Analysis Overview
SHA256
ae06fad69f4dddab841ba6d7dc425feb6615f12d38df0e9f297dbbe6c1366892
Threat Level: Likely malicious
The file New Project (29).png was found to be: Likely malicious.
Malicious Activity Summary
Event Triggered Execution: AppInit DLLs
Blocklisted process makes network request
Downloads MZ/PE file
Possible privilege escalation attempt
Boot or Logon Autostart Execution: Active Setup
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Power Settings
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Detected potential entity reuse from brand MICROSOFT.
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Access Token Manipulation: Create Process with Token
Program crash
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
Event Triggered Execution: Accessibility Features
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy WMI provider
NTFS ADS
Modifies registry class
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Modifies data under HKEY_USERS
Kills process with taskkill
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-12 03:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-12 03:21
Reported
2024-10-12 03:34
Platform
win11-20241007-en
Max time kernel
774s
Max time network
779s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: AppInit DLLs
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Detected potential entity reuse from brand MICROSOFT.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SET3DB0.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\SysWOW64\SET3DB0.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\executables.bin | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File created | C:\Windows\lhsp\help\SET3D6F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | N/A | N/A |
| File opened for modification | C:\Windows\msagent\SET3A21.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A23.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A26.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3A3D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET3D5D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3A21.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET3DAF.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3A26.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET3A3C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET3DAF.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | N/A | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3A38.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A24.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\help\SET3A3B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET3D5D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\fonts\SET3D70.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\intl\SET3A3C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3A23.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A25.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET3A39.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET3A39.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3A25.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A37.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\finalDestruction.bin | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\msagent\SET3A24.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET3D70.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET3D6F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A22.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A3A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A3D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET3D6E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\SET3A3B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3A37.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET3D6E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File created | C:\Windows\msagent\SET3A22.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET3A38.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET3A3A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CookieClickerHack(2)\[email protected]:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MEMZ\[email protected]:Zone.Identifier | C:\Windows\explorer.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\explorer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133731769215823938" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668} | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\3 = 5c003200153d1a004c59ad1b2000537061726b2e7a697000440009000400efbe4c59ad1b4c59ad1b2e00000000000000000000000000000000000000000000000000eaa0830053007000610072006b002e007a0069007000000018000000 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202 | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\0 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\explorer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}\InprocServer32\ = "C:\\Windows\\msagent\\AgentMPx.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server\CurVer\ = "Agent.Server.2" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentSpeechInputProperties" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\ = "IAgentCharacterEx" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31C-5C6E-11D1-9EC1-00C04FD7081F}\ = "MSLwvTTS 2.0 Engine Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7B93C92-7B81-11D0-AC5F-00C04FD97575}\TreatAs\ = "{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA141FD0-AC7F-11d1-97A3-0060082730FF}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ = "Microsoft Agent Control 1.5" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4234" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "165" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\ = "IAgentCtlBalloonEx" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlSpeechInput" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "690" | C:\Windows\explorer.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "9956" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0\HELPDIR\ = "C:\\Windows\\msagent\\" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\explorer.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\8 = 4e003100000000004c594d1c10004d454d5a00003a0009000400efbe4c594a1c4c594d1c2e00000065af0200000019000000000000000000000000000000595ea5004d0045004d005a00000014000000 | C:\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\VersionIndependentProgID\ = "Agent.Control" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "6550" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ = "IAgentEx" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "165" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\NoEscape\NoEscape.exe:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\YouAreAnIdiot\Interop.ShockwaveFlashObjects.dll:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\CookieClickerHack(2)\[email protected]:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\YouAreAnIdiot\AxInterop.ShockwaveFlashObjects.dll:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File created | C:\Users\Admin\Downloads\CookieClickerHack.zip:Zone.Identifier | N/A | N/A |
| File created | C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier | N/A | N/A |
| File created | C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier | N/A | N/A |
| File created | C:\Users\Admin\Downloads\CookieClickerHack(2).zip:Zone.Identifier | N/A | N/A |
| File created | C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier | N/A | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MEMZ\[email protected]:Zone.Identifier | C:\Windows\explorer.exe | N/A |
| File created | C:\Users\Admin\Downloads\Spark.zip:Zone.Identifier | N/A | N/A |
| File created | C:\Users\Admin\Downloads\CookieClickerHack(1).zip:Zone.Identifier | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\New Project (29).png"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffbeac1cc40,0x7ffbeac1cc4c,0x7ffbeac1cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1688,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1680 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff781064698,0x7ff7810646a4,0x7ff7810646b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4308,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3452,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5216,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5236,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5220,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5264,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5412,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:8
C:\Users\Admin\Downloads\Bonzify.exe
"C:\Users\Admin\Downloads\Bonzify.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.1_none_9b404ac522e88eb7\MDMAgent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.1_none_9b404ac522e88eb7\MDMAgent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.1_none_9b404ac522e88eb7\MDMAgent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\MDMAgent.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\MDMAgent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\MDMAgent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\r\MDMAgent.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\r\MDMAgent.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\r\MDMAgent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.22000.1_none_eff22b32a0d892a9\MDMAppInstaller.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.22000.1_none_eff22b32a0d892a9\MDMAppInstaller.exe"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.22000.1_none_eff22b32a0d892a9\MDMAppInstaller.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe"
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe"
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\mfpmp.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\mfpmp.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\r\mfpmp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\r\mfpmp.exe"
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\r\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_713e4e4444c3d34d\wmlaunch.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_713e4e4444c3d34d\wmlaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_713e4e4444c3d34d\wmlaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmplayer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmplayer.exe"
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_418429ddc6d1eb8f\logagent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_418429ddc6d1eb8f\logagent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_418429ddc6d1eb8f\logagent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\setup_wm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\setup_wm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\setup_wm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\unregmp2.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\unregmp2.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\unregmp2.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.1_none_aeeb7558e0091044\mighost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.1_none_aeeb7558e0091044\mighost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.1_none_aeeb7558e0091044\mighost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\mighost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\mighost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\mighost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\r\mighost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\r\mighost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\r\mighost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_45947734591e316d\mobsync.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_45947734591e316d\mobsync.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_45947734591e316d\mobsync.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_089d1713563c5f72\mountvol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_089d1713563c5f72\mountvol.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004D4
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_089d1713563c5f72\mountvol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_6dc8af5cc18b0564\auditpol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_6dc8af5cc18b0564\auditpol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_6dc8af5cc18b0564\auditpol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.22000.1_none_35e1f264b734c538\MSchedExe.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.22000.1_none_35e1f264b734c538\MSchedExe.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.22000.1_none_35e1f264b734c538\MSchedExe.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\msconfig.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\msconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\msconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\r\msconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\r\msconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\r\msconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_fbc5ff99224f8cee\msdt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_fbc5ff99224f8cee\msdt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_fbc5ff99224f8cee\msdt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\msinfo32.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\r\msinfo32.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\r\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\r\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\r\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\r\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\r\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.22000.1_none_7e6a217fc1ce4322\mqtgsvc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.22000.1_none_7e6a217fc1ce4322\mqtgsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.22000.1_none_7e6a217fc1ce4322\mqtgsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_705039e1b9a16858\mcbuilder.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_705039e1b9a16858\mcbuilder.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_705039e1b9a16858\mcbuilder.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe"
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe"
C:\Windows\System32\mobsync.exe
C:\Windows\System32\mobsync.exe -Embedding
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe" /grant "everyone":(f)
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3472,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe" /grant "everyone":(f)
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| GB | 172.217.169.78:443 | clients2.google.com | udp |
| GB | 172.217.169.78:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| GB | 92.123.128.149:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 92.123.128.161:443 | r.bing.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| GB | 142.250.187.227:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 216.58.201.118:443 | i.ytimg.com | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| GB | 142.250.187.227:443 | id.google.com | udp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.169.78:443 | clients2.google.com | udp |
| GB | 172.217.169.78:443 | clients2.google.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| GB | 172.217.169.78:443 | clients2.google.com | udp |
| GB | 172.217.169.78:443 | clients2.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | wiki-prod-850398177.us-west-2.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | wiki-prod-850398177.us-west-2.elb.amazonaws.com | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| DE | 23.55.161.211:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| GB | 173.194.5.234:443 | r5---sn-aigzrn7l.gvt1.com | tcp |
| GB | 173.194.5.234:443 | r5---sn-aigzrn7l.gvt1.com | udp |
| US | 8.8.8.8:53 | 234.5.194.173.in-addr.arpa | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 233.54.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.124.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 222.125.142.52.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 127.0.0.1:51523 | tcp | |
| N/A | 127.0.0.1:51531 | tcp | |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| GB | 172.217.169.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| N/A | 127.0.0.1:53433 | tcp | |
| N/A | 127.0.0.1:53438 | tcp | |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 92.123.128.149:443 | www.bing.com | tcp |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| GB | 92.123.128.181:443 | www.bing.com | tcp |
| US | 20.42.73.28:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 52.108.9.254:443 | wac-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.108.52.in-addr.arpa | udp |
| NO | 51.13.112.137:443 | fa5e511754213a5dcb8d0510bfbd81b1.azr.footprintdns.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
Files
\??\pipe\crashpad_4412_MZAZDSDNGLDYKIUV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 33ef647b1ad2cd6583a6c3b000a454fc |
| SHA1 | d9b1ce4ea82e3b8905d9639343d9cec606ec419b |
| SHA256 | 66e0b8a86df445cef2f3dda8a04b85bcd37ce7aaf4ac37961afbffdcef5d222d |
| SHA512 | 40fa8b78be9a6f75a063df23a9e6e30bfc29b6078f1885c5c574f792358a0f8f7fcc492baec1b64fc88974fbd994f10fe568f19b62a8998f6ae5b958eb729a7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 816846150cf298ca05496c16264fce7f |
| SHA1 | 969a32760f0daef484b13171804a536e3f673a96 |
| SHA256 | 2bf5e8b2469d80b71b579c7ea207dc6d237ef4845c1e246ab24fdb3d94fbe960 |
| SHA512 | c68f7a80613b3decbdd237d8e125504595bb090dbaeeb4eab02193e965d2f662c5d5518c01dd82b7cab82bb01d9aa464971e3d09d837cd030988a1935c3475fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 30ff1ea849bdfa595708d5ac5c7740d7 |
| SHA1 | 87746a217591f165aa4c34574ebe95f944067dd4 |
| SHA256 | ff341e087679f5d07751d864452e4eeb771f3bc7cf2245798ddaba170dba74d5 |
| SHA512 | db366da7bbb7a80beb98ea44d8d2bc5181d7747fae9da80483ddd3aed4432e8330ce0838b2caaa48b5b19db0a8dd753b65309f1f25c507402369a4e19152225a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3b494c90eb34c358f27950ac4afbcfcf |
| SHA1 | 901fc5611e5246e102903dd21882e2da00fda8f5 |
| SHA256 | 63f9af2d9c22db16c8a96658aee2b79bcf63d93624c8cb82f9f601a7836a1193 |
| SHA512 | 7a6642004f2ff5f1ab8e19af055f558654c09b439669ad9ce8629fef62843d705cd5f44bcb2318afae8b30b39a720b2b6864d1fb25a664266ef0f823a582e669 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2c84ec6b05d0cbd9babcf451b9582ff0 |
| SHA1 | 76077120b93b984937bb84cdfbcd38bc826e4785 |
| SHA256 | 89c133198b249075863fcb22ba20dfd8b497b9dbcf02a8ed328d5f9f236d4460 |
| SHA512 | 1fda031aa43c8130c0dc21ee7bacf391b3ed652c65eac833c40ee2e90a02482867f90f876d52b7cee01d6a0bb1d2a3fa907416a5c3c8d07677cee8a1d05a99b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 480a9652b0e02f9f12fcf2b983b63223 |
| SHA1 | c5afbbd5a9d27d4233523939fa6f99da8074c302 |
| SHA256 | 392460ba22590d45b1192ba9d1c88dd020b59fa75129b47e8d7447890cba139b |
| SHA512 | 47c27f335c6b9f1a9b4d5fcf201c8f26153b103be8922584fe6c582ef1d766156e30e6bf87621801f6b0e4513cde897007a8d5f9e3b3780fe1f665c60b58c637 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f486b1af260e17e4bb62ade2469522b9 |
| SHA1 | e45400527c3bb8dbbf88b4231cd433631bb59c8c |
| SHA256 | 8bbe631864307f21738ac3296bc025ffbba3992ef114ac11b11ce22a7fb5300b |
| SHA512 | 8749feade4ef287136cd69607d2f26cd0cd85a918fe8b7b2480de274966467e0f9accc7969cd51dadd2d1cb7bb07b8a0c8275d5d4e3344098faa38f0192beb6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 50316601f52a2dc6a8592708b3ec863d |
| SHA1 | 429f3f776d9b07523144a3201836794a3a887f18 |
| SHA256 | f6c4e1b49520c6d0dc97ed353a4f8b74ab29476eac437fbd2fae0f5b74100a19 |
| SHA512 | a28ada751aa2768d9c0d2781a972b5127298fd0fc5cef49ca5aaf770b8794d2043e2bb63ab95c5bd35843799fedf4e8179230eeb76fb94b86a259cbb7e4c8314 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ba2746cdc506482a0e661c3925ba81a |
| SHA1 | c0431f5138ee939c06a49db39a4761848a98d147 |
| SHA256 | 40e264603e6d3316eb10ae8da28eab9f56104161f6012de7f40611854832df8c |
| SHA512 | 4364c3144384f64c6c9172e99066a0045c2afbbed4f118f221ed5260ba88135312cdc7d69389bbd844eadd9ec170233bc7ebd27c777f1855e0f617c8ac223fce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5f72bd8617bf882f74240c37a73b6f46 |
| SHA1 | 962a4c53695c9207872204cbe175b4b18c6c7ea4 |
| SHA256 | 4beda28702eb40332c7fc9cbc7e6a76e8a7a0f1fc369ac28ff3931c86e9b0547 |
| SHA512 | a2e1cd87a9291d59cad446af897a380aabeb7428783ec0e77bd2947b23f7be2f792430a35fef707744cf1c55cf43e52539c2b031d94f0e29c300bbe0e4af97a0 |
C:\Users\Admin\Downloads\Unconfirmed 837650.crdownload
| MD5 | fba93d8d029e85e0cde3759b7903cee2 |
| SHA1 | 525b1aa549188f4565c75ab69e51f927204ca384 |
| SHA256 | 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764 |
| SHA512 | 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a95029c63328a3d7bb21884f06681ad7 |
| SHA1 | ba73bb9606096a9de828852b361a1531cc26d299 |
| SHA256 | f11fdbc0bc893a404cba6312270685929c882e7c2ee2ff70571eda75d40f196a |
| SHA512 | 8c742a1b7961b16968819a0201be2b15fabfb40e0734ee425f05c093c57c03b9dac080d12978193723a3102d9369859099f289d00f861dc4632e802b691d7e15 |
C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cf8fc2a55f87b832037a4562b50e655e |
| SHA1 | d57c218d821d26fc956db0b800b66bdf5f0941b8 |
| SHA256 | 886b237de0d69fdc39b676e451a264d6901fcfadaf3c3154e46b747f485d775d |
| SHA512 | a4ec0b1a62ad7e85254149938b103d886e2d6e089b35fe7b77c074f632ce80cb460d0703bccac152ccd708f651d4b908cc5824d5cfbaceab943009f85883c897 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6c94c68e1376dd01868889c8ac37c1ca |
| SHA1 | b3364661cb55ad1dc5e33a604d69c5b26c95c23e |
| SHA256 | 4a3ec3aa1dde798c6ade36ead04863b9e477781127b0f923fc7ac6dd79aa44c4 |
| SHA512 | 769846f3cd0a66c8efd99786897815c25c79ccf7f7ce1df276e7cd70ab6194d9022ef15fc77272fbe7900ca0cf091b58f6c865a53302adf69ca0ab9a6968c721 |
C:\Users\Admin\AppData\Local\Temp\KillAgent.bat
| MD5 | ea7df060b402326b4305241f21f39736 |
| SHA1 | 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2 |
| SHA256 | e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793 |
| SHA512 | 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c5937fff42e9a04c7b54bf859819f53e |
| SHA1 | 1a6e4ed5eb7ed3622ec8c5503e1c6f22210089e5 |
| SHA256 | 5f007ee9c4defce0220117ee5e0168725fe41574fd3fd0a565f2451feeefe4ec |
| SHA512 | 333f58371a8717c0d3b5e771173008baea3ff4820f3067f8d91334f0f7ba8ab59336119b046289e685ea4692b0690d37e98c7fd58546c22de87c39d810dbaaff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6f1c59d84685a290a4eac3162328c41 |
| SHA1 | 65fc88231c228d3c67535461f8e20a52c9cd7e7b |
| SHA256 | bf08c171005f0b8324042cf5d589756e064e556f0908de552a87da82c88edfab |
| SHA512 | 044c9551e7897874b0b6072250517908e6b41defbed6fd7066016fe4e966e7a300261d81ae605a712365f796f6e8cf61a52f1807241d42508f5809e22745c9b9 |
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat
| MD5 | f80e36cd406022944558d8a099db0fa7 |
| SHA1 | fd7e93ca529ed760ff86278fbfa5ba0496e581ce |
| SHA256 | 7b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7 |
| SHA512 | 436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e8b20d37e5badd233d21ecb41f54efc |
| SHA1 | f8028fdbadc77bafe1fa716ea3652f370a3f1063 |
| SHA256 | a4ee5c9083e0c3e3cea7942443fb2ab7c3b425913166b40a5cbc895e33dfa5e7 |
| SHA512 | ab16af583477d5b1ada694754951c14e6a36bae90d4b991d49f5724d3e8fd1a4551f566aa2b610c0577c85e15e995baa42223557e66e861b43cc7bc832868a23 |
memory/1996-793-0x0000020EEC940000-0x0000020EECA40000-memory.dmp
memory/1996-857-0x00000206C9E60000-0x00000206C9F60000-memory.dmp
memory/1996-856-0x0000020EECB00000-0x0000020EECB20000-memory.dmp
memory/1996-858-0x0000020EFE280000-0x0000020EFE2A0000-memory.dmp
memory/1996-859-0x0000020EFE790000-0x0000020EFE7B0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml
| MD5 | d1c90f762330f5aacb2f3d2908034d57 |
| SHA1 | 1362fdbb0f5b08318a9d5d0b830ef42ace21998f |
| SHA256 | c936ba309262ec9c8c2e43936139470909b2e8fa176c2f205b501bec74c07659 |
| SHA512 | a1550457fa6558aee182358eac57e0fdad4780140b0931b3ddfd5dde531751d6d1d11ce9733f7b5a2e9341620dbfc0bed50f0778fcf63bbaec90de9378028eb4 |
memory/1996-943-0x0000020F02020000-0x0000020F02120000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 817e736e9d083786740c921630654bb9 |
| SHA1 | 46daaf740f760d4e561291a24c6094c706bfb677 |
| SHA256 | 00c0309960876b32bb442645f473dc7c13aea224ade33bafe959d970f8181b15 |
| SHA512 | 4656dd32b5eabd050c39e16a9c41d03a08c30e87081a78b727fc57e5cb88edd6be02b435c3609fbe2546bd138b91d0300865c831f8497fe99721341d4882ffab |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml
| MD5 | f855f477fdfeb2aaa3df27cb88f2aacb |
| SHA1 | 715bc1b4b10e5347cc51b6a731750f09a86ab711 |
| SHA256 | e112f52a2ae0cd65828dbb72fe25422db04e0200062919c1f9fa951f02e4ac09 |
| SHA512 | 26da7a17fbd2ceda54476768233e1d052b1eaf14d393d5a8b5118fd93516a0b19255289625cf2a53e9dfc9f95f204842910dfd356db33e6c9612b61bf47538bc |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7975ed70cde668b563ba8a1b4bd45eb6 |
| SHA1 | 1dcbeeeeb6295a593672624539e0f92afdf463c7 |
| SHA256 | 2aa7845e16619be571c3d45f0a39fb6dde6ecaba9949c3162d2f1da8ca082a7d |
| SHA512 | 1ef6b017ddeb58b1a7da620ebe3e68540e8815394b5757de425afa89175e9130eef398d15d122d7bf1edb888c046bf15796d3921426f81fb3274e3afb1918981 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6597ef28c45f072dfd4c93e4d34e520f |
| SHA1 | 2d59ebc405ddadd97e95424663410c75384efdec |
| SHA256 | f109871725fb205f942dc7299db3a2cd2a3d5cf8b6a319c6013631bd965cf8b4 |
| SHA512 | 3328d05c4507b3e6304a64498af2b697ebab41fb93c618d4ed2cc0343825afb21cc133a6dd08c653bc8f66dbf186850067814916e099a45f893f95eb3332c1e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6d01f615df40ce2315a5cd71b24be91d |
| SHA1 | b650595fbb2c2c919aa1731f1a7bfe7d15340270 |
| SHA256 | 46ea2a3f9540f157b4d1ffbfe4296432ef01809afbd1126ca50d2904155ad896 |
| SHA512 | 24b2fb3355a91817624280ea3620ecc481112b0f27faa4220ecebeea7130200414d16a100be3e6d3f24aaf6979bfb2ea0d45e802a6f922f890c7ea7a8fa408f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 66b50b4c61e67dfb67190e87d2c063a5 |
| SHA1 | 0724cb27e2b6a8b35ede3ac38fa81de2b8b5691a |
| SHA256 | b084613c9b499118fac4d9eeae07ab8a33683c81bc57827930dd3012048dcddf |
| SHA512 | 6b5191976e641cb5cf6ea0c7f36cd998bbe97eebae2206f3173e3633751855069315b2824ae30101c94190d2e95835efcd56d53782cc57f59870fd8ae2094be0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | e91ee655fc370fc76cae70be75eb4da7 |
| SHA1 | b1c2a36a252373b78768ff0b8c7c414975f8230d |
| SHA256 | 2119db0210675f0217218459520534d0442fb93f8d2ad66ba4b20c8d2a430ac2 |
| SHA512 | 6295ce62fc97be1ee529b0c4dde9d8b806e7972d89378d527740c3865bae85e089883634ad2c3a72b0f0c63f0a0758645733e9e8d9092fb87bd7cc3e95d6c7f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 6a9c1cb513a001ae8c632368ba04fbd9 |
| SHA1 | 98a14cd125ff5f8e25aa95ee34a8abff73172645 |
| SHA256 | 457c1b5c098c016c1b13454ae5464b1371e1e8dc16525d9572d217fcb833fe30 |
| SHA512 | cbeaa6ea3b05e45fdfe77e124d2bd1e1a03e6ecfe01337a247f67cb9552ee5b50afd17f426fb0ee304d635ef32348f24b346407301853661d2c6dbdd1544a4b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | ef48733031b712ca7027624fff3ab208 |
| SHA1 | da4f3812e6afc4b90d2185f4709dfbb6b47714fa |
| SHA256 | c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99 |
| SHA512 | ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9719ce28211714ed6f44a9dc257bfa15 |
| SHA1 | 45f99a3f50bd61cdedb7bd091ce4e30124b22654 |
| SHA256 | 25ec94344d28ee6fa9dde330ddf461ccf1a433b6c9b71f3d6865ef262112c114 |
| SHA512 | d1981374b764c700188f7ac1fe4253a2adefd02e9b09c5d6e470e2fd9a6ea054b1ab4d867b11f80ee46a541d7ac02a0fca71751567f28112635c282f69887499 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d45fc5f0a0f29f00bfae91c665e4654c |
| SHA1 | 835acd921affd546f8afd414ef452ec6f83277cb |
| SHA256 | 53c0929321be0f4048dcfd4351629df762f53e504ffbf495a0c7a4e78f0ba079 |
| SHA512 | 943e8a00a541357384249982875241478ef5a122f1e0e6a1fee41a78cb48dc88b5f457201ec52396895f0ef4265c923d6512849575cb5ca62851c34a863e5afd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eedc32bcd11e140ae19f29e400981604 |
| SHA1 | d685e2faa0efdd731c2d29a85cffbacc1531512b |
| SHA256 | ee8c6fe24285ddfa9952d9f661ef430e50f897a799a851205218bf4133ff1531 |
| SHA512 | e1ee4685b2738aea89823bbbcc1816fdf3cbe952dc0e14f0b08879c892846c7b175aac7828351cd901bf880a823dad9589dcebb27c5000320cac9913179af7b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7835748b0cdba93734df6d9b115801ea |
| SHA1 | 4e315e5ee4a9aef66e8e10206e8463276efe529b |
| SHA256 | d77527f866953928fbcf6b05b64c434be6cd466a210f7067e11e2803ab7fd36b |
| SHA512 | 32d1aedaed31d4de8bbbcfa48857180bcecbeee19501ab739f1bd740ca064f6847ab7798f2a6f09adc9df62de87861f1ebd32cfc2c5397e3cdbf78a162a9b9c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 60fb62e1a885c2c719bd854745fdced2 |
| SHA1 | 9aa34ecad8928f12061d3110abef5388b86c0fca |
| SHA256 | de7be29228448882924d988dcfb4f1ada8f317856e6f3664d13c3b71856b75b5 |
| SHA512 | c967ddd61b2734d8256483c5aacb21e1eee6dbdeaaeaf18eeff7a007285b31db40d2f800a75851cfe53adc874cf2be7499380313f1cd561581247f30181f5a09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 540d6cf309a077cc0092981fbabae325 |
| SHA1 | 265f41df748b6d469d8c702e2ca229203133f5ea |
| SHA256 | 430cee28902ef758a35ff58aa5b9fc93ebc1d9b29e06c46f76812e4832f0d6a0 |
| SHA512 | 83d14a723f3feb0b142bf650a4abe9225dd267e263b5132e70a86598c37e61701b8c4c4ab16e81d541a7485e11a450610e059003e1766baab267c78fa004ff9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f44e32da9a97554b7e69e68e2df05352 |
| SHA1 | 8d16f210e4c21faf3514ef1c4db085fe1bce3084 |
| SHA256 | c640aae9b87c911ef120e4ba888c7f747f9e92722836e23d987195648a1fc3e6 |
| SHA512 | 530155ef72a901d50cde8a82a1454dca8a0de933d967b022388d8011a6618bbec91aae60aabec7849b350ae33f8447e02918e6f869cb6417c4db1d9506ea80ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7b8b916511d41c0abd1e8565278b0156 |
| SHA1 | 5ac72f807132849d98ae6bbd32cbe89a8659ed46 |
| SHA256 | 0e4ab3c20234d32ba39f0c4a74c743181e403eba264faffe48249570cd19018e |
| SHA512 | fb407ac5e78b3d975639160b19617ee3c29e50056ff7bff6af5d520cf9409219d242bfb15707aa9ffb489d06e7768a05f0d440d5e2e24923ee52796db3c2427f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bd884421-e6b1-4a9a-8376-e90482703e4a.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ec1fb5cb81d8bd1f354edeb8646beedd |
| SHA1 | ff16ccde220a0a531e1e0b8a0e7a34680d5af76d |
| SHA256 | 8119041c31acc43d992db1c4d5e41d2472366421aedd6f63d7e4774b7fa082f9 |
| SHA512 | 9a0340fadf59f4321dbaa1aa4cf511d88ce4f9e7ddc4c772d67fec40747cc96ade547e9636a97a605080beb241ef9872faf817e5c9d8ff2495abe9fe3202ee05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b4d410f629a529819d2348c24406c323 |
| SHA1 | be174d618b26b0ffa63679dc9d7d37c11de958fc |
| SHA256 | 996ccf2fbd7bb9981ffa12cb42460bd58f51350ee470eef57a443307485eda18 |
| SHA512 | cef2cb30977db635095f032c28e9b3d7b88c7eb5613519fd434e00f8bd03284d171ad91f4252304cca5ad7b3689378bebbd862321759946a6d4381daac60cb24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e4823281e68815a945d1cb3c1467c515 |
| SHA1 | 310e6d332426f6d89d9b6f3dd40c0e2477894b44 |
| SHA256 | a8af1e8d4ec9fd618c41965af4e313657fe6e5100a813dbfdff88f75fa398c30 |
| SHA512 | f940f0d01161c0ca9853295d3d7a5055013b8d08d9f7de39759d5ae5b00d2802d93178e878d270f35b7577126933f3fb697e58b3e9d2279a01ff9551535225ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ca815191b7a5e9e50fb8afd2bf7088d |
| SHA1 | c79024bffc7aee549b7712715f9076be3ae09ec3 |
| SHA256 | d1425eebdeebdb52ea3c8fee31be373e6eb22955148313399a79dee9c31b0285 |
| SHA512 | efc6e51004b03983bcb7605b32e5426dc555bca02e13bad721a52c4ef848777371c2989f7fb02e5c25b784c212af00031c3d30a9b57c97fb58a9d54ad412213c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
| MD5 | 1585c4c0ffdb55b2a4fdc0b0f5c317be |
| SHA1 | aac0e0f12332063c75c690458b2cfe5acb800d0a |
| SHA256 | 18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5 |
| SHA512 | 7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e969406629a1ae36cc93a58e96e54719 |
| SHA1 | ddd5cdb975cc3253af4abea20e56d299e931c664 |
| SHA256 | 473bbcc354d3f7139ba089f08d63083561c92f708afd72a689cd0764160c7806 |
| SHA512 | 1ff23953c2600d8590c44525cde6ba3526f77c264d3524029b64646a00ba9769df9e990f6f781bab1c66cbaa837e99a2b847fd1f10f7e651834203f4fbe48be9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5087327e354187e742c92ceb49e714c2 |
| SHA1 | 533c8ce9840d87b24cf27949d00a906d170467aa |
| SHA256 | 9bb97f9e7fcfdd94461fe3dbd5801a794ff629877d70023909f9f03b20bd99cc |
| SHA512 | a4148dece72dce033ebf8defe1fb5ac316c1c2f5874827ec08d3ab4eb647beac228da3357e5e31d2b2f73a9be8ed317acfb2070d4011673d6cd616c518196f87 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15f751a4923673e8ac2e275673d70186 |
| SHA1 | 5dfba7b90d4a49ac42ce01259970fd7f8141c597 |
| SHA256 | b9fed55b27d0f5d8dd46fa340cc05a4ef45bede93e108932db41144f40bf6581 |
| SHA512 | 452632a7f4f3f1bdc80c503b880a4809cf68060fecec909cebf9dfcb9d09984f34099ff9847ed6bc9528850c5d1092cb790b00b05af9b4c67d2c45ec07d25cb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4961900733c5a5019808949dcdd247af |
| SHA1 | b1bd85b5a8d5e97157a3ae891fdecd4f9ab116c8 |
| SHA256 | 5edd21ebaf03b5f1f1b4e707433f3163b323370ce840072be48c0c65909d00aa |
| SHA512 | 0dd6aab7e3c8c91abe2210dbd830db828b64a839c855d0c6b73b84fb5b971aa3421f5c7359a08f0c471e32da114737d0a2bc765e3cb3737d208c0171ae77ec01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | ad084ae94f2a62341c8a94c326acae69 |
| SHA1 | 12a3d4b5b0224b69c252e6de42f9c2d38221e2d0 |
| SHA256 | be5a10dd2bb7d409794492a1c6aab8ac0aa7f6f8ffb487d2eac22c10e556afed |
| SHA512 | c95be5871884c93e3f5d857f7065fa749d78573ef136577f3dcac7855ecd32231a990986be3b206b75b7ae31d88e2c55fffaf05da6bb4e41eb836f2a8d36d9ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 79f22f8860410e8297442e7e6418cf9b |
| SHA1 | ce1eae42fb2e5f3a7479788ed34e776269fa204e |
| SHA256 | ee3def8df8d28119b957fd1c2b4d6c396cf08e15df5bca085bddc66bc773e577 |
| SHA512 | 01bf5b55644bd5a264665c359cc24ff17f8f8da4497d953930a1446981e2f485886c1f347e4d7e4a8b9227d51fd20072339c83290782ea155d6e61101a7a6e90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c565387a-e291-4011-8a74-7e35fd79d1aa
| MD5 | 4333bf2a1b0620ae9e6f35158e2c49c7 |
| SHA1 | 49bb138e14b781852a056e1c82b4f0e31f936e9f |
| SHA256 | 860b077040a3589210ec013fd4311d742efcc0c427ddf1d90e3e5e92d743e38e |
| SHA512 | 7cf47534539c81c8f808b4db4d8886eee00f0025bcc85c21fa5cc46389f1341723af9d5582d1ceb11ba914f4173423b25dc71471d883d6ac9127e39191f0d492 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c98b9fa2-8af5-4436-ac6d-57a1d7866654
| MD5 | d034470ac80df4cdc1058cce3d09deee |
| SHA1 | a721076487253c43be43ed2dd66fd19786e16c20 |
| SHA256 | 81b33c7a67672f5a5bfd4a583f69f75eb960cd89c05e3025a38915c0d3c1cddf |
| SHA512 | ea1d9918a72426094a0a5d55253fdc90b48d74295d86932c20dbcf127ce83aeff74d28eae16dc30bb747034bc64ab228490f571807f24f31f6a308de12ffa70f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7e483df181ee69ad5c90dd2db835a51a |
| SHA1 | bbb0a29132ce1a4ce3e9b4a74d72eb91591f4387 |
| SHA256 | 74ba5c728f865d4875cd0db8dbf1f66488eef3ab99dfe4d29028ce142d87ccc5 |
| SHA512 | 1f98c0d813890b38efc0ba6d44b6edbb5dfeaa821422e491316d318e3943e4f9d172843fec7fc4600682347a7f737b95d3c231d67532decc11b28380c976e36d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1a3070022e53c5535bab2e2ae97a915f |
| SHA1 | faf5f2797c829d160c361de920d937a743188de4 |
| SHA256 | 1f69126f1fbd13f603be5aedd2b375bfb1a952a9c4a098754a6e6b114b77f186 |
| SHA512 | d6b5b951cfab427337555f82f48aa60238702c62e5f99b15cf1c616da29fe349ae6efbd23a8e0404148d1ec828fee8a650be7862ca0472f2a9843974d5c09a15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3808a40ac9f79ac6c2d74730f023a86a |
| SHA1 | 49ef1ddaa6721cedef575a6819d61902bd431edc |
| SHA256 | 50cc4acfda32160ba8cfc17c7e1ff4012b572e450216cc062079dff512250e93 |
| SHA512 | 26eff779313cb794528ce5d026b7b938bf7b28e788132f2c7138227e7242d5038e1f9748f1e0129d914dc73ed9c80f4d4d7624777c0771f73c7df3f472de4421 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 465ad604f6e2b92b6534e1742d878ab6 |
| SHA1 | 067dbef17a619496364f7f62798339655fff6e30 |
| SHA256 | 4ff0e7a566888f7945024e77dda716c338846f33f0319aa2c9f9bc702293bf60 |
| SHA512 | 84f95e79d4f93fafb496d7fcd0c859dfde61b7356fa54e18a73aa399503d79254c67396f3a448223783c1f9c72367d3d457cafe7fadba1752f480188698c1523 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
| MD5 | 5e6c1f1054a27aa123f4ec45da81c679 |
| SHA1 | 045c1c8c8f5aa93b55558c50a58366f0695cd448 |
| SHA256 | b1b424d3d89e03eec60acf3cccac1091fab67e9a3af2b3404869a057500e6cc4 |
| SHA512 | 94ab0fa38b7f8e3ca83c705d4370dfaf2b2958973ee2bbb97daaac5affa6f56ac8c48c88df0a488d96927bbadaf2b32bddfb893081e7ed98038a620560e7d14b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | c8bb0ae090a2f2d123dcc8e2f56a4791 |
| SHA1 | 59322cc52b13b1dea388b74cd96c6b2d31a86e6d |
| SHA256 | 210663ef0bca946b24256536d18d4961912dd19aad7cc093b577db2fdf638fb8 |
| SHA512 | f5a32571937927f032c8b7b9c83ac82c6c8278b750fe39d2280037927cf26fbabe15b319fbebbe5e4d52d5cb187f7e40744b9ca45c5762c30ab7935a620c8058 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b703191f1dde3dc17bded5897a5771e0 |
| SHA1 | c2bbbf5ec6a60f6f5e2c44148e10faca7cc758a8 |
| SHA256 | f1bc841c1ab25262479a98b3c3c8a003aa16da7bfcac4029c583d0d12be147d0 |
| SHA512 | df6104e6eeff6179df92750707d0a6630926b5138610e3541d8355cbe48fb054432548eacf2fae5df55afd158d238f4d1470dda2c9f2524c83bd8f35ce5617c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d381c34f9a933ea92f93737f6a4385a |
| SHA1 | 10301b27365ecb4700067dd120b0267de33288fe |
| SHA256 | c71fd26afca005d1e2fe127def52e1177b1b6f8910133049cfec3c14210a3ebf |
| SHA512 | 01f92f3d7923e5c6c24438ab01ac3597c788719fd495ee0f5b28266e3ef4eababd571539dece5f90dc01d1bb895d85f04ab804157238fa57109ad313fd79faed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | eb51be8460c9461b196ef337bb437ff4 |
| SHA1 | fd4b123dc00f9fed2a05bc09150625b2420a8811 |
| SHA256 | 65654462ddb736ef920bed2a5a1f5a01b6f89ae117d5b90296a92c83a28f23b6 |
| SHA512 | 90fa52320528740d955fed2a451f906279ffce7ec4394d7354e26fb0253177d2059a37e6a67147b4ee5b0a2d2899ad3ca328c84eb1ab8a29d4159f633538f336 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | b2f17a5053235d0d9eae8a0862252f90 |
| SHA1 | ea53ab3268272fbb12a07c30d732540ad272424f |
| SHA256 | a42249bb79ced9f07ed981f9b542ac9e51babaf72b65ed6dcce650d867fdd66c |
| SHA512 | 338425313fec37789d279c7f526a685175c756675a0d9e648d9884c407ebb33dd449410cbe1a4d16c0b3f550265d5bca49b6ca351d2e82bb4797c9cd81056d9d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin
| MD5 | e0da9be8ca13605643b348b56fc01945 |
| SHA1 | 0c042609282c6b49d93617f3ce5ea80f699aaa88 |
| SHA256 | 915a9da638c762a787e8b206dc362f38d694a2fc22587831f0e5a7a580135b00 |
| SHA512 | 8b7be6d3cd3fb169c96a44e868e3b181aa3cf45cdc9c1377568fd2f3ff890501ccab38010ffe48db71f7bd5ca7bcd808727e595d0501b94b55c3f555e1b24eb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f63701de74fa5398b8df4c6d99301e27 |
| SHA1 | 5b6fd133cb3e8f4b03a801bf8cd9e1105dacaff9 |
| SHA256 | 4158c1078cbb28069cd79b61b9f959632ac3b6459fef9edb435c9ef297728b49 |
| SHA512 | 6c3ff6a14a947e4c9dd15b5a83b285ea10f0db811b1cfeddd50e4636f0e9a58ecaa559fac4f0309dd0a3a43785556d958d95dbb74c3488eabd17a071f18eeb4e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | 2140729f13b0e272ae5736e75f10dcbe |
| SHA1 | ee8d4b0bff3994bb34b01f2a7b8f9120e7fcf78c |
| SHA256 | a1173c0cb799d31e8a6f7672b40db933b09c18cf06765ea31bda79fa49cfb99d |
| SHA512 | c89ebcd38ee5b6b798d6ffbdf7adbdd9630a7f9d67d38f5230b45b97d6bbdef99e9600d9f8e45a854e87fd3c37ea51079325d984a354c827f916eba0343c321d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7422501566202b565ba20e249c5b943b |
| SHA1 | 0bb812aae898ba4b6abf6f86bb451f1cd30a13b1 |
| SHA256 | efba7d0e0bf960218a97d18145afa5788962d954c08ea629bcc73ce36a4b338e |
| SHA512 | 641e27c1875163725d6c3be048ad058a9b08f98c2dc2d309981d26138a931f212e1741cadc569b1083389c95733d135ececf5cfce37191ff584e2fdc11f41d1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1ca2804021b2d3abed5a8581d7f26c9 |
| SHA1 | 9af82f4661253421edcb4bb447d48ccf98f9a625 |
| SHA256 | 639b3f812bec5404f9f2a7241d2294ca42a3270a0bacad5d27618b969740f6f9 |
| SHA512 | 5be17805f02dd77d3df526ec4dca82005fc1ba0fe245581cb554baa72feaa4990dacc8e6c7e5525b4d94f8361a56a1a4e7d34ed512eca705855fa35913fcfad4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 70be824b085a35e508331ba8c0783fb9 |
| SHA1 | fa4bb5748987f3a1912a62d6354ae7d089901f13 |
| SHA256 | 7a7583392db1228cd4ac635a7df9298d5a778152d377d909e62516f091e91a7d |
| SHA512 | f5488fee2be38b70cd09fbc69b8bef6e2c0cb12f625b3325bc6393383d2c809ccd91023f74301ae442d7876fa64774fd95c89d2b63d35e52260a620a76f4e4fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6de3c6eea828b419e2a1e0211fc59a2 |
| SHA1 | 5999b4d3911c6ecb4ff90e34fcd543f738a472dc |
| SHA256 | 2af52fafda184e9903e83287488d16d8a1b454490fcd87eda97c75f841941323 |
| SHA512 | 28b6652b8d82fa71a038da6a089c67f48ad535402f41ab9fa75945ca712483d6459f32166c38bf63d302edc36366b8655e737b9feab2a956608870b2e2b8e3c2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 768aa6c3e6578a9a4fd6943e46aafc28 |
| SHA1 | a704dcd89b6a11b200f03d6ba5e9e815cdca4a68 |
| SHA256 | 91ac35654bb1deb3897e86e5d21d8174227b594bf7602248ef7bb0358b4b3de0 |
| SHA512 | 9a6f39daacd9a833d7833edaa7f8646d76bd0cd31eba1e35a20df9763fd83ab70eb4318c3886276185416d42cf0aef65f69509a78c02b442eb935700abc67e60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9baf9621cde4a8f2a3b06e7722a1141 |
| SHA1 | e21376176d7435e6ff02190ad8c8bc80d6f16f75 |
| SHA256 | d8ee025f9f913dda41dc7c6b3a23a94d662ed3126464274d9bec3f91e480f49d |
| SHA512 | 88b9fc4fdf20110b5513c8ecbddabb6306fcb1be0e2e3b1f29b9dd30e8ea2113771ec92332d8e923455cf4b4e4e7bcab274263bc37924ae84e1a9adb9a7a9ad9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\doomed\30401
| MD5 | 4fca5ce8fb186e68eb54059f44b8927f |
| SHA1 | 281710f908ea95f9b26b75fcaa250967991d3682 |
| SHA256 | e513a210fea797ccecf00b9f75de53cfb1a4340e44a5f466fa808e23d80aaf9e |
| SHA512 | fe93607d33f259a9a97d9843034dbad46f937a15b572545d535825105bab4888a47a9572e3d74497271685a063c360d3b242efdda993210731605fe6540a48ed |
C:\Users\Admin\Downloads\CHN1pHSO.zip.part
| MD5 | a7a51358ab9cdf1773b76bc2e25812d9 |
| SHA1 | 9f3befe37f5fbe58bbb9476a811869c5410ee919 |
| SHA256 | 817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612 |
| SHA512 | 3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3c641c82b1930122aeb02e6920bbe381 |
| SHA1 | 48d7e89fe18e4a51224159799d64647edf230ba0 |
| SHA256 | db5187d388984477f4e2aa715ff624ae67456c90b59b07d1d9ec747d3a513336 |
| SHA512 | a224426e9e189ba98a117bc116a651305702a796caa3f4c42c419472d7e7d1d0266cf1673dae9e9356d33160b92a8b82f21bfc8b88e15ef21d08f7bd001d0801 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e2a1b9d26824df965113f8d9bc9f7175 |
| SHA1 | a7486a0498b8e5e4f3ab30b16885ac7fccff300a |
| SHA256 | c3954da915864004b383548682282e47009819d5e4dfbdf15a500b3a2aeb1386 |
| SHA512 | 6b9f771fd2b9933ab69e2badb8e32c96a717bdb7fde53d154ed77916719b38366bc3a4513687ed2bcd93910830829dd98b30500e38229e4871b3e8bcdc381f56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2e1606c2104520db8405407e60830dc2 |
| SHA1 | d5ffdc193e9598194142d904cf6cf7bab1123da2 |
| SHA256 | 27c3065c872a8de71026bc588e807f33140f31ace24c22114a962dda36f90a03 |
| SHA512 | e554bbaedee2751d50b0da974b23f84c347d3328e0bb39d2e1656072591c0a9bccb8bc42b47cedbf870364df1180bd91fe124758e930e08a64411bc1c7a6c3af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d7dfd2f3267936b04d450a7b153651eb |
| SHA1 | baff0544139718fe928143e89ad8aa0397908807 |
| SHA256 | 9e0ba7652a1493116ba39d9278dbe498f6cad1a4fc69d0a7376c7a103ad32d26 |
| SHA512 | ddcecc855bfb23dc37eb3dce89469639c326abb096c10e169dce3d64f63a06433c14fcaf55274c99081013d52fd3e386a9d9065ff90187d32fe4cdc8c21661be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8ad508aa5b95831643055cb66b6b164f |
| SHA1 | f58971513378ceea65b80bf1e7dbd4d5cf0dab0c |
| SHA256 | eda5edc4ac741891c4d86cb7ed7ccc63440a60935ce9df93b81ed097f20dd474 |
| SHA512 | d5dca210ca0c0882cb2ef3e895fd6fec32247931925e9b17546637b344244ddaa683483488e7e2f67924ca933666b0519ef51beb8504ff85e592039f5468afc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ed5fd8885629640e1b4c5fd6ccefe12f |
| SHA1 | c6e1f214ab2aea43d2c0fc62004629ffae567d2f |
| SHA256 | 4264ade51c185707680a6a9ed4a178d0a7a5538c2c89bfa35aa7a3553fd98566 |
| SHA512 | 3a17d895740e538589cff612f86a2fc520db39d83c7c7a65a5cfad38c758737850ec12f94ac4980bf7efbb7580cbd062692b47ee8eab147c77a0fa48d470f1b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 71e7a0b312c5d87c95602e1961cfab2f |
| SHA1 | 6e81b0237b95d39fba943c276f1859a8b22d5dad |
| SHA256 | 7ecde64053e535b16f82818297aad4e4089e1a359de76a625389a0967da316ec |
| SHA512 | 6d4026dba6facbe074720fb0a24bc8587dc171769ff2fea7173554d1709a4f9c98caabf3ad8b7a1109286457b7ba86ebacd7882842d1b65b4e6ec6f839b25e43 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 918bfa6b0af6381ebe636c55f7395d3a |
| SHA1 | c2175f151fa6c86528de62a631f89e883011c729 |
| SHA256 | 66a5ad2f726129167796d6b144ae4c72040b12513840dfc8b06ce184f6b50b47 |
| SHA512 | 0a118c869be5245c681a45163a894e730c5aa75262c1cc21db0436d9cc28ad1ec651f1f90175bb52907c15192e1ca991494f6d948f324ef01374903fdff44e0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 193056571978822bc07b0869f563d6d0 |
| SHA1 | 30cb8205f91448e91ea545e4f18f63c8d9c60bae |
| SHA256 | 83fe76a2f032aaea78c9578f620d5eb005cf134b90b634f54fffdd5f3b708298 |
| SHA512 | b3fbd11945793fa6201fc64ed8c537206ee199a7297251effc87c7089a662d0f8262ce6a09b78746c9fe6eeeef487e61ba24918ec3a5df55b32003c761c06b31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 69c6e6ea95af04bfe0ad4bd9f6bdf32e |
| SHA1 | 40466516a1f3f472503409797c9ad2e5163f2805 |
| SHA256 | 37558d25cbda9706d0371579ca4935ebf5777c4bbc89aaefe6c48a1ec084ea12 |
| SHA512 | 0f3a768fe9e3d99893eb8b65032e81b262dcd2347b54876a9e7fc2897de0c2974f976ff235dc16cfc8ebef29f531370d4795e3c1e5352c90b92e07426f5b5710 |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | 860168a14356be3e65650b8a3cf6c3a0 |
| SHA1 | ea99e29e119d88caf9d38fb6aac04a97e9c5ac63 |
| SHA256 | 1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9 |
| SHA512 | 0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc35a8d835fdcb9fa81503f2a2bad600 |
| SHA1 | ae6a2999adb1426197d35bafbaf2fa5fdb54e154 |
| SHA256 | b7901fd7f491e8c4771e7f1e505cb6cbbbcc30cec29a60b6bd923702c86c23a7 |
| SHA512 | f6577418cc172fda202456c6b7baac124be527e63e2a51702907cc1813ff5bedfaca28452b8c6ee618a2a53eaaf03f34fe806903a0cfae85c0b4abd5b39c8eea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 6af2ab7e6ab7418b947aafb0b46a714b |
| SHA1 | 1740732191fa74f1c83d74bab05675ea2b8188a1 |
| SHA256 | 0c5dbc7d0a551648c98f126c565c24509810788ff96699e8c48aa0cf9849a995 |
| SHA512 | 97ef06bcc57b1b2640a930de048138358d62b3b7e559da82259dd7d76fa21e796162705465df611d9fa552c7773f9d8e98aaf63a7d8f57c8409193870c99f31c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b6283120077b54ac950304fbaf993613 |
| SHA1 | e1acd929cfb69b3196a6303f4843aa92ad7ec599 |
| SHA256 | 20c72708c2bf8a686cb9f480a623b9b3001e7fda755dddfc739d05a1ccf27eb6 |
| SHA512 | e9a18c5da9ba3c4c5199cbf058ee554f8bb318966b82fde9b073ff2e0aa7477a000574a6ce38438f4d7a2ebf75c09a97d6ded6817477058e9f8c12457116cc4a |
C:\Users\Admin\Downloads\gPPPelVT.zip.part
| MD5 | ef4fdf65fc90bfda8d1d2ae6d20aff60 |
| SHA1 | 9431227836440c78f12bfb2cb3247d59f4d4640b |
| SHA256 | 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8 |
| SHA512 | 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d90edcd80c9abdb9b75479cd21df967c |
| SHA1 | 9f82d85f3533b8348ebb4720062486809c502d9e |
| SHA256 | 5e3472b498b7c222d1323587a0490bc5750b14eb345e21ce855316f6d6a44353 |
| SHA512 | 8c4cfcd9bdb7088d202c42b01cf97029f7f2cce84d84e3870b1eb560348a51412771ad4d831334978e5e3a05e81acdf907ae518b5374d8f4cc7fdde099b4ae93 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8c128b76becf49b811d49611589040b6 |
| SHA1 | 2a54ece048ccdfb0ce68c17c98b11a6e7910957f |
| SHA256 | 11aaee8aa24d8c4b832b098298601fdb4c4d21596843e6bf75c22c664894758d |
| SHA512 | b6005e9c14f2da0e1aa6083a68abdc2b939bbbe0068127341dae83625e297b7ce6d199e21ddc913f472a7ee1c2d6f27487fb6ca8e26438a2c56bb96b689a9acf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 924a5de43e9212ae552d3df83ffa951f |
| SHA1 | bdc086bac30f7927489233533a51b801d66b170f |
| SHA256 | 4e178cbf66aa0b21d05e54d0c8f006130a75638210d7acca81659034d7cbf689 |
| SHA512 | f378ebd2c95be4e87c3236bd420c554df6b985495d4afb287bc71b808d1d68b833dd38ed278ade477fc1371fb5242d5bb5580051e50dc7e51931f64ca9d7e776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | a73ea7882d08830533e9d36dffbea0db |
| SHA1 | 4503f42b20f62a4a700c8c161a5515a78116f1d2 |
| SHA256 | 93cdc43b74c11175c9a833a45b789794716a8fa9b2533bc0fb9b324253df76c5 |
| SHA512 | c329a321d3cec6d1fa6ee139793dd2acf845393da48eda204f29b46e3e80b66863135fa8b319eab7c00063ac774fa7ec60626775e0591ef16eacebf73ff1a9c4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0a2b68842e1dfd6e36357776faaa916d |
| SHA1 | cd1dba08830bb7208cb18a72b61477c2c669f7fa |
| SHA256 | 6f39959580c1e3ee6f27d7d147da4b92817a4a8ff74bc2fdc38ff96dd9cb04f8 |
| SHA512 | a14e52a56e37bd5a911eab780d081f5cac4b3b554213b52b4d96199f9cdef954fad63f3a531548a59347e762b1e9c6554b09afb5ea4e55314fce4b6314d93899 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 064cb97eedaf034e6543d7961af071bf |
| SHA1 | fa2acb47efb917ab8fa62180280cdcfe033abcae |
| SHA256 | 9afd8ed4c48928b93de559f5c963911701cc00f253eb1ac3fa7af9776b8aec44 |
| SHA512 | 4c76671d86273c65ba5abe2c83a9fa3c279910b243f593d81e610c878f60287dcda3a6c77ee95b10319598e7e7ecd01a1b681c59e764f1c97eb5c343e100efbb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\jumpListCache\quraQ_bNVtspgydp5NAwkGHx8rzUQzErZ24WafaY1pc=.ico
| MD5 | c9da4495de6ef7289e392f902404b4c8 |
| SHA1 | aa002e5d746c3ba0366cd90337a038fc01c987c9 |
| SHA256 | 13ec8c9e113de6737a59d45ea5a99f345d6cba07f9a820bb2297121b8094790f |
| SHA512 | bb72f0cc815e7b4c44959808b153aad28dbced8d97e50f83ef90229d19ea1c4b3fffff650bf49efe562451fcae0325cdbdffc1a5c4ec5d2c7c70ae9d1a0d8a16 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\jumpListCache\Bt78zPhskxJ1nhEfPeVPK+X3abkQQreJVQWGyi7mADk=.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1d569180866573a63a25e3e763df067a |
| SHA1 | 57e7087ffb9b6700331d6eada4b62df64124b9ae |
| SHA256 | 9451dac7b53f5457933d3be42404d7a453b143c4f673ef668326b73b9dd6d61e |
| SHA512 | 85439dd6ca1c987405b640c2062e2c73b8ebe8aff65757659953a1c802167240e932597b73690cae47cc254a21fe0ca4610909993b1c9e2d32e15973122e9cb4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | dc09aa1f3e57234c06f64bb7af6be5c8 |
| SHA1 | 7efb14b130a228341964ea4c7c3cc42b94ca92d1 |
| SHA256 | 7cadfbec73af6066c6fe44ec039b70d7cfc63782c4d59c2a2326635dc29f71b6 |
| SHA512 | fe40e31213ee8571086e08f7e9c4c420915e55cc3bf56c3cb1ce2e25730d6e7ba93df005ece27999fb75e746ad03c34b10c9b85b36597ad7af7add9e4c1e2128 |
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe
| MD5 | 989ae3d195203b323aa2b3adf04e9833 |
| SHA1 | 31a45521bc672abcf64e50284ca5d4e6b3687dc8 |
| SHA256 | d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f |
| SHA512 | e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 81bd282f207ada36914a6b5dd0f808b0 |
| SHA1 | 6559570583accac61ec105cb58814a3b73335d15 |
| SHA256 | 2d624254c2f22e64d5b3d401102dfbd26e8db8bd9ede5ad6388632e3d93e8de1 |
| SHA512 | 15c5676256223a174374cf272c67004510f61c24030f1e9583a2416928963fe380021c0a496c70d00f6b6a5055bc46c6786e7f139127cfb89c410619e3edea30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2f0ada10e674bd7368ff34b7367ca221 |
| SHA1 | bc5a2b785095dbba339521e1bf7307093787e1fe |
| SHA256 | 9dd5dcbabe60447d94f10401dfee3c6d2f6b0521187c524e934128a879df2d57 |
| SHA512 | c0fb84bce775caabc66c914b5c4649e74ae1aaaf3213c8c11e71a7566516c50211da35342c4d5d778fa73c0aa858ae0aeec77114d21fb52cd40a0b387f34411c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37d3d1dfcd5242ab879de152790ff348 |
| SHA1 | 1cae4a5db7f6d1bb735c46cf1722b846c54a6312 |
| SHA256 | 1533db0856db03b1f4d017280e7d10dffd5022868cf84f369442f23160ca3f4a |
| SHA512 | 43f07dd18b71036c9e663d789b8befe1ab681be7bcb29322cdbaee9dd31e052091cda1f442961d92760ee20428a4a60ca384c45ee77ec5f97820cd54d2a30606 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | eea9e9c8efaa4be85bd442b339096981 |
| SHA1 | 7bb6402315c56d22e0252ccc98583d7d977d4c5d |
| SHA256 | d707f5f92a7fcaf0ded8399f7f787e5ff992413d83b4cc2e4f482e86e2cefc47 |
| SHA512 | f4a2eca6db52605d7b9d0caa60a5d8df3205b60471c0518a6c24e61b834877948a2b43eacb0ab3ed66ea0e9c78ba3a5edd4ee4981e2809e2434e1de19155d3ab |
C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
| MD5 | e263c5b306480143855655233f76dc5a |
| SHA1 | e7dcd6c23c72209ee5aa0890372de1ce52045815 |
| SHA256 | 1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69 |
| SHA512 | e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113 |
C:\Users\Admin\Downloads\NoEscape\NoEscape.exe:Zone.Identifier
| MD5 | 855b405ed94a44bdf272baba04cb09c5 |
| SHA1 | ed0e892663d1ba262e10d5501ed606439cc8b3ea |
| SHA256 | 5a63f6e83a5c2166565eca5705bff7e18652e9586d5a23eac2edeffde9390587 |
| SHA512 | 56ecdae0d517f92e16f2a331148ac1b56c4defabbf1bef7253f97e4dc7cb3a35fac82f76ff8cbff02d194a3b5c2fd160e09075fdfd1f097e35a460d0f9f29070 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7974cad4d1f3aa839f5771d23ae134f4 |
| SHA1 | 4a44fc5ca402ad5573339d4d263d3377f987b120 |
| SHA256 | 5431e519de6d0a5db82856fcc3cc7f69ed7ca4face66e1d7f911606c3e4f2d4f |
| SHA512 | 2e580eaa36a161c99804cef486ec1eb486d9808182d84c0c0f40f87b39e21f17bff478dbd568e3bb4e4577349a08c19052f3bed132e82e99235c5b2cd5dafdf3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 521472586ff80c43f2fd330cfaa6babc |
| SHA1 | 203b321886e5e31887083678d28774f2da9236bb |
| SHA256 | fd1c39105a564599c0922ff9161782c8c7e2250edcb0bcc03c5c3e10a5be3263 |
| SHA512 | 4202f21595bba8600aef716bc0f16584d754807eaf3e08a009705a4c16c4ac7dac487172e1af23b2737c772ea858db2bc68109cf1949ec031b520872d9ea185c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 532b91ae14c0e35077aa9e70f26c2671 |
| SHA1 | 3635262698ca4c0a03ff8e7ca3f344ff3a26703b |
| SHA256 | 6a45b0c4ec243ffbf834731fd3cdedf05babf9c0d32ca0e197fdf34fb361a130 |
| SHA512 | 33fcef054c8195a1e18f76cfd9727c322b7fe634c93b012bc638380e825fd170a2805831afd04e35ed96aff0b777268f58dc926cd6bc46780aa3310a25aa2b13 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | a3acfcf124735c234ab76b16d6daee26 |
| SHA1 | 68bf54de0c2ca5676155bb6cd67ecf616ab323d5 |
| SHA256 | e741eca87ae00744d31fe37b809ec950901f603ad94f47d560d733b4da5025d6 |
| SHA512 | 6fc64e4b59758bb4794bf51cfcf0c96b362e41774db45af7c78f73f6a2299382106662fa527144562bf6e558b5ef74429d3938969e79b4a0e954bbaeb50e82b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 08d3dcee265b119ff895f8b12886e32c |
| SHA1 | 2a9476faa187ea47151299f57da5abe82af7c8a7 |
| SHA256 | 2553ce1e8c40cc6a04e5874bc75ef911f9effe9c8e204aa92395f970f9f664ee |
| SHA512 | a3bc4842b411f1db7e95b249f11f15334fccea73e4e75dc7c16beb8c678b96fb0377868f313e6f266c607e2384a5bc97eba81a99e446ecc8e985bf60191dde5e |
C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe:Zone.Identifier
| MD5 | 9f43a071ac6a18fd7beceb3a839e2971 |
| SHA1 | 3e9b057dc1bf9e637d6c54f126ec1fe5d065fe7d |
| SHA256 | 781b04dd059e9b1f2a8c205e03cd9126c4fd226940d13418313bd75714c99938 |
| SHA512 | 6abb380acde7088c0ff1f6d641cdc06698d89d6ac649ebcf2bdd7c46902f382999c2d7697c14a9f3a7aac97a2e71c30c8f010c5436feaddb78b8c1e2302035c9 |
memory/5164-3136-0x0000000000A60000-0x0000000000AD2000-memory.dmp
memory/5164-3137-0x0000000005520000-0x00000000055BC000-memory.dmp
memory/5164-3138-0x0000000005C20000-0x00000000061C6000-memory.dmp
memory/5164-3139-0x0000000005670000-0x0000000005702000-memory.dmp
memory/5164-3140-0x0000000005620000-0x000000000562A000-memory.dmp
memory/5164-3141-0x00000000058D0000-0x0000000005926000-memory.dmp
memory/5164-3142-0x0000000005650000-0x000000000565A000-memory.dmp
memory/4748-3144-0x0000000002F00000-0x0000000002F01000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a086e4c85bf90ac4cebccbc351b34e14 |
| SHA1 | 7bc29e2e70c8a277b271d907285b091718769908 |
| SHA256 | 9eb6d45d9614b6bc0305f6243d6f3c2325003509f6d9e3d9dfddfd42efe72f27 |
| SHA512 | 1f96a6d635d9b20041f3d3f7029494650ecb977e784981e9311d80049db72fb36c5bd6953baec063e59650445099d290d8a6617a9b536bd935f12efc82060021 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ea60695b3bc419497d717d435bb1ee86 |
| SHA1 | 3036c0ae5c91794e1f0bd77d52b516a4f95f410e |
| SHA256 | d6162387a700b37a800c12462f65599c8940f75f7f892ef05c724f396827933c |
| SHA512 | f53abb5ec657f0150c0cd796ebd98651fb6d847a2bcd6101906739b3ab276db7ad75b9ecb6b04a439659b93ace42daf8eb0c03974c95bde86a02ccfb40e914f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c244c9d9c248896bd3286f153e4ff8e9 |
| SHA1 | 0f2e59721bff0c462250bcefab5af38173fc786d |
| SHA256 | a35006e04a4ed14aff8780cb02f106efdcfe5598b16101bbd3deae647319875b |
| SHA512 | cbd4089376cf97984f433edd135cf9f38ccf1a6522e2e783ecba233131e10908119740930fae60b0902c521087030fded66788ffc36c0b8722cf446b839e82d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 9694519579b6330b8c4ce314c1fda05f |
| SHA1 | 0a690fe8ea66e4e79416b4c25ad4c929c15ec8ac |
| SHA256 | 38adacbcf76c0025373028d1488e06cbba091aab8f69c65bef04215c6286f0c5 |
| SHA512 | 7ebc670cfa56d40b1474f5448ce178f1c7bcb9f7fe2428353908045036c7730c4e583f8ec0d509eb7abfeb03f49a956a487e96cc76ba17c9acf1086924cf0c30 |
C:\Users\Admin\Downloads\aDx8y8zr.zip.part
| MD5 | a7bcca47b5413eb92250a45f86d1ab75 |
| SHA1 | 915ad4c18ae188da9ab338ced6862c4efb670091 |
| SHA256 | b7f82523253c3a1f18de5c649a96132820d89274cdf7a8c5cd3f47a79e76ed39 |
| SHA512 | 4a666fe25bbaf41ff217a07bdd19fd9e2f57dba228511d9ae92d3ee75adaeb952fd91d4d4472e0c73babfb86806d54ddbe3d603ae124545b89ebdf570db19d87 |
C:\Users\Admin\Downloads\CookieClickerHack(1).zip:Zone.Identifier
| MD5 | dce5191790621b5e424478ca69c47f55 |
| SHA1 | ae356a67d337afa5933e3e679e84854deeace048 |
| SHA256 | 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8 |
| SHA512 | a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641 |
C:\Users\Admin\Downloads\CookieClickerHack(2)\[email protected]:Zone.Identifier
| MD5 | 1de81045d6158df78af1b974a7c745a9 |
| SHA1 | 72cbf6e8e67518b92e0aaa3520a42e45f4eaf2b7 |
| SHA256 | b0f2db6d44c531cf747d4d8c7f2c5f0c9bac2eed6bf55f9ef4c6df7b9656196e |
| SHA512 | 66658f7a19cabe82a080eaba2e969009317059452363ddb4e521fb346626420248c9efbc9761292bcf1130a1c30933f50e47d20929aa8cb3ef1126a73ea497e3 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | 24113810d971e1d21b24fcd9e8e3fd95 |
| SHA1 | 7826f1b38e9100ecd941ff1a057df4620de594f9 |
| SHA256 | 9b9835b9194298501309ec635734812cde77109265f5a8b80e83fc3d1b4530c5 |
| SHA512 | 9b765a911777f60d19609a9b0462340895d2c1c9d83f2c3476953d52ae7c16847e209b2a5935abb845cc8fe70b69a3079eae3909d3a92870e4b11b0a92d029c7 |
C:\Users\Admin\Downloads\CookieClickerHack(2)\[email protected]
| MD5 | bc1e7d033a999c4fd006109c24599f4d |
| SHA1 | b927f0fc4a4232a023312198b33272e1a6d79cec |
| SHA256 | 13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401 |
| SHA512 | f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | bd938f5e48fd9dc79d77c31a50a8dec1 |
| SHA1 | c730061741910e6cce45ed115cf9e1804ec5af6d |
| SHA256 | afc8a7d64fde52210b1db7706afb3544ae31aac9f2239ce3720291db7b6805ad |
| SHA512 | 49369d48cdeb4c2c020ae7887dc08cbb095a3732941f999ed156fff5cc495a7e7551efa1fea9a312036a86b22ec62fb1a653f065523c9a08a0a9c39e13c5ad37 |
memory/5728-3413-0x000000001B2D0000-0x000000001B376000-memory.dmp
memory/5728-3414-0x000000001B850000-0x000000001BD1E000-memory.dmp
memory/5728-3415-0x000000001BDD0000-0x000000001BE6C000-memory.dmp
memory/5728-3416-0x0000000000D90000-0x0000000000D98000-memory.dmp
memory/5728-3417-0x000000001C030000-0x000000001C07C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | dbc3a8c12231f8af9a6ecdc744fec314 |
| SHA1 | e4a8d2020d5d01f6b0c5869a749ba6796a3764c8 |
| SHA256 | 931fdd2097f6ae302b0b3a54fe8a619bf52791ba5a563bb61a57ba21f1d8e018 |
| SHA512 | 474903fb82995debb5da079b628c0c9361aac16d96a6cd3e7ad28553461c205f3183d6d3a5f5d15fa7eb9a6a918cbc3887fa685878734686fad9b0e47326e0b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json.tmp
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | d86b4a3401ea9d4130e1e20dee6ceb47 |
| SHA1 | c3963b06f2d4a1e3671870047ded60e45590a480 |
| SHA256 | fcd181a37106ffeeec466f23fcf7d48475986edb506bd91daee01c849a6bbc6e |
| SHA512 | 2b89e315cb3bb3d536628108e206038e79e326d6ab1350ae79458fb1af00d93287ce178eea6d814a46e67f84fe22dbeca8d2463ed366521f92723e14c7349920 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json
| MD5 | 977172ce8fd01d91919698ef056816de |
| SHA1 | c46bda306e13f8dc3fd83554ded41767178b8b4f |
| SHA256 | 398cd2f6c65a77772b6df0ec3a14d7fe9cab6eff371237af79563de7a086339a |
| SHA512 | 939e09ed80f0e87136d01120a8c0f802eab4449192a03cdd31041902f3d53b9949f92ba1518ac14fd19c99f3cb7255d2e297f21f44879163190374c2909d12c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c717e5d7-568c-4662-bbae-adbeeb691994
| MD5 | 1e5257a09fc610828a0c45ec5bac9f2d |
| SHA1 | 2ebd6cac153b9f4f52b1f6fd4efb15cebb55c917 |
| SHA256 | 93a43c68ef7f81391daf9c6482b203ac05480c4e86dec59b5cf83059fe48d982 |
| SHA512 | 35e91a708039cfc7e7c98f1d8fa0e27e377327ccf4e2b9b303ab1d575b851e0cf207cdce3f8c0860e6b87a457c6efcff3bc6c6e41067006855b7469a71d74f7b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c413113b-97b9-4d7b-b56d-978d8ecc18b5
| MD5 | c1233ce80cf4c3141e8555b4c511da9c |
| SHA1 | b536edeaee917e622e91d0741f0b72b5200c0ef2 |
| SHA256 | e017bf3791759231821c9d88e39e19adcc9c4f405280fbe41b4078cf58271984 |
| SHA512 | d9ef3362dd65b2c7fa92aa82ed7dcf7dda54a88777ebf109b1e8ffa437fadf4213d68f62074333a424b7b4336b10be4e10fc538232760b4e3e4fa5b174b08bf1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\b93c7e4d-2c76-429a-a55b-7926035689be
| MD5 | b67bc453ad323d2b90979704cd7b4157 |
| SHA1 | b257f0e82915e6da04ba31cb6de138017b5fc376 |
| SHA256 | ae8e8550f6e4400daa64d8866ee76717ddd32bd6ebea3219ca21c176737e73b6 |
| SHA512 | 0882925f0b1bba026c662a2cc45db0b416e80b97fd8a8050a721ac92bf5fda466ba63e6c1313c4bee168288b36c1c58497c80f86333c6eecc2b05cb4b2836d7b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 73bcc8d7f3567693ebeeb22075d27d47 |
| SHA1 | 39d827fa4d02f093e1e6e32cc3d5fffaa78d7385 |
| SHA256 | 4dbc7aab984a3f3b652ea45f4ec6ea354cc402dabf1c0849717f70c58a847537 |
| SHA512 | 884ae2a4b5a733272afb5ecfbeb8804b793e587dbd68221bdda369063918d98f51a2b785d4e2afd5faf5778f324a1d00baa855ba771572f7a52e4f7aca34e787 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\startupCache\webext.sc.lz4
| MD5 | 5a76bb7ca33ab8ee1ef9582ec06cf748 |
| SHA1 | f8f15975cbae2212aa6e60f6ca0996ce081a6ac4 |
| SHA256 | 1d0db5fa30ccf7a702269c47a2ae808df845d1dadfa1603dca19a18749583229 |
| SHA512 | 95f7e58293eac42b3364bc475967ad66af7d84465249b9dc4b8e5fffdf2fb311998685534eaf794364f2890814e9791ba74f49f3a48fe7c3394c24a9673ca7d6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0
| MD5 | 4d9d0b8e52b6f98abbd725a2df06ba43 |
| SHA1 | 2b6389d72a41c868ed5a98455c7d10dc8c7ce698 |
| SHA256 | d278e1b4ca4384af0179893906352d28b21b8fbfa405b4f9ae6bb96e6a1a0286 |
| SHA512 | 28bc77fa864c27baca7a76beba1c28da0e89c321bd5a9a6a8035820aa1b8a29e0e1a833ece15b979bd94ec3dde4b78e62017721555f9338ee9c233d510626dfc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\44A812B5BECDA170D79381AA91D0961F29436101
| MD5 | a6d5ebdfed2a95dca877e442db8932da |
| SHA1 | 7f3eeb00cb33db6785880e3edcd75ec8ca834963 |
| SHA256 | f802f1adc6cf9cb56a01119874a763e7f976f9e1e7786db935c725c349ad8d35 |
| SHA512 | 3611b303c0cff2a59e9d0250b91168376dda55707d1a620b6c57a65da608ef0533afd78089217695616455b5cae8ef45b2b90f22ced9fcc83dad9b96c8b6f352 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3
| MD5 | 0f0fb7cb3683f1b978f348d9050d6c3d |
| SHA1 | 9d2dfa365abd27b7a2ffc32c4af28220962a41d8 |
| SHA256 | 2126c433a8a3c51b6adfb5d215c7045c946241fe070ded55beff263c356c3a74 |
| SHA512 | a7091f5263f30e355dcb49d56f558549e459ae852eabc3493cde722554e78cf6419739cbd3a0ed252abd76f4c6845b5cf6869f1b6388dfdebd5f6e053c0502c9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\79679B23E6BBEB689E1C79E27C32C20C5EC9DF47
| MD5 | d009011e604172655456d6745da3b51a |
| SHA1 | e7075fc8b4451ea754ae15866f424636ec999298 |
| SHA256 | 7c81b4ce10d74b2b153fceacf3f08ead3cd1c801ecd76e86ed1de96104b508a2 |
| SHA512 | 75aff4cf3ec6539fa42b13910bcad3728630189caf00ab677609c9e0108c3e56d81d9b6d6790fd071b0b9842006a44a3ef42f0681c9e6614a2d6fdd429a08984 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078
| MD5 | e067fcbdf513deb838ccfa318e5621e1 |
| SHA1 | d2e9e4efd97b682aa8bf360a4fc43334a6c7e8d7 |
| SHA256 | 84cbfbcc923e8ac696e0f03f302335567b3fa0d0ac42ea7044455a83b1111aa4 |
| SHA512 | ba1c93328ef08566f852974dc48c6071021c490c76ec1bfdcd843341de1af9a7975e68a42f8ed169af9d6639f0e48e8639bdb9949d75afdc4e8d2cdbd355fffb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\73A861CDE699EE431D74FE52208FA22781309C1D
| MD5 | a370c170869628073c6851e9c0d51d37 |
| SHA1 | e0efd37ecde2a47b03de392bce5e9c790db6d31d |
| SHA256 | 133980be2af0aa4b1f9205e4f53a69c0c5da5950e0e5b2d0fe6c92f310224d0b |
| SHA512 | eda71bb73e27127ec4514b3e094e1ac1e7a11498fbfa685ffd3817122817f3c04db4a4ce9d4c291fdb673d14dcd240466075ee0f23bcd2296b78eef3ab02b560 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\AFA9B8322A34ADB148B30328FCEFDA4E33EAFE00
| MD5 | 4f1f9836288ec3f91877a0333709cbb4 |
| SHA1 | 0bc972584a98f094e1b88d912d9fb19c45547123 |
| SHA256 | 5968109dad94fb5b40c64aa1c758766ce6d889ccad9438acb42db4aefa08a478 |
| SHA512 | c2b467baea37adcb5534d72c883def7f8709ba82537c03bf354e131cf8c5a18fefce48d76a0d195839012b5acd01deebc67f88b0419badec823d2cf36512f99e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\75E10B6CA912F3DD72B094B84BA83E8A0158EE6A
| MD5 | 253f05374fe4ff476369bde0622c341d |
| SHA1 | 9c3707d37af56f82e3f7a5d399397e33c3aed7ab |
| SHA256 | d946c6c9353bb416856232b7fa2462cc374d1d2a13ec2f9937c0c0208cf8f02a |
| SHA512 | 7e35e48243fac8efc7f06ebfeaa26752086ba8d7072fe1dee9579a35d59b7323df517be92712181e029ae594c859fa7e62494c5b9df13bf4ad2bdc0f60658d41 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\4A472A1677BC1843EF62A5E99F0318F11EF48A12
| MD5 | 7f535df7ca7c60740f0b367e9217657e |
| SHA1 | 9926c704fb564e102212b995d545ffcd12851073 |
| SHA256 | 7e67f68f52b858dfd73790985a5cef942255590dc5807aac22cb018bd04623d7 |
| SHA512 | c739aa5bbf73a650508a4884480cf1ab2a82417281a6f9b00e97d7aee1e8423be10748122275b631ef23b9722b83e12493dcf91607b89426e34dabb31f47392c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\5F0EEB28AD7C5A74D9BC991713992FA5BF2B8FCC
| MD5 | 438bd434c832a1b76ba9a2ff44af0279 |
| SHA1 | 49f826cf1d3edeceb644e78d9a45fa25b5649337 |
| SHA256 | 59b4f4371c6cb28611d126d0b2f87a0b3d4a6a301dfce160d95ecbc99ee909b8 |
| SHA512 | f630b46416263928b055e5465906dde1a14f65cf56fa9adb6d5fc3204c59398b00809284d4e46239bd046a4d7d296b461c635aeb1738f1bc30141a702fa4931b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC
| MD5 | c5a364ae1b033bc7170e0310a3ee4974 |
| SHA1 | b7945ef8ab21261c4960306e1747de1c62c22ba9 |
| SHA256 | b0f787eac1962e818a874bde0394d3a19119077be7bef131409f999f4e820b24 |
| SHA512 | 2c89f9a6c607ed636ff0b65792d2bf01afecd6747bf2ba5327ba35f0a6ce2079b49d3873ad720de50baa3de0511d29805dcbfe10f85c027760fb0c9f8e4a818a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BEA4DD767DBD7BEF2D1146F1A7C7B6DBEC858F1D
| MD5 | f59a25d9bc5e90764c251ad0aa2f9e15 |
| SHA1 | dc895ea612bbacd49ca425304acb785dcb9f39c8 |
| SHA256 | 1ced62b4198a17df426cb40e7ce3a0e6cd11d128578f40858b8000ee47b897c7 |
| SHA512 | 06bc806cdd43cc0c97f4835f86d52a831cf5b6c48cb9aca3e05b110c7425a09b90a96ad4c2d14c01aea505f9b788eafa0510255ac1173268c0a038b49966db88 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\7FB78C9D4678D3E57F04D54F36A2847939730A90
| MD5 | 14ad1380b26d2a99547bee91c78dbdfd |
| SHA1 | e7cb0832f3516633dac758a59a75f6b049c44023 |
| SHA256 | 4854f5cfd50c94072151cb7bb47455fdec1e24eb7f9602e79efce98c438b9748 |
| SHA512 | 0185b2818d464a74dbe52dda1b339349cf13834e67586692e49aa0f9b02adaaa61e75d3bef882d167d42d6209e0a3bdb8480a45627e1423fa6961d9dfdce0f08 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\4CB526E6AB19E3D362E9A8F54B3D7D7966D59641
| MD5 | b1164e9b6da03f0207a4436f738a070d |
| SHA1 | 08d8a16a0beaadd6cdd00a5747c0ecc79d85ed93 |
| SHA256 | 53f1eba20fd60e7cdb0d2bd731aee413954e94d0cc1a9e8d3f762161f4ac577a |
| SHA512 | c9f19035364eaa240c6527db8be9a6ca2f7bb3e2ecaf7e6d5016bdca246b01d3da77bbb6e5603225e472a741e633e65199213222a65f63f0253b769803b88609 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml
| MD5 | 9428825fa70d7346f175bd1b2485c6b4 |
| SHA1 | afb31ea8a3e4d37b13d9fe2f56ef61e81033a015 |
| SHA256 | 31b3761e452b7c586ec7a7c0dcb39da6467f3dfa280a0282e2eb0709c13f0fcc |
| SHA512 | 890e4670850c2fb8216eff85c91363cbf03f7c27ef76917066ece66bd956bb436c5aa42712bb13bb20ae8ea678d04766ebc58b18f2a39c53dee33056e001246d |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\57ed7f02-cd53-4ac5-b099-8fb1a2dc555a.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133731776319561878.txt
| MD5 | 80e55d5643d4305dedcb2686764fd662 |
| SHA1 | d2e14e1ff9514d87eafd408f1b827ce04133b821 |
| SHA256 | a5e0e7f7ebe310c812ebc160364ea3f78a36d5363109ce8d4a88ea5c0b84bda2 |
| SHA512 | 381ab3774c400d9370c3e993d799a48e9ea51d0503fdf2fdecb241afafc82b17dc1722d0b69f1d6f1bbb1ed79b2d9a1a038035689f20b50172abaa68aeeb5664 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml
| MD5 | 53d5c4a14d9e04fc3d68839e8fd5f089 |
| SHA1 | 5f4f061d8011ba30beda96beb32787524ae752e0 |
| SHA256 | f338c0f09a9add8f34e01dd56baa5249f7be5f602216621e571a4c62a742e674 |
| SHA512 | 763a089115f51ec340d69cecec40c2fe03225c758ec739554c3eb8bfc383097f6a75e4b887178999865c81c489a1d9de91b678eff1784ce675d305d5bebff01d |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml
| MD5 | de0552308868172a567d805a1101cd2b |
| SHA1 | 3d0be65c58eb84ce7c49ca7c2877f94611bc0e15 |
| SHA256 | 5f4b0daa8f11699c7d4d081f806d7e022298f509fd103ce5f313303b935ae680 |
| SHA512 | 3ba1c2aa69edb619c1610cf3ca04f774604d96bc07796b0a91a98a42be7a41597fdf4e4d436a9b190ec7566e2b5dc319755e648d93071a8f461793c5e43a0658 |
memory/1996-4746-0x0000020ECB710000-0x0000020ECB730000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js
| MD5 | 6c1db6f6723f2acde41182edbe4866c7 |
| SHA1 | 92e1c2e0a12ca5d690e215e4bc4698f6fb4495d4 |
| SHA256 | 5316efd4e0581044e0bd18bbdc517de9d6de4fb9f569397c625d7d5a16528c98 |
| SHA512 | 0046270ccc5fe170770804a214834a2162936ae1b3edadd63ea826ee31ee62350712e31521123571da1a4ae7e0d76a1f17325ef0d4a5f97ce1fc75d70f08a520 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 32c0826428571b0a96169620b82f6672 |
| SHA1 | d4ac4210fc81950f7a386dcbefd5dba12a25d9f6 |
| SHA256 | 5c58ab3c08fde5e3d0538b94a6a9c47b01e31612897b53ea65b1e7b2cf5e8939 |
| SHA512 | f56bb55716c70d230df53ddcc5077910afba966f1694c67e9a1c91798aa4b704a76dfce958691af5dc00a66fd8232d11dff6da901f08201b8bbb62f9be024ed9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\DE19FBBC0296AA5572AC5AA18B372DEEB6773A76
| MD5 | cf011edf7faf646df3c473e8917ce2d0 |
| SHA1 | cd6b261a93841a5864436c53d5bebb501d32e18f |
| SHA256 | 655357f36c090214c58801afa6880e2e640c67c22bfec5dcacbbe0aa8a6d37f4 |
| SHA512 | b437b95c06494c6480e6e6bf20745a0ec39786fd8bfd1f21c5c65bccf4d156e854115bfbe42b44887d266b768929fca656a62a1c307bfc64e9f1ef3cf35327a7 |
C:\Users\Admin\Downloads\3bNCf1RD.zip.part
| MD5 | 69977a5d1c648976d47b69ea3aa8fcaa |
| SHA1 | 4630cc15000c0d3149350b9ecda6cfc8f402938a |
| SHA256 | 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc |
| SHA512 | ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f60597bc2f6a411cd67f5b3db3aa5e74 |
| SHA1 | ce915809fecbf6a2c898c0c9fd7e48906ac8119c |
| SHA256 | c27bd3eaecda9140384a80aef389f7dd60bd2b545f2152c02a4ae9539da20751 |
| SHA512 | fd7015628f4048cf84f24d3ab81b671587bf96b47baf540f2ace0cdd2017de05e0dba733f6e580ac6b427fb8ea1cbbc5a288f7cf02d6bbe34542bcc05ceba620 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
| MD5 | 7b8dbd408a9616d98ceb1174142d673a |
| SHA1 | 6b5c5a17a8902b8f6cc4c376deb39deae94945b6 |
| SHA256 | 071256707133d428f02907a709856374b9ffab775166c644e65c4f6fee8f75f8 |
| SHA512 | 9d5ef5108330f8b41f361190c71612bf5c1183a5fa52a27ad5f695d5f84ad93b8b6875ef18e10739965597992ab625b5777c2954dc88f0720f740413f12c97c1 |
C:\Users\Admin\Downloads\MEMZ\[email protected]
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\Users\Admin\Downloads\MEMZ\[email protected]:Zone.Identifier
| MD5 | 8500b4e61469876221e37a4b7b9fabca |
| SHA1 | 6137fa6affb5c8daaea9c3d40994b00175ccbd11 |
| SHA256 | 4302f0764aef9b19393988c51f218f5ab65a9582c5d848549cb3118165f3077b |
| SHA512 | 0787cb0b4316996522e75649d51c51a48770f27d832742e5efa3b7deae752e549475420b1e6e9bc6acadc74c64a9fb3bc8dbde3ae940a2db4d1152c0f7207915 |
memory/2648-4876-0x0000000076D90000-0x0000000076E0C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\crashes\store.json.mozlz4
| MD5 | a6338865eb252d0ef8fcf11fa9af3f0d |
| SHA1 | cecdd4c4dcae10c2ffc8eb938121b6231de48cd3 |
| SHA256 | 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965 |
| SHA512 | d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c |
memory/5012-4939-0x0000000076D90000-0x0000000076E0C000-memory.dmp
memory/3820-4999-0x0000000076D90000-0x0000000076E0C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4
| MD5 | de8f4a44509764acf1ab9af0a243ad51 |
| SHA1 | 10d2defc7f92be7a56d707f0a34e687d431fa09a |
| SHA256 | d4ee6e0af648648ac7a174ee7c78d6846dda935521532ba28d4d1a3be6cf3972 |
| SHA512 | 856a7a475a42ef2ed88c510327fdef508ec33ef6352e6d558858ef4bd1d4f3aee1aa15a45e8d5843f549377e569134d0c21c3fd9b65b6e25115b93c147aa9b02 |
memory/5848-5065-0x0000000076D90000-0x0000000076E0C000-memory.dmp
memory/4940-5125-0x0000000076D90000-0x0000000076E0C000-memory.dmp
memory/2648-5186-0x00000000035E0000-0x0000000003964000-memory.dmp
memory/2648-5187-0x00000000035E0000-0x0000000003964000-memory.dmp
memory/2648-5189-0x00000000035E0000-0x0000000003964000-memory.dmp
memory/2648-5190-0x0000000076E10000-0x0000000076F5D000-memory.dmp
memory/2648-5191-0x0000000076E10000-0x0000000076F5D000-memory.dmp