc304359c69a723040060d7562301f4 |
| SHA512 | 1b670707e87d884bff6ae09421acd269546bb41c6a22565be9ae0f16aa97f737bd6877e3522f2a4df0836aac5c115228111343d2c388dd9bacaa77cff8580190 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db8b2aebaa233faed26fc555060a9f00 |
| SHA1 | 01ddbe20ea99f2db204e177afdf8462c48602569 |
| SHA256 | b0fd7b24869f77f89aeb1a1570fc4f1c67c47fd5cc4de9edb66130361aa38533 |
| SHA512 | c16c750e3d5ebc2b04dbc635de4f69f918ea9c9304b410bd4276df03911cb81c43bd077e761d30934558de3eebc7128c265a465af7d03e84b55d2839dafce88e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f11437417c77931daf83547a305524a5 |
| SHA1 | a0af4a62f95acc6695b1af70d3ca10dfb6319742 |
| SHA256 | da4eabe3ec3cae4dfea9ea6727301321be99ad2ad55657135bfe1c8329392436 |
| SHA512 | 696311e86686a6b4ab03eb991cfcd2553e39040ad7e8bc9d6cb56cb099576f71b06327038f80fb282bb08b145d45180f9888e616606fcff5fd5a1642c7b9c63a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30cba3226d6b11222cbf3887e227cc11 |
| SHA1 | b697e1ff2ffdeca1368aa94d073cba54d6e2be24 |
| SHA256 | f7cc8a38affc3895546a472f529df55e5160c3ac98820febf0b276feed2d3c50 |
| SHA512 | 16ad5f8e199c04f9b57f13368eb7c421f6c6610e6eab1dd20310b8ad4ac22de920387864e7c5e438cf7a8d6138de472b4ae015bfc1ad29103acec10702fc4cf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4372920dae55d1a9779c1679b5bba271 |
| SHA1 | d3532d27d60d090f460513ebf380b01f662bf83a |
| SHA256 | e122451888ddfaea7e028fe8301dbc9e0c78dd3ee37234cd87e7d657d9c9fa63 |
| SHA512 | 0dff1e53d4d2dc746419debb489948ceb42146eb1757e68f86720b801b78047db292a486a8288a81b010d33a825fc3d8beb989164a528ab2d6f592c0435754f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 379da68e50053e54f9a11e2d700dd2d0 |
| SHA1 | 7328a0323de8caa5c1bf7c584df5a2c437855f81 |
| SHA256 | 32f14448d7c1691a5552923e6d05030b32575cc53db92a7607b14f61bca57615 |
| SHA512 | dcb88d51d0f0405803cba98e00d02f209c6a92fbe2874a8d9d0f7007608380d0ba92bb2392e047f6f6f673b79075c1d886b92895fa55685a157a839f4f48b2ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bc90611c853135a41b027ba665ab85d |
| SHA1 | 8047eb2b84cfc6f0f85fa527672bae1f56ca6592 |
| SHA256 | 0a5f73d673cf9d82872571075a40088831d8cd88dc0ceff3e6cf21716acac2eb |
| SHA512 | 181abdfaa4e8e444de7095ea3bc2ef4e959a3cfd1d2f59df2c6f6df679c9c2711d6021d6427935685cc7de428cca5d34bd61f72a24fe84e7e7707f3f1aeec317 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2006af412da9058cc09bee1d85dd0df1 |
| SHA1 | 0539043f3bd9e4cbb46f981cd093043cd0da7d75 |
| SHA256 | 81ba5f031024f65ba689c1ad46426bf67d2e6239a1ec3c7141304960f6b8cc1f |
| SHA512 | f592f52aec62539b149881e340a2d2dbb5ae81ec636f451ef8a1138458d67e090daa7b5817083dfb82d707b86a25becfec58436064de082b66ea477f3f1a6643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7333bbfcbb6b1bf2ae59fb8a2d310819 |
| SHA1 | 4d09e2db083aa56a7a36927f3dbc429f8792b2b1 |
| SHA256 | 2c8521cbf39f52824f0fb4bf83e6dd0550d6097834d30b3e8410cc78b21272c2 |
| SHA512 | 6bd34d11082a1aff57c5e8ab2645d1f6ca72d9727f731614da24b9df1d8dbd6d625aa9e9b707082275b2e518773968fc6558282d813543cb2276668052ae159b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\doomed\13705
| MD5 | 04e820e9a8d8c50eac7c61f0f8825b46 |
| SHA1 | 9d1b8d281257851c6fe072e65b4b964bedd240f6 |
| SHA256 | f18f7d62f4f67362495095af3661f53c54d1d89426b1b2b482eac71716ada4af |
| SHA512 | 3340e35a8e0f33bf18e7fd5d3df60acf1e8c4cb55990d6807aadefd6be987eadedc0dbe5c9e992086406cca481794f131acaf77c0d5ab8638d86d98f3ae97051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 714f522b9a4ebe274c8c888b48c3d67f |
| SHA1 | c063d05c53e1a3f7f680f51f275bde24ed11d1c3 |
| SHA256 | d1a25250bb8282c7a0b0de16beef58f61c45158a1be1c2d5635088a4f5b9994f |
| SHA512 | 67c0e359b2a591dd04d5d6dd0ae942ea0ca9016173678076c776445cdbdd550ac66190d383e44b7ec579be177669128882467a9b3d4670abc33417210b4b6b85 |
\??\PIPE\samr
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\579A732083CBF00043C4E457834015FF9E177B8D
| MD5 | 599e935668d26c33372dd56049ab71b2 |
| SHA1 | 63b71319380c0fab4b547f2b8d7f078456ce4207 |
| SHA256 | bcbf912d693650634c6cb0e59bc925767c5f75bb8c1ea96e7e2a9b902adddd5e |
| SHA512 | 56b06fa5bd5d71decb7745147c2a1e203949450b07034180111ab945ac1423461f2a5b16681ef0943bd1626f26dd146168ceb19703b17d636192365e75ccbaac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\DD2BCB6AF648949C84F016445C2DA9B9EB0DEDD8
| MD5 | 826083126b3f2672656bf369bc760552 |
| SHA1 | 7944e748f0628c0b30b403af9d0480ac9d9f99a6 |
| SHA256 | 381b2c10f5111e32991a99fcd103de8f0a8abc07b26ef939810c98cc215cc544 |
| SHA512 | 565bca64afbbe48457934d49da3fd8edb9de5e5988a932855fb1c87c94baa5b52503c5328e7b01e638f0ca7aa5fa66ec826b1b2e0ef1af1910ee668752fcb0fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8fdcd80604501ae1e036ae7e08dee16 |
| SHA1 | e4a506608a6340bb860181ab281f31366c329173 |
| SHA256 | 64b25283594083aa6b9a8ec336bd14530c41d1f80752b5e13aaae6201945d624 |
| SHA512 | 5be5be39d000da8b59d2186ab1df8ec27c8925a0a0c4fd6312c4afcdf6bef2d3a97d346339368833238924cd4eb66284b5901eba2307964a5b5bafce464401b9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\FBC146AB8DCBD6505B59F9D2C02C2E871AE99F13
| MD5 | bed1292b558c72399e86b8aa447439b9 |
| SHA1 | 34ffd0737f82ee027745bdbd1d80d38f60b0a032 |
| SHA256 | c03a758ab8283b7d9bb9419c768d94dc5ae4f336f3849d76ba8657bfcc2cd835 |
| SHA512 | b3ae94102b87e1bda0e08f4bd3fdaf4268c2fca35cc8bfee0eb5f5ea9927735d16279811d8b096c2a3d8b6beb59b5822705f96309b4f1c879a9573a83920d742 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\BCE71DBB793AE30DA661022604E710C2005E4FDA
| MD5 | 57c9490acf1d9ce07261bdf0ee527a65 |
| SHA1 | 5f18a988cfa1f13e3ab7b90f90a40a459620d5a7 |
| SHA256 | ad43da294a752c23add1263f322200a31809f0d7fba675e70a215361cca4e02c |
| SHA512 | 1c5bfcd2e5b814db2369b4ed36735624beba149d3ada250c035efc73378e8b57e8e85c8b1a09ce712989f7979418d2a3b0356921bdcbc891e8e1bff08e4a4396 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a07b1f22a35147fd038833d687a2ff76 |
| SHA1 | 896da621e16ae773c7099ba3079cbca994026a94 |
| SHA256 | d5860c9e02b931c6665485e3708f4de7ced0f9e0649f6281a8df354a8869369e |
| SHA512 | 9490d723f4d9e4c9e41a712ea73efe119148742385a212df1ec70fbd448dbbfb62a56cf4cf7fb51bb2123884663a3c9f1f4496e64dcc484a4927fb0971a49ea4 |
C:\Users\Admin\Downloads\Bon.X1-WHdf0.zip.part
| MD5 | 3e163a4f94d9b3d73c1da6d9582c6a17 |
| SHA1 | 37274ec4c201ca60453b74139cf7aa2dbad51071 |
| SHA256 | 757dbd855a3a6c8ca108bd9eb006ac6bc36a7d4f054ca7d86bc915535eb259dd |
| SHA512 | 64bf3daa530d9b4ae8e2ada2db42e31e6f4b5f0e4413eccd3a5e3b8a3729f2ee8f5c1467c9edc7cc40e1afb53768154d0e0245329176ee2f271ca1060b6fa4da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ad9a8b0bdcd1d69a6c13b97543ae9fb |
| SHA1 | ec66872a924ccfd1be391d44959bb9f03c563533 |
| SHA256 | 670628ee442a532421bb86c1a46b42485fed2cf1e5d1e7123a78470a5ae994fb |
| SHA512 | 90b51852cd87005eab1d01c8ba8b83bf668334d0feca65fda65fc080f90fe797f9ec1331b098650eeb139131fa89db90ea42d88bc093214b412c249237a804bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71f2c408d77eac7a535b456619c8bd9e |
| SHA1 | 48bc7c8d09d40c19f6157a71fcd61f0c18ecea67 |
| SHA256 | bc31f31846a1a9e17a7dfd4e66ffc1aeb6a2453d3691963479f1bbaf5e486a36 |
| SHA512 | 8b3f9888b77df1aaf146733fe485c7b27f16b05b4bdc5f07c708e39124486dd7a54384dbcf41c36e93b9b159964ccea3702b16031803d52303a434add66f3eb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e516bcabf08f49e7728d66847f63a4c |
| SHA1 | 82b161d5237e687ced60ca1f119a1f0451aa2f80 |
| SHA256 | 0162802d6f5b35de79e9445ea5e065f441ceaa1c2fcf72a0943f91197ba622b3 |
| SHA512 | 9e647a053470d8942826545854d03e9805c9e0955cc7638ce0febb17009df32ee60a389c6b768723903050d61f611f1b7b220363f035954ac0963afa48206308 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c724d9169dc2fdb1571d1355fccf5b1d |
| SHA1 | 6a28313e9268ff2b1fce35f7306fc4ad725cf89a |
| SHA256 | 742ea486ccebd2fea535831afbd4a43e4cbf163164cd5e5766ac2489f6788a24 |
| SHA512 | 0a232fa7f0132af760be3595d5d4ed151f70c5a8a06209b3b2230773a07b7b2d785648b5b4e6eb80c141c63e35f4a5316a89510c2a00676cbe808780dbedcb4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7771b08e59c4067c08a873b17b9c284 |
| SHA1 | faacae2bc22fcd8444539d0ce95d9971372531b8 |
| SHA256 | baf2bd309df4c4f79bb6bca3e557e37f985d758f96c275d34f526ea01ca3f243 |
| SHA512 | 5fd68ec6824db331d62a5f63dfde9c8dbbdb5a6619b84cc709c479006e3058a8adc4e43eec0cf5c30d9581d9cd5c21f5818c322a8545f3a17e578f7379a97976 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 518ec3d48c0b24f6984d6f0a60d92731 |
| SHA1 | 1688d1295dfcf792b72673d9ad2c322a68637af4 |
| SHA256 | 50c605efc963b2a36d33e10f1bf03931a3624b29c8fdab51234e2eccc0331c94 |
| SHA512 | 7f556df6dbffbad293e13b380f81c3aea17c537fef3baaacf66a3133dac21d368c3402bc4ab757ca7bb9d9d7b25e96f2644546c8929f0a885534a0c09d1ebd13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ee2f853ea5febc9655f7f9ca9869bbb |
| SHA1 | 29e8f8800cb064302046ab6830fa3306ffb2591b |
| SHA256 | c39eb84e508f9b2ecb0d4102b33cdc53b5dc1f0ebd95aea1076589202f076762 |
| SHA512 | 1417d451ae3adb89ecac845fd05b914d1859ee98c567a6b9f0aaf21312ec307d4281a1731766a20552a4f77f212c2aaf6f111409149858a260c33f8edbc408e8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6ce2d68b37e21b9bc9e2a984af418439 |
| SHA1 | a97cc2e3e95d3d35d6781cf70cbcc4219443423c |
| SHA256 | 51684767b359f4171d220ae2d359af5586142e406f019b2af53d0ac4357242e0 |
| SHA512 | b906bb5e495c8bd59656b704a1942907ede30a5ded87d19a8df3315c37b8e3b0a10ce495f9a54d69ffe8768ca11a0b597b36b0a2aeb5f5840c7cec0d24c763c9 |
C:\Users\Admin\AppData\Local\Temp\~DF623637CE2773C446.TMP
| MD5 | 6e1c990b9d22921039b717b62469787f |
| SHA1 | 84cac4406c2776072fecab3425ff32e6dac29cc7 |
| SHA256 | e4bda1406d9dd08b04512f485a0c455485ffd8375cb5176972cb44d0b9f71ffa |
| SHA512 | 5828a31e04824249dc8b02a7b4729aee7bcf1daf71ebd852644e84f8113cb33f07ec2557a5bb21ecabe870ecae6e1e5136c438b8aa2550d8174d161bf665a1d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9f4f369da610e5439c84c8da8613c6ff |
| SHA1 | f7af1cccad1a3b2fe6e35c10d2fbe7c78d0e912d |
| SHA256 | 0ed9a2e6a8f2073c9c1bd31c32df1abcb8cc5b96f473804139ef94e31aaf8dac |
| SHA512 | 6a9d0d04317d3a2bfb982a9a901edbe6b08e4c8e58be9ab08aa43a13392a849cd800c3bdcc6092193692d6227723e472b78b5bd2f81c3ea947618b342f3c549d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ee83a782ace4a69a8486ab9e72d26090 |
| SHA1 | 3645a82ab5305d46c55c44744a0cda7ed4332117 |
| SHA256 | 4da3f2c3ef8fc344ce0d55cd9cd48fe9213a370509bcc38719304d58f1bb5066 |
| SHA512 | 4a3e6ee874a7a50e2a8b662a967dd2f81dcc82ebe73ca55dcb334bf634f2b9d07b05b48676cd3f22fe56965501664e85a333e385e03e323aadac8e77bd9a84e8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 4cd1eab383d31e1effff5c0997f2b296 |
| SHA1 | 3487cfb33e56a14918e08ee726b14cade6db857d |
| SHA256 | f54689285e8a5e241670e70fd505a3d194987c32635d29759af5df9101738ae6 |
| SHA512 | 52341b5476cba612aa39edac3cae54dc5fd706ec34b82e0bc579c0c4bda9f865b6b848fa05b212ae0f24c3279d067de36fb5db5ff5950f8905d0a2e6fd7d0883 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d1eff298383c3b815bbcaa90d29bc6db |
| SHA1 | 1964ecacee017d0086d7f7d8be871b9d09c2a16a |
| SHA256 | fb8b174ec11361a4238aff98828e45f06241dd8e4a1e690ee256af5b107fe473 |
| SHA512 | feeb26c1c11276396cc7f2d0af9ec9cdb8a80db1f7a32d9a3840b651e13da7251185956a2a57f1a1e46305821398b3c6900f70448d4002393cf6b456ae043941 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b22ec47d660c85960c542a9f5f08498a |
| SHA1 | 1b33618317dc58fee2403692824b37743715781e |
| SHA256 | 9f4eceb793c18aa17c15fd9c5ae1623aabde2cc43bbe6ed445af9a30f3de5a4e |
| SHA512 | f8b43d1c0f3c24750f48cdc209234ad61f50a6a55712a1a2df8659dcb48726f7e7aad8227fb31a817ec92ed7b322894ccbc87b351155e0862e82f6bc3cc28709 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\635173200124313B1FF34FAE0FFBC6198EB7019D
| MD5 | 03504f431f502e44811706ad9557d7a8 |
| SHA1 | b1ace476de0bb742f9898725437db583e840d448 |
| SHA256 | 98327a734a9e1bb65ef645a0f738676ce23b8d12cb8150ac7dbc0ebafd887670 |
| SHA512 | d86ed99bf0bd0ddecb7779a1e42ad0f1219cd0e62eacb2e5633d652b91ed10354b4da07ff7d8b133a0569c7f02547479b6fb85b815333f29e0cde3a9355065e9 |
C:\Users\Admin\Downloads\wp4073802.webp
| MD5 | 23841987bd74c46b47729c083846ccdf |
| SHA1 | 1266b1410a3117ee61985beff945446de5c31065 |
| SHA256 | 04d7585614c33f39a84d90f555332c2561ae78e366075524e37cd2470791b022 |
| SHA512 | e8c6d5e7a11c3e1031ad0b68c8f3c5ff323856f0239d0ea834e1d17f8908b33b9f3353f19a6368a08bfd0f0d1e0f85553c397e9c9474a4a4fe5e4b28376d67a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5652e7e2ecf9b0c05281e1eded5ac56c |
| SHA1 | ab1c57df6e603b598d4000a31a3ff4e606511128 |
| SHA256 | 1e09cfc14679cbe337051385c7d064b894cedefe263cc3bfdcef0d51200bab6a |
| SHA512 | 7dc0fd462cfd50b29f7dfe6e2eb86dd8a70e56a913c14c340756e78394a398c1c0f6515bf756d281242a2f14918f9d19d623461226d2dc8c7101fda9887f9e2c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4
| MD5 | f7e71655176e894a4a10e6db21edf871 |
| SHA1 | 82c89af0e358ec836ce8024c3bee4aa7df63bbdd |
| SHA256 | 18809078a25f02e4c8db0d3f1dad98e5905034ef979826ba37d45f1c80057434 |
| SHA512 | 02c38fe4f8a0bf07b968c81f1582d4849a9efc627287c18d7860ab6364a40fc1c95e5e0b936eb066b7b8e3ba5d92cdf2888c8c3f45a0fda88942f02683825a13 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | 2959a0ef3312150c5523b42c0a29c3c3 |
| SHA1 | 83b8b16458ac274d6c8c71300a3cdc6c03b87f4b |
| SHA256 | fea1641bdbbdb2403e96c459a9948d2a6c83a927112bd3949138f01cd75dec1e |
| SHA512 | fffa9800fefabb9a2f811313e3c4120d0f73d7f7b9b90fffd2877256baa3b1fd0add601135547af99f39c3a85c6f1856e9cad4b777787c5c86cedb70a1101fe6 |
C:\Users\Admin\Downloads\Bon.zip
| MD5 | 65259c11e1ff8d040f9ec58524a47f02 |
| SHA1 | 2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd |
| SHA256 | 755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42 |
| SHA512 | 37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d |
C:\Users\Admin\Desktop\BonziBuddy432.exe
| MD5 | 06d87d4c89c76cb1bcb2f5a5fc4097d1 |
| SHA1 | 657248f78abfa9015b77c431f2fd8797481478fd |
| SHA256 | f1e859d99072e35f20e172d8458e3ea1baf8ba86c8c9e311a0debcd2acd5d0fc |
| SHA512 | 12bcc681544bfc0cb5f1a3c2e5e3d475efdf5abb8bf0e18cb18f529a82d551f39e16de2d3f0664c2c2cbfab2bc4702e256b958acadca53424e6d8760b6f457f9 |
C:\Users\Admin\AppData\Local\Temp\$inst\0001.tmp
| MD5 | 8e15b605349e149d4385675afff04ebf |
| SHA1 | f346a886dd4cb0fbbd2dff1a43d9dfde7fce348b |
| SHA256 | 803f930cdd94198bdd2e9a51aa962cc864748067373f11b2e9215404bd662cee |
| SHA512 | 8bf957ef72465fe103dbf83411df9082433eead022f0beccab59c9e406bbd1e4edb701fd0bc91f195312943ad1890fee34b4e734578298bb60bb81ed6fa9a46d |
C:\Users\Admin\AppData\Local\Temp\$inst\0002.tmp
| MD5 | 596cb5d019dec2c57cda897287895614 |
| SHA1 | 6b12ea8427fdbee9a510160ff77d5e9d6fa99dfa |
| SHA256 | e1c89d9348aea185b0b0e80263c9e0bf14aa462294a5d13009363140a88df3ff |
| SHA512 | 8f5fc432fd2fc75e2f84d4c7d21c23dd1f78475214c761418cf13b0e043ba1e0fc28df52afd9149332a2134fe5d54abc7e8676916100e10f374ef6cdecff7a20 |
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp
| MD5 | 7c8328586cdff4481b7f3d14659150ae |
| SHA1 | b55ffa83c7d4323a08ea5fabf5e1c93666fead5c |
| SHA256 | 5eec15c6ed08995e4aaffa9beeeaf3d1d3a3d19f7f4890a63ddc5845930016cc |
| SHA512 | aa4220217d3af263352f8b7d34bd8f27d3e2c219c673889bc759a019e3e77a313b0713fd7b88700d57913e2564d097e15ffc47e5cf8f4899ba0de75d215f661d |
C:\Users\Admin\AppData\Local\Temp\$inst\0004.tmp
| MD5 | 4f398982d0c53a7b4d12ae83d5955cce |
| SHA1 | 09dc6b6b6290a3352bd39f16f2df3b03fb8a85dc |
| SHA256 | fee4d861c7302f378e7ce58f4e2ead1f2143168b7ca50205952e032c451d68f2 |
| SHA512 | 73d9f7c22cf2502654e9cd6cd5d749e85ea41ce49fd022378df1e9d07e36ae2dde81f0b9fc25210a9860032ecda64320ec0aaf431bcd6cefba286328efcfb913 |
C:\Windows\msagent\chars\Peedy.acs
| MD5 | 49654a47fadfd39414ddc654da7e3879 |
| SHA1 | 9248c10cef8b54a1d8665dfc6067253b507b73ad |
| SHA256 | b8112187525051bfade06cb678390d52c79555c960202cc5bbf5901fbc0853c5 |
| SHA512 | fa9cab60fadd13118bf8cb2005d186eb8fa43707cb983267a314116129371d1400b95d03fbf14dfdaba8266950a90224192e40555d910cf8a3afa4aaf4a8a32f |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page18.jpg
| MD5 | 108fd5475c19f16c28068f67fc80f305 |
| SHA1 | 4e1980ba338133a6fadd5fda4ffe6d4e8a039033 |
| SHA256 | 03f269cd40809d7ec94f5fa4fff1033a624e849179962693cdc2c37d7904233b |
| SHA512 | 98c8743b5af89ec0072b70de8a0babfb5aff19bafa780d6ce99c83721b65a80ec310a4fe9db29a4bb50c2454c34de62c029a83b70d0a9df9b180159ea6cad83a |
C:\Program Files (x86)\BonziBuddy432\Books\Bonzi and the Internet\page17.jpg
| MD5 | e8f52918072e96bb5f4c573dbb76d74f |
| SHA1 | ba0a89ed469de5e36bd4576591ee94db2c7f8909 |
| SHA256 | 473a890da22defb3fbd643246b3fa0d6d34939ac469cd4f48054ee2a0bc33d82 |
| SHA512 | d57dd0a9686696487d268ef2be2ec2d3b97baedf797a63676da5a8a4165cda89540ec2d3b9e595397cbf53e69dcce76f7249f5eeff041947146ca7bf4099819f |
C:\Users\Admin\AppData\Local\Temp\$inst\0005.tmp
| MD5 | 94e0d650dcf3be9ab9ea5f8554bdcb9d |
| SHA1 | 21e38207f5dee33152e3a61e64b88d3c5066bf49 |
| SHA256 | 026893ba15b76f01e12f3ef540686db8f52761dcaf0f91dcdc732c10e8f6da0e |
| SHA512 | 039ccf6979831f692ea3b5e3c5df532f16c5cf395731864345c28938003139a167689a4e1acef1f444db1fe7fd3023680d877f132e17bf9d7b275cfc5f673ac3 |
C:\Users\Admin\AppData\Local\Temp\$inst\0006.tmp
| MD5 | b3b7f6b0fb38fc4aa08f0559e42305a2 |
| SHA1 | a66542f84ece3b2481c43cd4c08484dc32688eaf |
| SHA256 | 7fb63fca12ef039ad446482e3ce38abe79bdf8fc6987763fe337e63a1e29b30b |
| SHA512 | 0f4156f90e34a4c26e1314fc0c43367ad61d64c8d286e25629d56823d7466f413956962e2075756a4334914d47d69e20bb9b5a5b50c46eca4ef8173c27824e6c |
C:\Program Files (x86)\BonziBuddy432\Uninstall.exe
| MD5 | 578bebe744818e3a66c506610b99d6c3 |
| SHA1 | af2bc75a6037a4581979d89431bd3f7c0f0f1b1f |
| SHA256 | 465839938f2baec7d66dbc3f2352f6032825618a18c9c0f9333d13af6af39f71 |
| SHA512 | d24fcd2f3e618380cf25b2fd905f4e04c8152ee41aeee58d21abfc4af2c6a5d122f12b99ef325e1e82b2871e4e8f50715cc1fc2efcf6c4f32a3436c32727cd36 |
\Program Files (x86)\BonziBuddy432\BonziBDY_4.EXE
| MD5 | 93f3ed21ad49fd54f249d0d536981a88 |
| SHA1 | ffca7f3846e538be9c6da1e871724dd935755542 |
| SHA256 | 5678fd744faddb30a87568ae309066ef88102a274fff62f10e4963350da373bc |
| SHA512 | 7923556c6d6feb4ff4253e853bae3675184eab9b8ce4d4e07f356c8624317801ee807ad5340690196a975824ea3ed500ce6a80c7670f19785139be594fa5e70f |
\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE
| MD5 | 73feeab1c303db39cbe35672ae049911 |
| SHA1 | c14ce70e1b3530811a8c363d246eb43fc77b656c |
| SHA256 | 88c03817ae8dfc5fc9e6ffd1cfb5b829924988d01cd472c1e64952c5398866e8 |
| SHA512 | 73f37dee83664ce31522f732bf819ed157865a2a551a656a7a65d487c359a16c82bd74acff2b7a728bb5f52d53f4cfbea5bef36118128b0d416fa835053f7153 |
\Program Files (x86)\BonziBuddy432\BonziBDY_2.EXE
| MD5 | 8a30bd00d45a659e6e393915e5aef701 |
| SHA1 | b00c31de44328dd71a70f0c8e123b56934edc755 |
| SHA256 | 1e2994763a7674a0f1ec117dae562b05b614937ff61c83b316b135afab02d45a |
| SHA512 | daf92e61e75382e1da0e2aba9466a9e4d9703a129a147f0b3c71755f491c68f89ad67cfb4dd013580063d664b69c8673fb52c02d34b86d947e9f16072b7090fb |
C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx
| MD5 | 3d225d8435666c14addf17c14806c355 |
| SHA1 | 262a951a98dd9429558ed35f423babe1a6cce094 |
| SHA256 | 2c8f92dc16cbf13542ddd3bf0a947cf84b00fed83a7124b830ddefa92f939877 |
| SHA512 | 391df24c6427b4011e7d61b644953810e392525743914413c2e8cf5fce4a593a831cfab489fbb9517b6c0e7ef0483efb8aeaad0a18543f0da49fa3125ec971e1 |
\Program Files (x86)\BonziBuddy432\MSCOMCTL.OCX
| MD5 | 12c2755d14b2e51a4bb5cbdfc22ecb11 |
| SHA1 | 33f0f5962dbe0e518fe101fa985158d760f01df1 |
| SHA256 | 3b6ccdb560d7cd4748e992bd82c799acd1bbcfc922a13830ca381d976ffcccaf |
| SHA512 | 4c9b16fb4d787145f6d65a34e1c4d5c6eb07bff4c313a35f5efa9dce5a840c1da77338c92346b1ad68eeb59ef37ef18a9d6078673c3543656961e656466699cf |
\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe
| MD5 | c3b0a56e48bad8763e93653902fc7ccb |
| SHA1 | d7048dcf310a293eae23932d4e865c44f6817a45 |
| SHA256 | 821a16b65f68e745492419ea694f363926669ac16f6b470ed59fe5a3f1856fcb |
| SHA512 | ae35f88623418e4c9645b545ec9e8837e54d879641658996ca21546f384e3e1f90dae992768309ac0bd2aae90e1043663931d2ef64ac541977af889ee72e721a |
C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx
| MD5 | 66551c972574f86087032467aa6febb4 |
| SHA1 | 5ad1fe1587a0c31bb74af20d09a1c7d3193ec3c9 |
| SHA256 | 9028075603c66ca2e906ecac3275e289d8857411a288c992e8eef793ed71a75b |
| SHA512 | 35c1f500e69cdd12ec6a3c5daef737a3b57b48a44df6c120a0504d340e0f721d34121595ed396dc466a8f9952a51395912d9e141ad013000f5acb138b2d41089 |
C:\Program Files (x86)\BonziBuddy432\MSINET.OCX
| MD5 | 7bec181a21753498b6bd001c42a42722 |
| SHA1 | 3249f233657dc66632c0539c47895bfcee5770cc |
| SHA256 | 73da54b69911bdd08ea8bbbd508f815ef7cfa59c4684d75c1c602252ec88ee31 |
| SHA512 | d671e25ae5e02a55f444d253f0e4a42af6a5362d9759fb243ad6d2c333976ab3e98669621ec0850ad915ee06acbe8e70d77b084128fc275462223f4f5ab401bc |
\Program Files (x86)\BonziBuddy432\MSWINSCK.OCX
| MD5 | 9484c04258830aa3c2f2a70eb041414c |
| SHA1 | b242a4fb0e9dcf14cb51dc36027baff9a79cb823 |
| SHA256 | bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 |
| SHA512 | 9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0 |
C:\Program Files (x86)\BonziBuddy432\Regicon.ocx
| MD5 | 32ff40a65ab92beb59102b5eaa083907 |
| SHA1 | af2824feb55fb10ec14ebd604809a0d424d49442 |
| SHA256 | 07e91d8ed149d5cd6d48403268a773c664367bce707a99e51220e477fddeeb42 |
| SHA512 | 2cfc5c6cb4677ff61ec3b6e4ef8b8b7f1775cbe53b245d321c25cfec363b5b4975a53e26ef438e07a4a5b08ad1dde1387970d57d1837e653d03aef19a17d2b43 |
\Program Files (x86)\BonziBuddy432\ssa3d30.ocx
| MD5 | 48c35ed0a09855b29d43f11485f8423b |
| SHA1 | 46716282cc5e0f66cb96057e165fa4d8d60fbae2 |
| SHA256 | 7a0418b76d00665a71d13a30d838c3e086304bacd10d764650d2a5d2ec691008 |
| SHA512 | 779938ec9b0f33f4cbd5f1617bea7925c1b6d794e311737605e12cd7efa5a14bbc48bee85208651cf442b84133be26c4cc8a425d0a3b5b6ad2dc27227f524a99 |
\Program Files (x86)\BonziBuddy432\SSCALA32.OCX
| MD5 | ce9216b52ded7e6fc63a50584b55a9b3 |
| SHA1 | 27bb8882b228725e2a3793b4b4da3e154d6bb2ea |
| SHA256 | 8e52ef01139dc448d1efd33d1d9532f852a74d05ee87e8e93c2bb0286a864e13 |
| SHA512 | 444946e5fc3ea33dd4a09b4cbf2d41f52d584eb5b620f5e144de9a79186e2c9d322d6076ed28b6f0f6d0df9ef4f7303e3901ff552ed086b70b6815abdfc23af7 |
C:\Program Files (x86)\BonziBuddy432\SSCALB32.OCX
| MD5 | 97ffaf46f04982c4bdb8464397ba2a23 |
| SHA1 | f32e89d9651fd6e3af4844fd7616a7f263dc5510 |
| SHA256 | 5db33895923b7af9769ca08470d0462ed78eec432a4022ff0acc24fa2d4666e1 |
| SHA512 | 8c43872396f5dceb4ba153622665e21a9b52a087987eab523b1041031e294687012d7bf88a3da7998172010eae5f4cc577099980ecd6b75751e35cfc549de002 |
\Program Files (x86)\BonziBuddy432\sstabs2.ocx
| MD5 | 7303efb737685169328287a7e9449ab7 |
| SHA1 | 47bfe724a9f71d40b5e56811ec2c688c944f3ce7 |
| SHA256 | 596f3235642c9c968650194065850ecb02c8c524d2bdcaf6341a01201e0d69be |
| SHA512 | e0d9cb9833725e0cdc7720e9d00859d93fc51a26470f01a0c08c10fa940ed23df360e093861cf85055b8a588bb2cac872d1be69844a6c754ac8ed5bfaf63eb03 |
C:\Program Files (x86)\BonziBuddy432\Runtimes\CheckRuntimes.bat
| MD5 | 4877f2ce2833f1356ae3b534fce1b5e3 |
| SHA1 | 7365c9ef5997324b73b1ff0ea67375a328a9646a |
| SHA256 | 8ae1ed38bc650db8b14291e1b7298ee7580b31e15f8a6a84f78f048a542742ff |
| SHA512 | dd43ede5c3f95543bcc8086ec8209a27aadf1b61543c8ee1bb3eab9bc35b92c464e4132b228b12b244fb9625a45f5d4689a45761c4c5263aa919564664860c5e |
C:\Program Files (x86)\BonziBuddy432\Runtimes\MSAGENT.EXE
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
\Program Files (x86)\BonziBuddy432\Runtimes\tv_enua.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
memory/3284-3520-0x0000000000400000-0x0000000000424000-memory.dmp
memory/3284-3521-0x0000000000400000-0x0000000000424000-memory.dmp
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | a8ed45f8bfdc5303b7b52ae2cce03a14 |
| SHA1 | fb9bee69ef99797ac15ba4d8a57988754f2c0c6b |
| SHA256 | 375ecd89ee18d7f318cf73b34a4e15b9eb16bc9d825c165e103db392f4b2a68b |
| SHA512 | 37917594f22d2a27b3541a666933c115813e9b34088eaeb3d74f77da79864f7d140094dfac5863778acf12f87ccda7f7255b7975066230911966b52986da2d5c |
C:\Program Files (x86)\BonziBuddy432\Reg.nbd
| MD5 | 4fc1deb8f4846d001bfdaad8f9f457dd |
| SHA1 | 0bcd73e26380e9fd2e0bd6d798abdf871094c9c7 |
| SHA256 | 9bb25c5466cfb526a83ec1ffa0730d2cfe050838cd7a6c8df30f07b316dfeb82 |
| SHA512 | 8102774f87c48d8156c61d938bf44a7b93640e9af1f798f6654a5b77e65a05cc4f0b3165abf45fc490ea76528692c8af2a14cbee0f8bb51d7bd1e4bb3db4f3ed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
| MD5 | dec4bc50ec9bfa344fce89a390a0d027 |
| SHA1 | 0999931e265445fd3884a01fda8b3afb518d1ad9 |
| SHA256 | 75b661d917c469f9b5ece2f1086185cd7af2892fff62a0de13e5df462c235e17 |
| SHA512 | e7a0be43015e3eda21077fecb442627256fcc07b638298dc2c2a6af8f67f023713b64f1c8cd196e786e736b468a560232f94aabbced912c30807e616a8b829ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\db9f4241-ed18-4a1f-8801-e6bcf1105023
| MD5 | 9c72d7aa34ed6cd449c089804d42440e |
| SHA1 | 3d55443361e11e32841cc95caa088966c59299fc |
| SHA256 | f83313a9407b8fa6602f2b71b64a21f3781f4e93efb27461c2a4e3ff6a0c6984 |
| SHA512 | e68c2265136eeeac6c6dbb75dcb984bee45cfadbbb193dfc0bbf22950b580d1dc4c74cf29930bddc6bd8da70ef311f5e2d0323c18ece86f7376b122e4ba78a37 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\6e337061-1cad-4bb8-8b4e-31c136116a27
| MD5 | 6e1ade82711bfc90c9084798096a80ad |
| SHA1 | af145d8298d28283d5f3960e886bb03cfea85d00 |
| SHA256 | 1f7cbc637eff2e813eab3d2050c713dd6ff2f7fc33f4192bc4c2ec7e568fdf24 |
| SHA512 | 3555ab2397db321fb1471d476667d8c782b96e1ecb012222f26a0c4348570e73f4dc27f4731aa34e17f3ed814823e9017e546e15374ae932039ba9d534404cf6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | efb44737ff0645817ba8474baf47d79c |
| SHA1 | c0b9f971161e412ed273adb3585b7cb4a766be8a |
| SHA256 | b4f8743107407722563e5f46ef34eef00ab66a216c9a5d8d097f3bd283abab51 |
| SHA512 | 2f32b74fa9dc56ba0e2aab967e7cb95a9e2dad819c5598729ef40d4aa95877602511c373da537eb2bbd5f9cbbef87925bc1bf11ad4185c70187f2bb2409e4336 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c22830454434b3c1081d60db75f7f4e8 |
| SHA1 | eeb4e1c83f968e879308ef35bae8d1adbd284b9c |
| SHA256 | cd166e88ca7d3e03f80cbcfdaa45d77209b96858481e679540bfafa979342153 |
| SHA512 | 099b788e97a87c9f8f834061a3a29afd6f3be0dd2419a260c14baac36fccd60e686bbe7e2b158e2fdac0c7a8737db51e93b7e28fafad49fd3433a1541483b06f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | c08e886d91ea78afddb13d217d2f5e9f |
| SHA1 | 992ef7cfd310f970407caccd0b0a149e60cd2384 |
| SHA256 | ff8faa5dd2173f778e7bc51b606ebd0322e933cc6a98e9077431673d45f968ee |
| SHA512 | 0fc492b9f70ce3d92ec0442152b45cc83ae8e223c8801cf8d15d67f52cf66e754db308b43797bb861dfd1a588c5e0753f617b1f74cac47ef7d071f60773e2937 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\3804D14882C6E522E96092EB023F05E390BBD516
| MD5 | 3bdd48a6339cb5859336b795dd560bf2 |
| SHA1 | 073d8dd9ab4e7cfff367e3f0fd6912c9bd2a61ac |
| SHA256 | f7a439f2a9879c5613c7486c1af4566c8f05b1dd06f0cf2e12b51a711d9771b3 |
| SHA512 | fbf6cbe236b4cc0c58b049beb7b8dfc5ea24f3cabd5068de478397b7898eac87116429c7a50c9e0b6e30c9ba8fff0e0dd067c7820ecae28e88f90ee9e2ce6a15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\storage\default\https+++uploadhaven.com\cache\morgue\121\{2e1170f2-e641-46cf-b78e-f95b767dee79}.final
| MD5 | 7cb947b2600a10b9c25acefe29b67965 |
| SHA1 | 2f622219a1df7bf60a26a58a34085202c375afc9 |
| SHA256 | 71f8698b23db46414f2edeaa950c94cbfe3dbe3eb6b758819d53fd31a7918270 |
| SHA512 | 3b4c643052fe2a76ada40c1294895b01da3848ccbc6aba33d53d204be08ba2a570c99d809a885c770ad83a1826cbdcb91c3e3a5980a4dd6407956f501cf66c73 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0e3489ce358564247c5081523bc93687 |
| SHA1 | 01d69ef5d26482742af86804b4ddb798def938cd |
| SHA256 | 0de50add5c7d91fc2cb97b98aaad9c5e80db467e3cc746dd7af3db0a7e38efdf |
| SHA512 | f1865cebf47b261633ce606784199193d019611438857eac74c6a7a3965edfd93f918bdc019463d5636d210ff793fb28934f3cb1e0a156d33951024d9f2e39e7 |
memory/3560-3846-0x0000000004570000-0x0000000004572000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\crashes\store.json.mozlz4.tmp
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ec4256ac61f97c9ffa08b761fe243dc1 |
| SHA1 | 980c5f09689efc0d26e279932ed9628308093aa9 |
| SHA256 | bfa2f2dfcf6071ad359a6367696a1a4b8565f2c5c20423253d66e3013fc6670d |
| SHA512 | 1ada134371c6e6718cb47155afa2ead50db40597dc4a147e56e5a2e39d471a35cb0437b24bfc6145aa68ff6884de162de6c7693382cab7e8726aa8bcf2d952f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | aa72bc847e2ce938e11a7e36343890c4 |
| SHA1 | 36ac3235f6c739f50b06309c76be2d1013bb7fb6 |
| SHA256 | 349753dc473ff99724881bdf1fc05a6b3ebfc5180e5e53bf81fdca7f6a33a237 |
| SHA512 | 5e8a5d8dd60efa89dac11e5d365a9c88ea149acf701f319854a326670354e7510a439a104858acdaf557600da803a1c523258a040fc7ddb545da1914d354d2bb |
C:\Users\Admin\AppData\Local\Temp\tmp-b2k.xpi
| MD5 | d9eee6c4d38cb93615fc11314b1c777d |
| SHA1 | e3ed9b7fe3b50c62aa97d819f88a21f4d01a1d59 |
| SHA256 | 429a589d391b2eb25ec526f2b7276a4d89bb84aadabe57dd3300ce09dca5482a |
| SHA512 | bb63db726f2e73fa5da4ffebea0c4696ee4fcaf8a378efb8bac39966cd72ddd3be665e2c96e90a19a32addb8fa6fcf13debf2b1a93f22e211986662d34e8e22f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | db0bed95fd8177c2ff5124e7190e6e7e |
| SHA1 | db3b11b4e24b86448da7e1f9968c3d6377a2e9bc |
| SHA256 | a47aec5b453fefab294162aaf3ff6b05320ae1c06c440f706f23c54c148265bd |
| SHA512 | e42441c0e77c1ccc6e079bc1743eb3230b24c94d4ee825fc679aef5668f01593071104715af06400d63bb42053bf4eeebf922f6924a7c139092f87507e10e585 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 150f6843b81da34fee233113c972a8c6 |
| SHA1 | 8f1f83e7ab4293aade80ea6f730d454116bb30fd |
| SHA256 | e279cf681308a49bb89a4ca695cc3a7477bd557e0452fa4b7afaa00a41bf4e41 |
| SHA512 | c850317317f3f5597b1beee4407926b71c9fd08ad98838f274ee13a7e62e5ff9d2634810367bb72bc74362d8d6de8ec8ef86548c526227f226875da8bc049772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82a942ca24581e12ff97b43f9b712e25 |
| SHA1 | f4044c0a646fd9ef1e87ba8b60552835c2556770 |
| SHA256 | d7ca0f05e6dd95e52f9409b91d6203bdc834ec77919e15f9f9dd341a7ab411bc |
| SHA512 | 26a4e3e44d7ef17a045fc675fad68e57f9f949f1908f30df4c59b53a9f443bbb3c399fffee41ed90c953eb1694deec24b5f674584879afe61bf2a2471acfff10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb8f3acd0994b96ecac8c6ab078b331a |
| SHA1 | 3dc2c3555706eac2f58b7776dc7ddb9885e79ab0 |
| SHA256 | af19bf72c2ed7a3615e2b5c8d3634bce9bcd45f3a88fac5bd87a28cb51d97fa1 |
| SHA512 | 99c2ca732f1f9ccb242bf33f9fc01ed35369c77b4a5676cc575d8e0e6d7f1f68346e789b8db5809e4954fca9fc2174402c9b810ac0015bfb5546f148dbe07f97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97c876fd607b944447655e6c197293b2 |
| SHA1 | d158b7becf7e22fd803eda437a395e5f4d4f9a75 |
| SHA256 | a231153b546012e36a516e247c409609183b81ae9faf156a75093ab2f88b056c |
| SHA512 | 16e7680ebf278c382ba48ebcaf104363bd50d77960950855f52a1600cd1ebf052188ef55f173a995089f0f1baf5f13663c1b0eeecd1b25c26be8ac22adc8f934 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21d0c9b5834cfda2f968baeb2f286706 |
| SHA1 | deca7a16a3cfb787e4a2403b6ed7c871ee92aeaa |
| SHA256 | 64d59be758848e54bb2d9be2f41d90cd00657ef3875d2a3c96605a020c6eda10 |
| SHA512 | 9363057497029bfdb3b142ab75806284f2e610835bc3abdbaf317875e17350150f7d3ce7ca7008946880ef2781263cc00e55ff6cb0daa1106ebcdbc25082e509 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\779FFE4C3579D1E62C970F535C0DA0314A369D0A
| MD5 | 34f0aaa213fad095caccdbf0fc5565e7 |
| SHA1 | 9af6ad5fe5f913b79f30681e00fe5719731153c1 |
| SHA256 | 23fc43f4e8c3757895125f491fff4068574209d7535aa88de8b8e0c872e002c3 |
| SHA512 | a71ee0361d8a73af9ce4b980df081b52aefef4e83c50de1f9a6017f36a916bbec49b0356d5848b474014a14ecf63e5a0542c6a83d88f7d80e4fd3d4b43761f20 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\568BE820794A6DCFB0DF6FE5FC8802CF3774C4F6
| MD5 | 742cfc2ea6ec1435736285f1feaec632 |
| SHA1 | efb3f599f367acf15b0124b9575047c86dc49512 |
| SHA256 | d0c426baf278cc8ee294cd593a555312612b10d6a0fbf6e69a09c64f0a1981c4 |
| SHA512 | 31a2e147bad570549b16075f82ee11a2d8db5f90d4ab982b2215f3db742be30c9ab9e6a4cb37580a9be3e8cc8de9e46f901c4eacb416967e7b6912d1eaf0eeff |
C:\Users\Admin\Downloads\KinitoPET.1ZYwJAyF.v1.1.0.zip.part
| MD5 | 000f4890c77397f9c6a7dd14e7b3df21 |
| SHA1 | a350f84031ab53a8fa82a08399de8acd991f5b59 |
| SHA256 | a4403e61cd1dcf5c90972bb53279eee9bd7fa433a08fe4fd58b0e99557606d17 |
| SHA512 | 7333e8dcf8ce1d7ea361db179a3c1bd70793c715e455b855a4f4cdf6d56eaadfaf56c3110371a34afbdbbaa30e24c6f43b7f3bee4d3e0eba866b574111c7dc2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 18064a4246ef4be4b94f30a21c213fce |
| SHA1 | 2add55e367fd3cee8059889dbd3de70e88830bd5 |
| SHA256 | 0a443f34a944a973251170dbc8b646c904ed9c2c0d3f1a337b15abd775a95577 |
| SHA512 | d5b5fe285a6a263fdf991c675ea91ffbf1f284519fa61dc77444a33b85a59085f6700be2489dc1c19a784065d77606f0579e5728bfd16ca5e1eea6346f24446b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 580ad328e7b131fd465481d754580236 |
| SHA1 | 1fe2fafafead342150efd986c8ab66ee65d9fc0d |
| SHA256 | 40d53196ee99c0e463c35d1363366150194dcaf272cdec503d1a471d914633ec |
| SHA512 | 90bab671d37978d43ea8aa403275b55418a80e17a592529465f114bf95f50a38c684d7f7d803add895114c30b6ca004df18c7f59f64c194f415fb131f59d5047 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\9cbf3d46-aae1-402f-9ffa-4ced59d58d4f
| MD5 | 5bee0a57d9c2e96d132f7c262470c526 |
| SHA1 | e19677c000ea616ca97964ca5fc3a1c2e9946e62 |
| SHA256 | 3019cd62d8f43345dde170ae8f2a3ddef518631919c132563a878db445b04189 |
| SHA512 | 61d3cb12cc81868ec47e865d295083e44e75dce4459bcfbb8559f720c17b8620ba7814e7c649f4a662518eebeb0535ddcb49d68785bf26f9ced596c47ccffab1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\59743308-a5a9-4086-95dc-7c853708a016
| MD5 | ad708d2117283d18ee67690dfe8847d5 |
| SHA1 | 58d237321d00867aed6d51b54f29ebe6b87ec196 |
| SHA256 | d1fb998cdc95caa7f0c30bb208c0be0efb43e465b6ff3f5a3a8b5a516b8348e6 |
| SHA512 | 7d17087c244054290fe8876668706ae585ca0a7310d43eff5034391f5c99da4c2fa5b5176c6207a1066115ca33271366c6e12033846c0c3f5f4d777f80036a5f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e4f1b56d19959d0a2c3a5a8f85d7700e |
| SHA1 | a9528d75898ea6fa6b7b62101ecdc5ece38165c4 |
| SHA256 | 74df8c77c07f4eafa9db43c6575b3b6b85bff2a1cf77ba26c0759a7d9d11c2cd |
| SHA512 | 923477ed19b83b786dab29819e473ae7531e422a455aa31ad5fd65d394cd6d0280a27241df2c20ddfa58b262e6a50799ecfa69e864ed1960712bb6e8098c8540 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 42433f30c27140fe636fa409ca179d9b |
| SHA1 | de988a2fc3e6af34d444008eba732a3154d145dc |
| SHA256 | f532c9ef476726482bc36cb2f7da24e984c57171377f7ffcc5ee1fb904760362 |
| SHA512 | 4f0ba6ebcc98b85d41b231d958e7c0ae4cabb439bdbb5bbb4aab2234e560e1ef3d0802245951e4acb06b89cd6cb745e9b140d794177466cc535455d4896ea434 |
C:\Users\Admin\Downloads\SteamSetup.exe
| MD5 | 1b54b70beef8eb240db31718e8f7eb5d |
| SHA1 | da5995070737ec655824c92622333c489eb6bce4 |
| SHA256 | 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb |
| SHA512 | fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\downloads.json.tmp
| MD5 | c46c9fb488faf64fc9a2bf866994960a |
| SHA1 | f86728893b7b0262786876f6a3eb30c1e0f636d8 |
| SHA256 | a0c415d1bdf2d10a95990c446789e6e6b6453d9975d5f27a18a25de3d25d8f4a |
| SHA512 | 0191e29e372e904f33da5e7b542f45b18d36db14a0ab979371788f4e9af20137f101d604e41dc38ead619a24c600193022aac61b51e5d800f2ff8bc85825279f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 85d6cad6b8bd41560757f8f47b2105e8 |
| SHA1 | c1436d5dd3d81ade65af7a4347630fe6f6af756d |
| SHA256 | 98c965b6d8a8b6ef33c0b2076b8e08e1d914a4518b32af550e20372986f8296c |
| SHA512 | ae9359e754574605de3d5e676a426bc537471a8dddb315b7f13690cf2ef5c49e167d6192465afcc3b59e927605eec5b03f37a05fea84c9fdb9fe2c7598db6809 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 754b42b6c2bfce20ea39aa89e77f75fc |
| SHA1 | 7059e02d806c23d428d8fc4e57d336eb2e994700 |
| SHA256 | fb1ba8e4fb9e8fb420a5eeaad72ff29c50457ddd60c32a214a5d6285f41e6740 |
| SHA512 | 080965484db599ed91ae329140a653044f2ce4f5555b3d0a5e0fa086a030faf9c8d89070654da8f63da5559f030ba8b3eb4d1294e417d01637f4b6c792f61dd6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d3c413f2cd32677286294c8d26101b29 |
| SHA1 | e1ccd8cdb9abf246988ca68df837c93ce089bce3 |
| SHA256 | cadf095f7e3bd70c864f95bfb88e996b5f1de135436a72bd52513dd7c5ed672e |
| SHA512 | 8f7278fd6adb9b3b19deaa8f1c684015425834919a43c5eb317a33f8b5460450ac27b29aa5a668d6123dd1e2eef0fb1ff94722ad68b5019cd900165129662398 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9f88d1dd315248dbe2b98c59fc4a3697 |
| SHA1 | 538dd5342fc024e6b47f7fedb8ff0e0065bb0037 |
| SHA256 | 37a42db6ad9a0fff46bf89d2996415f223cb5027ffbc3c1c067b15d59f29e008 |
| SHA512 | 4200461fce79be6e089d254ba8c6d70f1ee1405b8ba80de4e9bae84e5a59ff2df3c3a938f5265efc18fb50d8cf6c6242d6b83446d1286c5e109a6aa43749f241 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 84db8682446b2e49fc011b2cc15aef37 |
| SHA1 | ec9ac6b8353b8be0f8cc0c24755f82fffbc969e7 |
| SHA256 | 0ae95c86379390ee8fe9ca8516036dbba6fb8dce89fa098b0638a9f63d60ee18 |
| SHA512 | d48d995c03eb2d62967b86e0e3cb5ab12a9096327f32bb691fcde1e281527c232179be928a9cd3a42e00e8ffe3f44dee67db1cc80145809cf943a3db33c24b43 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 995fe542fdacbdd433f7820467b7486e |
| SHA1 | 8887386845e8a1888665ec712428dae7cd7c4c2d |
| SHA256 | 8bb45c70daf90c8023e2eafa196cd6a4fbaf25f31c9a9f75557681ab644655d1 |
| SHA512 | 22de3ef8c97bf8930834165aef8e193adf8573aa2f31aa6be1e24df16e977ed7e31983a756792237b68dd01a6a1134e23953093dcc2710aa3c1d1527655e824f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 606f1e79a803ef427c6ad4e0b6ed6b11 |
| SHA1 | d8b2d905c7a4cfd1ce6c56f014360c094e8f36fd |
| SHA256 | 72cb1a5143fe69da5ef56e8ddc79c34ac4b9fa96adcef5d182d1c27a5380dab5 |
| SHA512 | e3eea167eaefd269eebe1237b18213bbbf3a2b16d4221a0aa8ef3c361641da0b7eae3fb5eccc8a0743e23136056bb13950d0333140c6f91d09a3587aa3a30281 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 01e83f91c2a7042499ff63f61dbcc2c6 |
| SHA1 | a80eee7b21845b77a1b35aada3a1be6b9108c2aa |
| SHA256 | abd2b2f1d63cb4ad867d455cbf5a9de3524d4296d58a8d8af508944166e06134 |
| SHA512 | ba64c370271433d2e6171e2b95e6b249518ef2b5543c6c51a4a07855cd0321340fb6d9d8576b22cc1bb6fd3e75befb44bfe8d94cd1fafeaa9597129061324f8b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\extensions.json.tmp
| MD5 | d000adad77672b9cb98fae2083cf2cd7 |
| SHA1 | 6e14b79216a5657a3acda83b778a5d2f1753b441 |
| SHA256 | c84dc9994f0f894f1d636fe3a69b88cb4ff93ed24675e765ef5a409afa162abd |
| SHA512 | 768989a5a2fe4fa79aa9aa51c5bd1e4c6f7c79c45a9cdac4535da58930da7c8526b9a32ab954e12777c50379db9333a2bf081cd561fa059a77890005848c4e76 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | 2ed6b27040702704271d54b2bdce8122 |
| SHA1 | 0c56341987433e7b8f211c263387a8f8abaf4b4b |
| SHA256 | 0baa487e3219570c81458faca136ad5c79861454042e25b0f9a75fb222cc620d |
| SHA512 | d9569bea38599c4419758464269b169c5204f1df10b707c38571d01aa24376a40e97e3070a63e00aa9d9f88a9a876dfbc359974b519ab4e74914d516f85e252c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0a444616a6f5099c4eab940e08fed082 |
| SHA1 | ab12aeed49ebb87fa60f54192746bebd4711a632 |
| SHA256 | 4ba762b50db4eb88035c20b17a620a0db1edeb39e6246e39bc61144a36f0ef8e |
| SHA512 | 10736f90b36ea5426fdba845adf76aec139994d6ba37e19be16fbda4916a91f5f9c17ab3914deb5725c2caa1657620180379bf4720ef8113415b089e3cbecdca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\49f25ee5-1e77-4fce-b63a-2879b16282bc
| MD5 | 624319e37bd6945715a87bc5b4a91f33 |
| SHA1 | 8421cde659ff559e8302e84ac0b7ed18e3823a09 |
| SHA256 | ffc57c2c1ec0d5e263d1ae80ca995acf956dbada467d9dd3cfaacd5b76b56a6a |
| SHA512 | 3f8feec23cfb1a263c0ee1b86e16c9f843123becae3216f7fdff5a4bdf05a4164404e6b0f03f1298afcdaa91d51fd746b5caf8ddbc5d85901009f2f014a2e140 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\7fa05034-c05c-4912-b531-f5dc3b0cdbab
| MD5 | c565003f9f8f06a605b65cbe5a0b8e67 |
| SHA1 | 367c98bc1067f7dd583c9d6efa3345d829d937b7 |
| SHA256 | b693252bea2eef47929346d3ad855f43fbd5d7a76341576f36bf4d8e3b776007 |
| SHA512 | 2288ad637c1b33401a84140c5c6086b1bded0ee1b1408903a5c910eb289b4702339613ab93f1faaf207f07daa9cf3d4a9716847598a03634b1e2123a17effc21 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\ECDCAC02BA516C8E7D07B971A01197260F341D74
| MD5 | 9063c7f801de746375b623048f2b2722 |
| SHA1 | c7932b066f97dd884fd966f5982ed5ed101039a5 |
| SHA256 | 244e5277fd7639a6635d21b6ddefd6da834610d4e59ed6f4d832fa24ad1dc4db |
| SHA512 | cb3f3adaa2248c4709f827344ed7b256345a993ed7c17e4490de285a2e465eee41d2008f50360b3e7b85c09be12655502c9c28000fb3b5e2bd29caaeb827305e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\thumbnails\1dbb17a98f851b3bdad5dedd90f72387.png
| MD5 | f5392ad92c9d20b5fb7f5fcbcce6fd76 |
| SHA1 | 81880c412af81d20be31ebcea924f76334d69c77 |
| SHA256 | 1d05b80d52d6f94a0945219f97db3d14d8d27c4558df6c6e08582ba93e8fb6c2 |
| SHA512 | 311a60670dfa6cdea664c75aea7dd4021ea2d931da441d3a800cc4eee33a08010c31637fa30f7a01dd16f6ff80a460fc436f4c5d5195797d9e560ee982ee81af |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f69c43a9a16fe1edde61d5ad6d13ee27 |
| SHA1 | a42470ff416be9d0fcc9ab1918f2e33b68c37edd |
| SHA256 | 5546dcf1b9170b7d43e642a42700d1b6d611633c9cb8dbb7f569b06320bd0ea6 |
| SHA512 | 551da5a31f77ffc5122da44c1f6757ceedc3c285c365ecd7e2af705faee2a58d9375996d83f0131d9c3d1391987da9d5a16edc9a1072656a380605bb227c71ba |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\doomed\12164
| MD5 | aa2e68ac9daff17bf8b2c913ca6743b8 |
| SHA1 | b3b3d9aaff25ade0ecaab413f21d8420b5a953e9 |
| SHA256 | 97aa9a0fdacb60078cdfce5657d478fa36fc9e25caf8e18b09bfeb06727b6d8a |
| SHA512 | 6a72cd3ed919a906540135f3acaa0d5d1a1567ab405f0a5449ce12e58208297cc22f942259c75faa35ecbc39f2ead1f6b951274ede66299478ced898751efa2d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\thumbnails\1efb8437e720d2dd19c2da2a783bd64c.png
| MD5 | c95d7177b6d97eb6e15eddd3e8965c9d |
| SHA1 | 52c12039600f80d3fb30ca41fb88e2353c33c4d9 |
| SHA256 | 52838bd078cdbaaad2e121ded2a6f1c14d6f1c45e8d6963de092c57d4985ec8f |
| SHA512 | 15c37f80523d5e8540ce72573bbe61fe05b639b76d1e5148844e5080c09823609372462c11955e1bdfa543f93c86ca9a388a61301f6aaccfefd83571ca154526 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\thumbnails\4b66d06d970f8960be1f55d5fdebfb85.png
| MD5 | fc02db049d091e42f9c9857bd390b101 |
| SHA1 | ea1574b2d0bd9b2c8645dbfe80915a52e82812c6 |
| SHA256 | 40b1bb64fe8a4fee70a2591cae2574171fd43255f51f051c285c7a32cee7b172 |
| SHA512 | fdeb347870ff94f55faf91c32d1906c552eddf8091bf52df2b2fc3fe0ee4c8846382b1b5cd5b8a947175abece84565356efc68a27c00aa64421c98cd9c09d6f8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 02fd343ff5680437c56138953ebda0cd |
| SHA1 | 4a12c23281248fe0386038537ee073fe1c6185b0 |
| SHA256 | 32cb241ff063fc9facdbd08e4e742bdb8527fd19d7add186aa44384a9a574b03 |
| SHA512 | 2828a6e9e1644aa042d8c4c0d8f33bdb41dd2065a23f0d1662fbfbe979bcd635a69f140484756be26a8a4f28983d01e726a02fbf2fbde2a74f481ea27fa79183 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ac7874b9b4321f60a3e82a91c1e8e637 |
| SHA1 | cfd6ac50a7c84363af0972f1fe806871d96b87a3 |
| SHA256 | ae501a63b1b3379759ce326394f54bfeb044795c1762bdbfdb42cb8b7388c3ed |
| SHA512 | a13a9bd98e5ac7b963c03f69b92493b58b833582bfb9f90e8bba12d6a26196b43aaa65a8c98e835cbda8e00faccf09597f58a1d5797eb123ffaeab300a2f0342 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\01ABD05F24B7C929E9BBF7B620E2289C4EE00CD6
| MD5 | 0f06bc83dedba1ca58a6c906464bc99a |
| SHA1 | 80ab714d250a44071973a3e12b8df1199793731e |
| SHA256 | ea5c1564b02731e30c16a01a44fec7a8d672e7ac2cfaa5e3a4730ca96af9b7d3 |
| SHA512 | 327e3183a238e6e07312da3d508fc0347b15016dc94352dfaacc489283dd388bb924ef0d63df0a0fd42f805629671ab37f084371d19002f9bc930ec2cb550e0b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\1243152E7867EAA24697321508C34F9CEF98EF1A
| MD5 | 7785eecf50a49e03619a5e37ec738f3e |
| SHA1 | 343cf42727989cce79b2304ae6ba34295ef25cbc |
| SHA256 | 3190f5ad1a6811c2250cd79d09d123bb1d6e5de8cb6d173aa93d88832f1d9c98 |
| SHA512 | e8c81371e170c3ae415f55624f5b4ae2ea3b5312b2c93d6eeec89ad981bb664db10a5663cd539a651638ef573c5aa21cdf7ecc74fd50ec85f6cba4e57ae89ed4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\D105AB5F954C0907C9073BF810F90A3C36C6D3E5
| MD5 | 3a13a1d8fd6abbe1f7fab8c05cf18eec |
| SHA1 | 15d3bf3dc3a5ba827633b7af01621bd237852620 |
| SHA256 | 23a0f0fccdf48c0f36273e4fc08f745031948ecf8d9e8a74e82ff61cdcb24170 |
| SHA512 | 343f129e26b7365af69e426b4acecfb3cb5fe050c5178c87b2e7871772da2e843cc3438c5eccadb30e18cc35c651b901bde1c6ca05984af68e206be6df638f4d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\B7337353FCAEF82D4CAB849A66CBEFEE641105EE
| MD5 | 412dd073687889e8ebbfe709d62d3928 |
| SHA1 | e18669b8b25107a8a8505bf5ddb7f104f66dbf5f |
| SHA256 | 691e4c49f48643181f82585b7716f5522b91e853f509b4eb0c77859282611c4f |
| SHA512 | 27e73710f8746e19098617aab1c0107f2fcc32d8345b319b6c1009203544e1f2224efd2f22fa29e425802b9d82575b79d125db4ee799d7c5ab612a4bc97071cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\BB5FB70C74C290CCB9F25BF1EAEDFF4CAF215688
| MD5 | 9f3168f5f922c5d09a438b160c9c6d22 |
| SHA1 | edac08011ce3cc1a762746c42944ad08ba842fda |
| SHA256 | 38c0fedd4eaf8929d42430a511aa6ea6b80c0b6892a10bd40cdd2639dda85431 |
| SHA512 | d2edcf9a315d9650d80e525fbca0ba294e3a43dece68f8f6a1dda50c94d0d79b69d7a7747eb9e8a986cdb2f1af54be79694dc0b13a1f4f4a40d1819a36c8823b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\BD518506D48E5D9A2A1A812001B343D87149620C
| MD5 | 5c321860901f3a3564b21e32365653d3 |
| SHA1 | 75b38985d1dfe55a2b96a4778b32ae7a30c0f8f5 |
| SHA256 | 857809b35923c96608a1b8103d91c2715d37a6a90295da4c86f383a0d3edbbca |
| SHA512 | 12fba610d5ff341d5c8b2f679697facf69695252f4a5a8cb41f4af30913640ed66ba8351d8d14de1d9f55d29293c63ce710803a7fcf593ca56df8bf1d85c0604 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\80285EC16EDB2FCB53FE4D6500B0396AC776DCD0
| MD5 | 237aed1afe8726960a2ccaa53f6ec15c |
| SHA1 | 5be4a6e716220373f6a57f3d372597785c2d6f7a |
| SHA256 | 74701cc453c08049ee6adf0f327cccd1bf29fc28ebc5bcd701988b9cc06e28ea |
| SHA512 | 1dc20461f3e34e550d335658a4941e3937d766d34e5fc6904e5ba8a500007aea603e457c7714ecbb6227fda8f8875c8ca111e29d5e61f7ecd2daa3e1f97f951d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\D2764A516583A378D0BA2325F933EF3C538EF129
| MD5 | be3472a708023212f18a721e5d019c42 |
| SHA1 | e50c102ee745072c282f8acd2fc320d78f431937 |
| SHA256 | e67dd6828de9d5d6565c4af4e1cf61cf104acc0f0ad83f589380375f95c6ad89 |
| SHA512 | 4127149b3c928923c6a80db831a92ef819a1babaf26b85ffe8bb7321a06d69830f4eb78909c6283271a9888636ae74de05ef7880e5cf75db02f08ed397147cd5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\E44D8EA2BB95FA202605B58E615B3400B72A14D2
| MD5 | 1e1fc02ef6198639568fd536e2f6e615 |
| SHA1 | 4541c0501d132e7a63e3e74992ba7ee474d06d4f |
| SHA256 | e3bc2e7216667f2fa567312f7f1a2e7c08ac8a0f7a6e07ebadce3f776abe1468 |
| SHA512 | 540f767ce5e9dff773c8de268fdd98cbe1a9f8eb4d50776a2f2f7547a250fad53f106c922ad52788fc8bdbae0b0ed5444c920a50dde4b7c27f06581cc3caafe0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\45C13727B6DB444F70F2FAA20129C63BE433735D
| MD5 | 7f530673d01acd0c354f8aa9dfd68e53 |
| SHA1 | 0a9b9feb798ba6cc8f41ba2c6b02d8f8689377e8 |
| SHA256 | 16300fcfac04bfee6c71abf8ea72d45d10dd07556fe151d03eefb75383e108d2 |
| SHA512 | 9531bc45609f6763d8f8445bc2b92bf89ccea594e0d5f6c75c7ac57c394fed17837814fcd0fb004ccc2d42f6de27152637909d5fa7eb14dce36cbf711c6da0a3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\ADB77CF89BB7C3EACBA0400910D8956D4F8A5D23
| MD5 | fe75d310c96859b15868930609afa9c1 |
| SHA1 | c8a8e61c74454f4dd7e8ffe635b473dbf64eb381 |
| SHA256 | 2a5c780a66404393d32bdec3b1428c024b66a45c8046020dabefb88aed01332e |
| SHA512 | b0baab6b57d9755fb9149eac2bf762bcbd2af98cdfc753aad7f19a50de5c3d3b7e7d3c3f85d68ccacc0632095cff91d6838deba22d54c0ccb06d7f1baf71e60f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\C471E1231FEC7D8FDB41B016DCED83CAE4DBAF27
| MD5 | e967322854506621d93c54af09d0ab9c |
| SHA1 | 199a7cb2d856a5eb78caa05931d6c40ea705e2c0 |
| SHA256 | 64a5099ccc1a21820efbe57a0d6f3a537e5e09c567676f1c5f2f02ce2ee0e684 |
| SHA512 | 0186938f0a6aa8eb741b29397951b5c71ac69fc6184141d62358b00d7d3793128939d1875f91588d59c91318fce03679eb7583aa85474c771853758f4947a27e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\F54E7030F181831909BFCE5EACACBD3D867BDC0E
| MD5 | 7ab246ba023beb15bbb2594ce69cbcea |
| SHA1 | 68bafbf918d0ff97a6405a46393a9b0f3d19e104 |
| SHA256 | f925366c696692db4cf03a949fcac205a8c1edcba2a59e4e0af538bea5849545 |
| SHA512 | 698a59d47a6eb0baa66979c3053b394e7b63471c8710ee3b3c7bf2ae8826ad573d141a5a502697ada4bccb72baef003ff80cd65b679331665594ef39a65f6b25 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\1A46D3B03B4914D068209FF81CDD6A6313AE1758
| MD5 | 4995ad9bb0b0ce5f2947b0d0820238a0 |
| SHA1 | e75313b539c522df5e15e4ca39d922e257b48489 |
| SHA256 | 918b706c52d7999bb1a2407b40b541c270a0f8e5901e4e22935ba75744cc2b98 |
| SHA512 | 4ee4bcfaba06fbae60aec2c695e5455bf22355c5e835e17dc9cd52fc363c9757e243025a1aa2e6df9373b945b8ad35ad3ec65b7fbcdb5d6235cd2927c22dbb8a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\entries\93A3F61C53110DFB2A449EAE79580128ABAB08D7
| MD5 | 015409a4767f6e583a9aa701dabb9e97 |
| SHA1 | dafb4c8611dccef84e62fa4a2da4ea1828e22f84 |
| SHA256 | e1ed170d92c35fab8ca69a76770b2acb2832ac20b51ea4202c6773d3e35d6a0d |
| SHA512 | 66fa4d9bc49537ffd5ee31fd2030c866194418803061848504f9c60f25a8200aee09265e58d49ef7a0fd9544d2ac408a0be66766d626354c728926680853345b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 249bd8bbb34c86ade7866f5a72f3f321 |
| SHA1 | 8a855ca007f842ee3c74ccadd63ebc69af684c4b |
| SHA256 | 39c557a49fae117081adbb75c1c05942a7c02420bdb73c1a1fb959c38e353a28 |
| SHA512 | 2f8f2d955a9256dd66f8c04719b4faaee7dbc727d4218f0f72b27abf4c32cd9ec67ed864f8d5bb4a69bb5ea95738b3e58b5f4e7014fd87a7cd48fd5021fe4282 |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-18467
| MD5 | fba93d8d029e85e0cde3759b7903cee2 |
| SHA1 | 525b1aa549188f4565c75ab69e51f927204ca384 |
| SHA256 | 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764 |
| SHA512 | 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5551bffb56b00b147e5a652ec3135da6 |
| SHA1 | b4e6793d0c831ac1526139f044f09e58f289646a |
| SHA256 | a799dc3d27530b4cc8afb26692add4d932bdbd8dcf3cb6c2e6d93b8fbfb03d06 |
| SHA512 | 7724b956cb2550067a254702d9083fb6cef3b572325a8da23f72eb8918d13638d25c17ec7d10cd10c090097a8ce3ece407f9df50dddfdb99c44f988d3fe12903 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NK5R7P2JQALSJOWUT8LD.temp
| MD5 | e2ed3a3a709cd3e18f467e65602974bf |
| SHA1 | bf3547744371d36f495a603e81127afed2c3f8fa |
| SHA256 | 995005478f2f73651cb1d05036f1d96bb3362802c6feb40a6d2fc867b54fc221 |
| SHA512 | fe494c4c09eee310046738064aa335e4435ba9e2bcfafffc823694903700f2c6938f8eccc25db8fdb552f7f6b8393bed7970fe159a576734d4a65c7e8dd371b5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4
| MD5 | 17dd94e3b319c64468e7d55a0a6c198e |
| SHA1 | d34e91b3fa2ab4ef3ea7885d72d9a7e78d033a2b |
| SHA256 | be999c68e4a559b883c232b4ad18a8d74066f8c22dc8901afe55070d6a45625a |
| SHA512 | 3775459b2f4c9b0fecec8f9242154e94e180df6c72c744c3947bab7ed748f3c72c1769ffd5adf155bcc86cafb2aed97b9b4586b93e8e59eed7b7f87c64fd62c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\places.sqlite
| MD5 | 546bb4cebdb2e67ca1f8e91b0149ff8f |
| SHA1 | d216069689482ded8ad42a91de78e4fe32cae0e8 |
| SHA256 | 49c2f4fe54f1bf6f12c622a99b54a0ee83178728df6503b894eac21f1582d308 |
| SHA512 | 22459cdf70fb6f173adbf46fa7039b1f9b0967b05cec26a43b5c33700faea3337a01ca1c624bcb21b51e6a94f0de509fe1cbacb08222da7c06e0412eb6eb4b7f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | 51ad5ac620e99ddd1da3ece8ab7665a0 |
| SHA1 | 4227cfb47f860c3a545b5f5c2a82245fe78210c5 |
| SHA256 | 29a4f4775447ed3162f7ce22041c3898a6f69db910d8d5a0674dd702403910b0 |
| SHA512 | 633e9eced16b36071170ed640f516c43a45505f69b598f783ddfa698cd1d3e9233d9052ca1c10b47da3fc046cbaf74ad40006cc6899a64f688bf9fef43fd1518 |
C:\Users\Admin\AppData\Local\Temp\KillAgent.bat
| MD5 | ea7df060b402326b4305241f21f39736 |
| SHA1 | 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2 |
| SHA256 | e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793 |
| SHA512 | 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0 |
C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat
| MD5 | f80e36cd406022944558d8a099db0fa7 |
| SHA1 | fd7e93ca529ed760ff86278fbfa5ba0496e581ce |
| SHA256 | 7b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7 |
| SHA512 | 436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTEULA.TXT
| MD5 | 7070b77ed401307d2e9a0f8eaaaa543b |
| SHA1 | 975d161ded55a339f6d0156647806d817069124d |
| SHA256 | 225d227abbd45bf54d01dfc9fa6e54208bf5ae452a32cc75b15d86456a669712 |
| SHA512 | 1c2257c9f99cf7f794b30c87ed42e84a23418a74bd86d12795b5175439706417200b0e09e8214c6670ecd22bcbe615fcaa23a218f4ca822f3715116324ad8552 |
memory/3048-6817-0x0000000000020000-0x0000000000027000-memory.dmp
memory/4692-7022-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4692-7021-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/3132-7056-0x0000000074FC0000-0x0000000074FC8000-memory.dmp
memory/3736-7057-0x0000000074FC0000-0x0000000074FC8000-memory.dmp
memory/4692-7058-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4128-7059-0x0000000004500000-0x0000000004510000-memory.dmp
memory/3676-7093-0x0000000075710000-0x0000000075718000-memory.dmp
memory/840-7095-0x0000000075710000-0x0000000075718000-memory.dmp
memory/3140-7094-0x0000000075710000-0x0000000075718000-memory.dmp
memory/2728-7133-0x000007FFFFF60000-0x000007FFFFF70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
| MD5 | 075ed61ad7472a41fd0959e6339b71a7 |
| SHA1 | ac4e734a94974bc3030e28cbc8ecfddcda9480d0 |
| SHA256 | 73c817ab79f1766619bb6ae9d0bb7ca157feb815141845923fc8393ffd2d0350 |
| SHA512 | 3b9d192b4e1da9c504d63587c1cb547aa5089b04602967cff02c0f97e5cd151cbc0bad49cd1222588b3401f87ac65f4da1a300798b41f6e48aba8bc0bebe0907 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
| MD5 | a6e6612df909f96f46b14bac4d1b8664 |
| SHA1 | 48fba2f5e1150c3f397acccd3278068f50eed6f1 |
| SHA256 | b7c495c03c30005ac0b33812789fbc8a614ed2eb54b3b8e82d37aa7ff0095f02 |
| SHA512 | 11565a758019259b8ac720a6ee341d6799d17b8c8f0947dda2f9d275a38c766508344a5f2074b4b05087a0ce1293360cdf9d25a2697989539de74cc05e3206c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d82fef162c56cdf7c655a5d651e1af0 |
| SHA1 | bd626aaefba6b8bedf81bcc0c6c9830a32bdf29f |
| SHA256 | cad6c2339f19dcbb64da7d108b90d8b617a63c8c4f38b2fe2d21919635c2d4f8 |
| SHA512 | a84205962c826e6c9952314dabc6db4bcd88bb5a68363f629535af099f30e65d50e4305d7061c389ad8845d3cf15252063bcc33cb4cf56e84b5695d2f68aee01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c730a59693c91a7911514bef8cbeba0 |
| SHA1 | e8ff2d48ce115a430d3b4624a48349a08dbca9d7 |
| SHA256 | 44a7d15d2b933eaa4e35b04f1fd5bcc15137879b698c061b8af100b9f9ed9da1 |
| SHA512 | 8ad85a59f26b3f671c11b186bdf0be19b1a477c1e0f7d914ea95df317307251c60d0fb12e73b0ea7f4ab21e7a3e85faa7708acea4b5954956380d987ae0d1aa1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4b1697287ee9819602bec59ae546025 |
| SHA1 | 422c11ec73f7885f556cc3939e780a5caba34b57 |
| SHA256 | 4eef3967080c628ee93cdd9f8c56da2b7e1179957c45ea92cabef88a18443ab1 |
| SHA512 | 4af8932733101a6c55e8dd09c0c2f15f0a8cf2d46925184d86ef05850af8a394a942c103fc212c365b44bb3038fad4502e2592d105491d09d17ca52d3466fd8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d799e57cca6e9bce0bcfc9ba8d05c09 |
| SHA1 | 13a9c7040752bd52a0823de8014ef61712beae7c |
| SHA256 | ea4efbaee20d490e495b2a3b895802481f700aaa4deb88e869d9d3166023ae02 |
| SHA512 | 40269f3736269039af7bf245c8c6548f421d5eba2cfbb31a916ab62a07619ac706177b40d6167325f2004994f248a5aedf175eeec07c14ef5c6e585f546afcaa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12ca6f57043b6715db09423452319b28 |
| SHA1 | cc6423e5759ee6e8e1a2dd38ee74f502a2781160 |
| SHA256 | 92805b8e898aaae39b1463bf2f75a496e42554ac6b1a9c61881d8f7bbe99c5a0 |
| SHA512 | a7f54d84b72ff367c10f1ddb70eb0d527d82e57eba7c2f60935a13ea03c33a5a08e1646989e3a967b79e0435c630e2cc859b8142e7e50827a009c5a6999b7ca1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74fba4d17fb61885d04c6723218c88ac |
| SHA1 | a05ab5e88aeee1a41fa75183271b6ea64aacf0fe |
| SHA256 | c666b0b52a13fa64fafdbd86cfbef3d1590cc9fc667b58107ce742fed548b152 |
| SHA512 | c90546b1dc5d1572cbc2c3ed95b3c9b626305d67d6ca6a6c4efcae46c18e7cc9f71b2c6c4b06c8ec2c01946bb9aa47883dbd7c2f88eb3821c3afd0555c8cb632 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1c7e5fb84c33a1b7ba1704fd438f3aa |
| SHA1 | 1891f74ad81053a29bc3702c148ce397a0352af0 |
| SHA256 | 7cff46615f56731ebb975cf031388a73e3c186327561b1c4536417f9b5117194 |
| SHA512 | 6472cf8e997b5829204f49638e32d3153bf4150bece12b6a0a6fc70f2642c2a1d326e6df58e95036c69c18de7c274b9b7a2c96f92fbe1d8fdf6f9ea6ec4d053c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a133ec4edf2343739c7e49102d914552 |
| SHA1 | 463a37981d9b2f3da54d8612c8047b601fde37c5 |
| SHA256 | 1cd92e392f19c4ba116715bd1183effa8e5d235047990ac9a5f9776073facc4f |
| SHA512 | 3e23274766ded1433de5ffea116a41840bfb8c222dc5309ff3b1731115bcf940237e8afa20226191f9b8c5b7e8780fe6db77db339e5cb35ca026b8206c76c7ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0af4d8e312e4bc427d2f20dbf25611d3 |
| SHA1 | f618f28f7d95e107205e703854674bcaf07f52e0 |
| SHA256 | 7438ff0ebf967e41458ab62fd045068ca286dcbc96714886e059e76fa28d9095 |
| SHA512 | c0dc04437d3d3b57728e9ab59a70387c4f03a5bc147cb1b995eeb620a38d2a06f1e6494591638caaa55fa220853616152a53e3dda095d6a5c1dd9d79cc199e8e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 6324de8fa4a6cfbeb82c18420e9a2292 |
| SHA1 | 988883d2e030f7a3464f4df900812461549aa097 |
| SHA256 | e83fa3f48429fbcd09a6c4ae8b1def9fa6bf3edc6e5e4061a32f3069968c4ae6 |
| SHA512 | 1ec0c00669977bae08f2f38fcbd7e13ad0748bcd2e5299787849ec8ad3f2034abfea20c97bda444735d01b3cef66fcc312e7d3ab844fcb98450346f75fc3014b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\f0bea17f-0a67-4c9c-85a7-cc9c8fed6752
| MD5 | 9c80486877f27999683e87e8578d242c |
| SHA1 | fe2780354d66e5e94553f5b47f40843e1a28b6ed |
| SHA256 | 6a9122bb06d06ecb38a8808506c295f34487b5305f2ae531a4a3bfbb5f0a4b57 |
| SHA512 | 849bc3d5978b4f1305d6f052a38de8b819cca93661adb45790a9ee425db3f371caa097d1b58baabc3172a904059bc8e207d8ffbacc1187fd99ef2495362ca11a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\2395c5c1-b05b-437a-9656-16e577a092fe
| MD5 | b9fed83f3cb60b2a07b5ed675c8209de |
| SHA1 | 4613b1cff7577fc57a8595ff07d14b86a35fc781 |
| SHA256 | 8e3a453ec9ac0acf1fdfbba067b0a22651390152fb6671ab2bd2fbb1a48118fe |
| SHA512 | d4e947297b0d099da1c20e10da27503f97788334ab8fac857fcd7a48201c46d28560d52bab29cb921f88e43c2ee6b2f1430972e8f36ece6eca2d13685d69dcd1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\extension-settings.json.tmp
| MD5 | 34922a0c15d7b026452f83d1a645bbc4 |
| SHA1 | 2261e6a97105afc22f21987e6d395c73781bdadb |
| SHA256 | 2dd72e0fac57fedc5a57fe4140acd292be6fcfe8fb5dd71dc6613983ad84aafa |
| SHA512 | 9a91cd84bcfd3a63d5976478f2ed41fa2a119facd58f9e071923136b4ad02103919150ae487451fa9985ec8549e57730834adb27cc6a2d0a46d46a1ffcd392d1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bfd13d688d8e4eaf8ecaf299deef5bf5 |
| SHA1 | 6d0d9aaf851975e53f3b7ecdd564e277b65c6fb6 |
| SHA256 | 0aa265805d7c4145f565179671271b2c237df08789c0660f058e4575fda0660e |
| SHA512 | b3ffff6d4b95b7ed07cd88ea36f14f152a06e367777cb7f8f314307d0ee588d3041c4c0750f4770b830d00f019706ef125e97912649b9eb217f05266f02da595 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | ec43271fd3b87b83bb37938e49ab8ab0 |
| SHA1 | 88a97a3527ddfaf2303c949fbbf6caabc2c620e3 |
| SHA256 | 3a36cde94e2d0a7e2aca9a7e708e13804c0be8f21d3c6d33feeeaf7ae8d137a5 |
| SHA512 | 8296d3a63ac206c465d1f05d9cab28b421582a28ecf189328033ac363b8d8611535b7b4630399f362e4afbd5211d4fac4c9ac11dce02f9ebcbf44e04f59a8812 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4
| MD5 | 2619a2c27677cae3a89c2f90f29391dc |
| SHA1 | e403e5b1f6a335c07f6193b22e0c23cc001e820f |
| SHA256 | 7162f78a6eec63df8513058ac2a92cbb8a3d83eb580ad89dc755b99681b72330 |
| SHA512 | 3a1fde537016d821796be1580585db840457c67766f6bb0cc8df357e52decc9ba0d3627512fdf41159d1808f4ed5d455a21b5989107344145af29b7ad5bd16d8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp
| MD5 | 66bdbb6de2094027600e5df8fbbf28f4 |
| SHA1 | ce033f719ebce89ac8e5c6f0c9fed58c52eca985 |
| SHA256 | df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc |
| SHA512 | 18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp
| MD5 | 2d87ba02e79c11351c1d478b06ca9b29 |
| SHA1 | 4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1 |
| SHA256 | 16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524 |
| SHA512 | be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionCheckpoints.json.tmp
| MD5 | 362985746d24dbb2b166089f30cd1bb7 |
| SHA1 | 6520fc33381879a120165ede6a0f8aadf9013d3b |
| SHA256 | b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e |
| SHA512 | 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\xulstore.json.tmp
| MD5 | e68cf528f9dd6a24c883de1dfed4efba |
| SHA1 | c289b211eb0b7e74aa265601a0a434a5fa69a539 |
| SHA256 | 06d49441553ebe0645fa10f278b50a45517899751236fccb18293d6b4eef3bb3 |
| SHA512 | a0eb7ee19d7dd0587e3e8f159c26a463ec78e56585e0d3079ed64520192955dd386fc09b95809c7fe2eb671d82534f196f96e7f09b0e62a9c07cf54ea5a08567 |
memory/2728-7986-0x000007FFFFF60000-0x000007FFFFF70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
| MD5 | 191e349e16e030b4c66ee6322df469a0 |
| SHA1 | c46fd1a1ab5739938bda014042cd53aeff044581 |
| SHA256 | 95418de670a6330414a753a441fe62e8e916b8317f9597ce56901bf48526dea9 |
| SHA512 | 3cf8424d3420500007f48785a0f8db019add3871d4758daf2e87730c7dd9f2b7cd014f5b4a51cd6a654ec355a327da274fbe0af4970e094ba7427d6cb5b60241 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
| MD5 | aaa925d637359951e611da824cc6642c |
| SHA1 | 0f114b1da3e265b51bcb4ecee62914c041abd691 |
| SHA256 | 667cf0332db8aec49c2f0143a36e7240b35ecca8600c4fc73be4e5249ea82f0b |
| SHA512 | 0ff96d3eb584fa4b7369274070f6cc9d9efc7b0f983718a8a2e822136bae81472d6a523768cdd6ef98368c0c2f2fb0e90165e83cb4c5e69115a793f922bdab5a |
C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
| MD5 | 1d01f30f72c9df9d9a21e5a22009335b |
| SHA1 | a05f0a282cfd0a9e0cfe44cd39a51aaaf0797572 |
| SHA256 | d65731a648fea6bd44c632befcee7b08b3753eaf37f7f1ad0c2dea44db11215d |
| SHA512 | 71f664247eaed58c77fc6fd997bb7419c2221e5bb7c3ef5525362334b6293e6d6caa86a31fea87e4b18f21e8bc029c68dfaaacdbccaf6e68634b893bbd630c5c |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini
| MD5 | 988ea61855eab89ff1f69e884a6bee04 |
| SHA1 | 5d4792d34fe3939301eefa968ab5b5e8d415aec1 |
| SHA256 | 010436597702c768cd6f56b169a523c69a64459e5ef04fefbeaaa1bd087a6fe1 |
| SHA512 | eb8df971b4dfacb0772571147e32a191161848464d24ab3be690f7308378004259c03375618ffbb332316b8bf21f637ce7fe694322590d9b56af65695e3d3b9f |
memory/4848-8098-0x0000000075710000-0x0000000075718000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms~RFf870af9.TMP
| MD5 | e137890250f3d8a1ee59907e01fab402 |
| SHA1 | db870f37394ab43f63030d4b96dea52ef39204bc |
| SHA256 | fc7b5edf0d7b01bbf919e53f1623a21630a70d738b2b78491bacedf726db0194 |
| SHA512 | a25cbb24207abf1552e30eb494db31c543e3f4ece3f10181b6e3fcde50ecca22599effa8758186b10fb223ad6bf9934e5efe6dc198a6bff944fb955388e5b4c2 |
memory/1328-8111-0x0000000075710000-0x0000000075718000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
| MD5 | a47c0d861431cdd3a1528c589832ab42 |
| SHA1 | 52e2f8d63f99c1f038e25d85104792b6d47c73be |
| SHA256 | 70692c56664371ef27e70fa63878f77740688e157500effe6f96234423dfd037 |
| SHA512 | 10153baa8a5e86fc0878956f1632b139c1f2722ee457a72c23a4f24543fd639dea127166b18c459080fa714cfa578920041b18b00684c23ca750c10cd1099439 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BonziBuddy4.lnk
| MD5 | 1f8ef181c872ec50cef8f93f04ea6b13 |
| SHA1 | 57166ce3a8ae76826af7e8d4e52ee4c32764dc6f |
| SHA256 | b0cdba5f399486f68e18bed54f3ef4ffcd7ebdad3559511c1d4a92fcfeec1f50 |
| SHA512 | 326ddefbd7936d7d3671faa091f54ee971c5e0f63c2b58e11f4e2b52a132b3e415fa534a8840db5e9986292692f4f6262015587ba6841bc937207e3108cc45b5 |
memory/3244-8144-0x0000000075710000-0x0000000075718000-memory.dmp
memory/4420-8151-0x0000000075710000-0x0000000075718000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Bonzify.lnk
| MD5 | 5b2d2573129110b9c3aa353ae80704e9 |
| SHA1 | ceb1a065df4a4afc7d1645399ea9cac3ad1986a6 |
| SHA256 | 6f83cfe6285e0171602acc3c236490fa520829e1f01513dad8d615f440726cfc |
| SHA512 | 3d14bad0728b0a6e4424fe598154c392be3f8f0b7f6858c621dbb4409d3a8c8dde24341a145f4f971e9e13c9c076d17c00b029e95eecb8483c0e0630e621d237 |
memory/3296-8219-0x0000000075510000-0x0000000075518000-memory.dmp
memory/2860-8220-0x0000000075510000-0x0000000075518000-memory.dmp
memory/5008-8221-0x0000000075510000-0x0000000075518000-memory.dmp
memory/4716-8254-0x0000000075510000-0x0000000075518000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\$ITW32Z4.lnk
| MD5 | 761534380f278aa2efc85036acba9247 |
| SHA1 | 89e0a82ae5b12b954a0aa6d268a46a7d964adb78 |
| SHA256 | b17d5c887a7f93d48d836291d66c5a5a30581ddc03e405c176b7c03a24c4fb84 |
| SHA512 | 97eff78d1e42fc9f5e1ee3ead8f5ed5460be99cb8f2ede624b638e2b0281371176df90efac90a3982139708d2ea0f517eb2c53346931a3ba858292e8d2dc8044 |
memory/4388-8488-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-8487-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
| MD5 | b9120bf365a8dfdc5e431beff934d5e0 |
| SHA1 | ae27ca9b246f1f9fb24b926c314b86497d93a7cb |
| SHA256 | 8921ae35725609571da34e05ffb2bd7864ce7e6dfa68afae9bdf8f74e09f3c0a |
| SHA512 | dfbebe77f301d50ceded2c35465d9b5609b811541ec233349eb5ce8c663929e16d7f8edb1696abe91ac2e8ca77c0738c187a09a83406bd3ae1f11c5f1d163a41 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\d61b0231-afa0-4b57-a6e0-9b8acf561de6
| MD5 | 4bd84b8c45f45cfb3a8de62b9d62c019 |
| SHA1 | 7525c1e67f86e847859f7698f58dfb18d24d6214 |
| SHA256 | 240323d4d009ecf0e86f0a89b4a5b137600a23c5dfee54f65c8d7f0708d7087d |
| SHA512 | 55e684821c4bb16d23a43f7c8aaa95442e9557c2bddecc04f8eca878948699fd1551390bca83199b0983b470c3e42fc34ee3ddf3b4cd3c80043188a9f1bb2051 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\7f32184f-ad5f-4baa-8760-d242ea052e21
| MD5 | a6528ed4c9acf2bdb8deb729e636ef6d |
| SHA1 | e1e22036f3f4cc2eb87059b176366c4df6e1692b |
| SHA256 | 92a3eb3885f1f5cd09504cd7ef8abcb24fa35124cd908c8f45ff1515e950f677 |
| SHA512 | 91ae7c79b226248bc14f109a5c73deb9c87e157f18e32db6ce7bfc351c9327aff60aebbf0928c1f36c0648e4bded7f6e2d884c90f1f6e8b98797635752156a52 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\cache2\doomed\22203
| MD5 | 4abfa893f63a09847e2450b31acb3d0d |
| SHA1 | 8cfa65089e4bd7253fd6a759858e70554ee53c46 |
| SHA256 | 539bab79b7e34e313eb060c1a1cb008d87975027b2a4f22bf095488a2d400a54 |
| SHA512 | a1ff2055b62e9e1b1e32c79b2d5ca15613d147f90e92bd4132c6007c1773ce41eeb2781ef1e1db2d3f703edf1ae7e163aa525f5ad8737e18cb7f514c3a6ac0a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | c539569fdfe8ea23b5ef78412b77dcca |
| SHA1 | c8613ac5c3faaa13e50391ffd97ea61ee59f6f1e |
| SHA256 | 6631d88f61b0d5bbc71901a2a29d9e272426618415010065fc5fcc76ac403837 |
| SHA512 | 3fcf6997801a81ace0ed36603a275bde3df715b3c402e84a665e83049acd267f50465f4dcd33814a183a3bee7a157e38d87adfa3cb80f7ea789294c59dc5b86a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore.jsonlz4
| MD5 | d1608fa61fb88cf0cb04c7b78e7783e2 |
| SHA1 | e76dbbea03bab3a4a1aa2807ace82a1887fa11ef |
| SHA256 | d427ea2d56bd0f82d2c3a7d8869a8f446d347fd0141c7272b491d20b0e3c29af |
| SHA512 | 2d78b96f06fda778f5988fdced44cf69d0c328a6f4afeb565f300ffc3d8c58d2f630fae8fe1d2ba165ffbf2e1b00c4ff2d678def383fa238eff3bce2ff07e62d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\xulstore.json.tmp
| MD5 | 3a4c4f73df9e0e741f38bfa61a101461 |
| SHA1 | 71979eabcfbddc5e32749d09e44c0909d506e63e |
| SHA256 | 1bb8ea03f0f0c4be81905d74785be4e9f67372990022ce67b242c63c881d58a5 |
| SHA512 | 981f773b2ef74fb65c706f4107753233392b0378e9f568395ecd1408514f1c8e384d73992af711e5e6f316c688203cfd79d3d4eb229e47a1d6d97d688efe456b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
memory/4388-8885-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-8884-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a8e369b13565da0186b455c7947df980 |
| SHA1 | bcc77d2d7b9e910383b4c86daf0ba7577e5645c5 |
| SHA256 | d2d1cdd3be76e0894474ada95ff8bcd8e66354259eddccbef33a9e7a6d7f0f16 |
| SHA512 | d7acf4569719111a937d7a201488d596c8d91d2ea4a1e2c28de9b061da286d5f792bf277fbd169d8cb99d6c593c948d19efcdde6352d563e15eb9853122e2579 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e533ef37860cc86715ee239fd7ebbd14 |
| SHA1 | 201a823ab35f2acbd4310465134bf70af27e52c4 |
| SHA256 | c91bd0218b388bd29684b8f9f2757297415797c7c2376967d660a61e316c7ec1 |
| SHA512 | 75add577c3c06df2a007e1a1c5ef3120b2c9a1aea5d10dd948eadf8452f8891eca493803620d01c165405221542fe84bc0edda8ebe354b5f84ad04c839933baf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c86dd4a2-1e92-4ae3-a166-7b221a477e33.tmp
| MD5 | 677275bda4b20f3f5186396025691a0d |
| SHA1 | ed4dc4f13067f6b22fd4a751c9d170d4ef4c0ac4 |
| SHA256 | 0ed9a93049c890bd945e9682c35e6194ca1b86090090e2a60552d2331202a389 |
| SHA512 | dab8741b8d23f69fd30da7c56b35a36b13da487f6e9907bfaea495b1cac2331b00764efef118c23a1e19af47250af24ba02f5cea46a00096950f33a3f04de995 |
memory/4388-9000-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-8999-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-9019-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-9020-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\$IB54H7I.lnk
| MD5 | 9f16199c3e0f1c065a0ce180889335e4 |
| SHA1 | 2db44798e333031fbac4dea9307d8e6b8462b351 |
| SHA256 | 4ee0225f766890328be779cb34788a6b6b6409a962406d95b6421f2170ace84d |
| SHA512 | 98783019bd006da86d5df012a582504b2c1db7ceaeefa3046bcecff0cd5d14a0a7151a945b98696eee873de9c9bb7f31927023c34d594badcce6fb258a7f08ef |
C:\Windows\Temp\SDIAG_0ac963df-e249-4df5-98f8-b20346862a68\DiagPackage.dll
| MD5 | e382ec1c184e7d7d6da1e0b3eacfa84b |
| SHA1 | 9a0d95eb339774874f4f0da35d10fd326438b56c |
| SHA256 | 786d95dc0d59089e14055385cce8765888f55236b5220fdfd28cf2d9b07e63ee |
| SHA512 | 019bcb4f41b5bc5853db2fa528ef126e839c5b0d0dc096dd441ba02d8c71e7913efd16b74aed93952ad2cc5422b151c12d3017fc22a65ae5ce2e7e1fc72a396c |
C:\Windows\Temp\SDIAG_0ac963df-e249-4df5-98f8-b20346862a68\en-US\DiagPackage.dll.mui
| MD5 | 526bcf713fe4662e9f8a245a3a57048f |
| SHA1 | cf0593c3a973495c395bbce779aef8764719abf7 |
| SHA256 | c8190f45d62c5c03013ffc66b3f9bf60f52a32464fa271d2fad5fd10432da606 |
| SHA512 | df7e93617461c2fd25b5b684311126e66b7cf9f1ecfbf4c8a944f65fb2c904194ec635a9c7b962d4583ea77b0312435c7dc1b5ecbcb1fb3a5a74fc1eb2c21d04 |
memory/2716-9330-0x0000000002120000-0x0000000002128000-memory.dmp
memory/2716-9340-0x0000000002140000-0x0000000002148000-memory.dmp
memory/2716-9350-0x00000000021E0000-0x00000000021E8000-memory.dmp
C:\Windows\Temp\OLD6D3B.tmp
| MD5 | 126b75d50756fe204283d418ae1a66df |
| SHA1 | 83bbb6b142db7351c5547fbe46df56c8cc596aef |
| SHA256 | 3d12addcfd4d7233c787101c848fd1d7a62b6b6386fb2043b3d8f45502950312 |
| SHA512 | b782c79e2428eba1d8035a36582ccbbaf2fc3e605720fa4cb9a1d135edfe971034cc39f48d271e5ea1096ee7043b5024f7c73135703b54d88e7cae1877728d16 |
memory/4388-12803-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-12801-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-16103-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-16985-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-16997-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-17808-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-17815-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-18769-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-19032-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-19243-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-19242-0x0000000140000000-0x00000001405E8000-memory.dmp
memory/4388-19245-0x0000000140000000-0x00000001405E8000-memory.dmp
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024080915.000\PCW.0.debugreport.xml
| MD5 | 3ce46b84405e22baa93cdd41643e3e44 |
| SHA1 | 81ce34bd756ee7e67af471f18a251da82c816de3 |
| SHA256 | a0057568de7513f5095c53580a7d9cff0dd936c1f18654cc243f21e5ba1fd08e |
| SHA512 | d336ccdb72129de9f251d7347294388a355c384d7e4ec8bd8339e5465e85e8d554c661d8c237478349300bb75624d50a33767578afb1ced3604c0fb74ef1d727 |