Malware Analysis Report

2024-12-07 14:41

Sample ID 241012-dwdflszgqb
Target New Project (29).png
SHA256 ae06fad69f4dddab841ba6d7dc425feb6615f12d38df0e9f297dbbe6c1366892
Tags
microsoft defense_evasion discovery exploit persistence phishing privilege_escalation
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

ae06fad69f4dddab841ba6d7dc425feb6615f12d38df0e9f297dbbe6c1366892

Threat Level: Likely malicious

The file New Project (29).png was found to be: Likely malicious.

Malicious Activity Summary

microsoft defense_evasion discovery exploit persistence phishing privilege_escalation

Event Triggered Execution: AppInit DLLs

Blocklisted process makes network request

Downloads MZ/PE file

Possible privilege escalation attempt

Boot or Logon Autostart Execution: Active Setup

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Checks installed software on the system

Power Settings

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Detected potential entity reuse from brand MICROSOFT.

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Access Token Manipulation: Create Process with Token

Program crash

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

System Network Configuration Discovery: Internet Connection Discovery

Event Triggered Execution: Accessibility Features

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy WMI provider

NTFS ADS

Modifies registry class

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

Kills process with taskkill

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-12 03:21

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-12 03:21

Reported

2024-10-12 03:34

Platform

win11-20241007-en

Max time kernel

774s

Max time network

779s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\New Project (29).png"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Downloads MZ/PE file

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Power Settings

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\takeown.exe N/A

Detected potential entity reuse from brand MICROSOFT.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\SET3DB0.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\SysWOW64\SET3DB0.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SysWOW64\msvcp50.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\executables.bin C:\Users\Admin\Downloads\Bonzify.exe N/A
File created C:\Windows\lhsp\help\SET3D6F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SystemTemp N/A N/A
File opened for modification C:\Windows\msagent\SET3A21.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tvenuax.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\chars\Bonzi.acs C:\Users\Admin\Downloads\Bonzify.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\msagent\SET3A23.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3A26.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3A3D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SET3D5D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\tv_enua.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3A21.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\andmoipa.ttf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SET3DAF.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3A26.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\SET3A3C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SET3DAF.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SystemTemp N/A N/A
File opened for modification C:\Windows\msagent\AgentAnm.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3A38.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentPsh.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3A24.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\mslwvtts.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\help\SET3A3B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\intl\Agt0409.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET3D5D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\fonts\SET3D70.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\tv_enua.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgtCtl15.tlb C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\intl\SET3A3C.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentCtl.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3A23.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDp2.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3A25.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentMPx.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\SET3A39.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\INF\SET3A39.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentDPv.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3A25.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3A37.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\finalDestruction.bin C:\Users\Admin\Downloads\Bonzify.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\msagent\SET3A24.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSR.dll C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\fonts\SET3D70.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\SET3D6F.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File opened for modification C:\Windows\msagent\SET3A22.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\INF\agtinst.inf C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3A3A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\Agt0409.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3A3D.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\lhsp\tv\SET3D6E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\help\SET3A3B.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\AgentSvr.exe C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3A37.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\tv\SET3D6E.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\lhsp\help\tv_enua.hlp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe N/A
File created C:\Windows\msagent\SET3A22.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File opened for modification C:\Windows\msagent\SET3A38.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
File created C:\Windows\msagent\SET3A3A.tmp C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\NoEscape\NoEscape.exe:Zone.Identifier C:\Windows\explorer.exe N/A
File opened for modification C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe:Zone.Identifier C:\Windows\explorer.exe N/A
File opened for modification C:\Users\Admin\Downloads\CookieClickerHack(2)\[email protected]:Zone.Identifier C:\Windows\explorer.exe N/A
File opened for modification C:\Users\Admin\Downloads\MEMZ\[email protected]:Zone.Identifier C:\Windows\explorer.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

Program crash

Description Indicator Process Target
N/A N/A N/A
N/A N/A N/A
N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Bonzify.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\takeown.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language N/A N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A N/A N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer N/A N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133731769215823938" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry N/A N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry N/A N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD4-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668} C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\3 = 5c003200153d1a004c59ad1b2000537061726b2e7a697000440009000400efbe4c59ad1b4c59ad1b2e00000000000000000000000000000000000000000000000000eaa0830053007000610072006b002e007a0069007000000018000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{143A62C8-C33B-11D1-84FE-00C04FA34A14} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\1.5\0 C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ = "IAgentExt" C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}\InprocServer32\ = "C:\\Windows\\msagent\\AgentMPx.dll" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server\CurVer\ = "Agent.Server.2" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C87-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentSpeechInputProperties" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\ = "IAgentCharacterEx" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31C-5C6E-11D1-9EC1-00C04FD7081F}\ = "MSLwvTTS 2.0 Engine Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7B93C92-7B81-11D0-AC5F-00C04FD97575}\TreatAs\ = "{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CA141FD0-AC7F-11d1-97A3-0060082730FF}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\ = "Microsoft Agent Control 1.5" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4234" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "165" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4BAC124B-78C8-11D1-B9A8-00C04FD97575}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C85-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\ = "IAgentCtlBalloonEx" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlSpeechInput" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7B93C73-7B81-11D0-AC5F-00C04FD97575} C:\Windows\msagent\AgentSvr.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F} C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "690" C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "9956" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}\2.0\HELPDIR\ = "C:\\Windows\\msagent\\" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8D-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\8 = 4e003100000000004c594d1c10004d454d5a00003a0009000400efbe4c594a1c4c594d1c2e00000065af0200000019000000000000000000000000000000595ea5004d0045004d005a00000014000000 C:\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5BE8BD2-7DE6-11D0-91FE-00C04FD701A5}\VersionIndependentProgID\ = "Agent.Control" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "6550" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\ = "IAgentNotifySinkEx" C:\Windows\msagent\AgentSvr.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{48D12BA0-5B77-11D1-9EC1-00C04FD7081F}\ = "IAgentEx" C:\Windows\msagent\AgentSvr.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "165" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDD-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" C:\Windows\msagent\AgentSvr.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\NoEscape\NoEscape.exe:Zone.Identifier C:\Windows\explorer.exe N/A
File opened for modification C:\Users\Admin\Downloads\YouAreAnIdiot\Interop.ShockwaveFlashObjects.dll:Zone.Identifier C:\Windows\explorer.exe N/A
File opened for modification C:\Users\Admin\Downloads\CookieClickerHack(2)\[email protected]:Zone.Identifier C:\Windows\explorer.exe N/A
File opened for modification C:\Users\Admin\Downloads\YouAreAnIdiot\AxInterop.ShockwaveFlashObjects.dll:Zone.Identifier C:\Windows\explorer.exe N/A
File opened for modification C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe:Zone.Identifier C:\Windows\explorer.exe N/A
File created C:\Users\Admin\Downloads\CookieClickerHack.zip:Zone.Identifier N/A N/A
File created C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier N/A N/A
File created C:\Users\Admin\Downloads\NoEscape.zip:Zone.Identifier N/A N/A
File created C:\Users\Admin\Downloads\CookieClickerHack(2).zip:Zone.Identifier N/A N/A
File created C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier N/A N/A
File opened for modification C:\Users\Admin\Downloads\MEMZ\[email protected]:Zone.Identifier C:\Windows\explorer.exe N/A
File created C:\Users\Admin\Downloads\Spark.zip:Zone.Identifier N/A N/A
File created C:\Users\Admin\Downloads\CookieClickerHack(1).zip:Zone.Identifier N/A N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Bonzify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe N/A
N/A N/A C:\Windows\msagent\AgentSvr.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4412 wrote to memory of 4008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 4008 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4412 wrote to memory of 2692 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\New Project (29).png"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffbeac1cc40,0x7ffbeac1cc4c,0x7ffbeac1cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1688,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1680 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff781064698,0x7ff7810646a4,0x7ff7810646b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4308,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3452,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5216,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5236,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5244,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5220,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5264,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5412,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:8

C:\Users\Admin\Downloads\Bonzify.exe

"C:\Users\Admin\Downloads\Bonzify.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im AgentSvr.exe

C:\Windows\SysWOW64\takeown.exe

takeown /r /d y /f C:\Windows\MsAgent

C:\Windows\SysWOW64\icacls.exe

icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.1_none_9b404ac522e88eb7\MDMAgent.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.1_none_9b404ac522e88eb7\MDMAgent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.1_none_9b404ac522e88eb7\MDMAgent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\f\MDMAgent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\MDMAgent.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\MDMAgent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\MDMAgent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\r\MDMAgent.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\r\MDMAgent.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.22000.469_none_403fa699a3654657\r\MDMAgent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentSR.dll"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.22000.1_none_eff22b32a0d892a9\MDMAppInstaller.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.22000.1_none_eff22b32a0d892a9\MDMAppInstaller.exe"

C:\Windows\msagent\AgentSvr.exe

"C:\Windows\msagent\AgentSvr.exe" /regserver

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.22000.1_none_eff22b32a0d892a9\MDMAppInstaller.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe"

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe"

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

INSTALLER.exe /q

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\f\mfpmp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\mfpmp.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\mfpmp.exe"

C:\Windows\SysWOW64\regsvr32.exe

regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\mfpmp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\r\mfpmp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\r\mfpmp.exe"

C:\Windows\SysWOW64\grpconv.exe

grpconv.exe -o

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_97c4601a91ef2a4b\r\mfpmp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_713e4e4444c3d34d\wmlaunch.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_713e4e4444c3d34d\wmlaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_713e4e4444c3d34d\wmlaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmplayer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\f\wmpshare.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmplayer.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmplayer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmplayer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpshare.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpshare.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\r\wmpshare.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmplayer.exe"

C:\Windows\msagent\AgentSvr.exe

C:\Windows\msagent\AgentSvr.exe -Embedding

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmplayer.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmplayer.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpshare.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpshare.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_069016efd47610d8\wmpshare.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_418429ddc6d1eb8f\logagent.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_418429ddc6d1eb8f\logagent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_418429ddc6d1eb8f\logagent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\setup_wm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\setup_wm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\setup_wm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\unregmp2.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\unregmp2.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_04376727db53ed5d\unregmp2.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.1_none_aeeb7558e0091044\mighost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.1_none_aeeb7558e0091044\mighost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.1_none_aeeb7558e0091044\mighost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\f\mighost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\mighost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\mighost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\mighost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\r\mighost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\r\mighost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-migrationengine_31bf3856ad364e35_10.0.22000.348_none_53ff6ed560767984\r\mighost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_45947734591e316d\mobsync.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_45947734591e316d\mobsync.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_45947734591e316d\mobsync.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_089d1713563c5f72\mountvol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_089d1713563c5f72\mountvol.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004D4

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_089d1713563c5f72\mountvol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_6dc8af5cc18b0564\auditpol.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_6dc8af5cc18b0564\auditpol.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_6dc8af5cc18b0564\auditpol.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.22000.1_none_35e1f264b734c538\MSchedExe.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.22000.1_none_35e1f264b734c538\MSchedExe.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-mschedexe_31bf3856ad364e35_10.0.22000.1_none_35e1f264b734c538\MSchedExe.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\f\msconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\msconfig.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\msconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\msconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\r\msconfig.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\r\msconfig.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_10.0.22000.71_none_bcb9c63bb991a4c6\r\msconfig.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_fbc5ff99224f8cee\msdt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_fbc5ff99224f8cee\msdt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_fbc5ff99224f8cee\msdt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\f\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\msinfo32.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\r\msinfo32.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\r\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_688486d306b27285\r\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\f\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\msinfo32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\r\msinfo32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\r\msinfo32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_8e1bee8f157fdd6d\r\msinfo32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.22000.1_none_7e6a217fc1ce4322\mqtgsvc.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.22000.1_none_7e6a217fc1ce4322\mqtgsvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_10.0.22000.1_none_7e6a217fc1ce4322\mqtgsvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_705039e1b9a16858\mcbuilder.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_705039e1b9a16858\mcbuilder.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_705039e1b9a16858\mcbuilder.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe"

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe"

C:\Windows\System32\mobsync.exe

C:\Windows\System32\mobsync.exe -Embedding

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe" /grant "everyone":(f)

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3472,i,4244813138083709116,8977571586015960391,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5672 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe" /grant "everyone":(f)

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe"

C:\Windows\SysWOW64\takeown.exe

takeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe"

C:\Windows\SysWOW64\icacls.exe

icacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe" /grant "everyone":(f)

Network

Country Destination Domain Proto
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.178.10:443 ogads-pa.googleapis.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 142.250.178.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
GB 216.58.201.110:443 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
GB 172.217.169.78:443 clients2.google.com udp
GB 172.217.169.78:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.110:443 consent.google.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.212.202:443 content-autofill.googleapis.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
GB 92.123.128.149:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 216.58.201.110:443 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
GB 142.250.187.227:443 id.google.com tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 216.58.201.118:443 i.ytimg.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
GB 216.58.201.110:443 consent.google.com udp
GB 142.250.187.227:443 id.google.com udp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com tcp
GB 172.217.169.78:443 clients2.google.com udp
GB 172.217.169.78:443 clients2.google.com tcp
GB 216.58.204.78:443 encrypted-tbn0.gstatic.com udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 216.58.201.110:443 consent.google.com udp
GB 216.58.201.110:443 consent.google.com tcp
GB 172.217.169.78:443 clients2.google.com udp
GB 172.217.169.78:443 clients2.google.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 142.250.200.36:443 www.google.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
GB 142.250.200.36:443 www.google.com tcp
GB 142.250.200.36:443 www.google.com udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 wiki-prod-850398177.us-west-2.elb.amazonaws.com udp
US 8.8.8.8:53 wiki-prod-850398177.us-west-2.elb.amazonaws.com udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
GB 142.250.187.206:443 redirector.gvt1.com tcp
DE 23.55.161.211:80 a19.dscg10.akamai.net tcp
GB 142.250.187.206:443 redirector.gvt1.com udp
GB 173.194.5.234:443 r5---sn-aigzrn7l.gvt1.com tcp
GB 173.194.5.234:443 r5---sn-aigzrn7l.gvt1.com udp
US 8.8.8.8:53 234.5.194.173.in-addr.arpa udp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 233.54.223.20.in-addr.arpa udp
US 8.8.8.8:53 215.124.142.52.in-addr.arpa udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 222.125.142.52.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:51523 tcp
N/A 127.0.0.1:51531 tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
IE 52.142.124.215:443 duckduckgo.com tcp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 duckduckgo.com udp
GB 20.26.156.215:443 github.com tcp
N/A 127.0.0.1:53433 tcp
N/A 127.0.0.1:53438 tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
GB 92.123.128.149:443 www.bing.com tcp
GB 92.123.128.161:443 www.bing.com tcp
GB 92.123.128.161:443 www.bing.com tcp
GB 92.123.128.161:443 www.bing.com tcp
GB 92.123.128.181:443 www.bing.com tcp
US 20.42.73.28:443 browser.pipe.aria.microsoft.com tcp
US 52.108.9.254:443 wac-ring.msedge.net tcp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 254.9.108.52.in-addr.arpa udp
NO 51.13.112.137:443 fa5e511754213a5dcb8d0510bfbd81b1.azr.footprintdns.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp

Files

\??\pipe\crashpad_4412_MZAZDSDNGLDYKIUV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 33ef647b1ad2cd6583a6c3b000a454fc
SHA1 d9b1ce4ea82e3b8905d9639343d9cec606ec419b
SHA256 66e0b8a86df445cef2f3dda8a04b85bcd37ce7aaf4ac37961afbffdcef5d222d
SHA512 40fa8b78be9a6f75a063df23a9e6e30bfc29b6078f1885c5c574f792358a0f8f7fcc492baec1b64fc88974fbd994f10fe568f19b62a8998f6ae5b958eb729a7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 816846150cf298ca05496c16264fce7f
SHA1 969a32760f0daef484b13171804a536e3f673a96
SHA256 2bf5e8b2469d80b71b579c7ea207dc6d237ef4845c1e246ab24fdb3d94fbe960
SHA512 c68f7a80613b3decbdd237d8e125504595bb090dbaeeb4eab02193e965d2f662c5d5518c01dd82b7cab82bb01d9aa464971e3d09d837cd030988a1935c3475fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 30ff1ea849bdfa595708d5ac5c7740d7
SHA1 87746a217591f165aa4c34574ebe95f944067dd4
SHA256 ff341e087679f5d07751d864452e4eeb771f3bc7cf2245798ddaba170dba74d5
SHA512 db366da7bbb7a80beb98ea44d8d2bc5181d7747fae9da80483ddd3aed4432e8330ce0838b2caaa48b5b19db0a8dd753b65309f1f25c507402369a4e19152225a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 3b494c90eb34c358f27950ac4afbcfcf
SHA1 901fc5611e5246e102903dd21882e2da00fda8f5
SHA256 63f9af2d9c22db16c8a96658aee2b79bcf63d93624c8cb82f9f601a7836a1193
SHA512 7a6642004f2ff5f1ab8e19af055f558654c09b439669ad9ce8629fef62843d705cd5f44bcb2318afae8b30b39a720b2b6864d1fb25a664266ef0f823a582e669

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c84ec6b05d0cbd9babcf451b9582ff0
SHA1 76077120b93b984937bb84cdfbcd38bc826e4785
SHA256 89c133198b249075863fcb22ba20dfd8b497b9dbcf02a8ed328d5f9f236d4460
SHA512 1fda031aa43c8130c0dc21ee7bacf391b3ed652c65eac833c40ee2e90a02482867f90f876d52b7cee01d6a0bb1d2a3fa907416a5c3c8d07677cee8a1d05a99b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 480a9652b0e02f9f12fcf2b983b63223
SHA1 c5afbbd5a9d27d4233523939fa6f99da8074c302
SHA256 392460ba22590d45b1192ba9d1c88dd020b59fa75129b47e8d7447890cba139b
SHA512 47c27f335c6b9f1a9b4d5fcf201c8f26153b103be8922584fe6c582ef1d766156e30e6bf87621801f6b0e4513cde897007a8d5f9e3b3780fe1f665c60b58c637

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f486b1af260e17e4bb62ade2469522b9
SHA1 e45400527c3bb8dbbf88b4231cd433631bb59c8c
SHA256 8bbe631864307f21738ac3296bc025ffbba3992ef114ac11b11ce22a7fb5300b
SHA512 8749feade4ef287136cd69607d2f26cd0cd85a918fe8b7b2480de274966467e0f9accc7969cd51dadd2d1cb7bb07b8a0c8275d5d4e3344098faa38f0192beb6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 50316601f52a2dc6a8592708b3ec863d
SHA1 429f3f776d9b07523144a3201836794a3a887f18
SHA256 f6c4e1b49520c6d0dc97ed353a4f8b74ab29476eac437fbd2fae0f5b74100a19
SHA512 a28ada751aa2768d9c0d2781a972b5127298fd0fc5cef49ca5aaf770b8794d2043e2bb63ab95c5bd35843799fedf4e8179230eeb76fb94b86a259cbb7e4c8314

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6ba2746cdc506482a0e661c3925ba81a
SHA1 c0431f5138ee939c06a49db39a4761848a98d147
SHA256 40e264603e6d3316eb10ae8da28eab9f56104161f6012de7f40611854832df8c
SHA512 4364c3144384f64c6c9172e99066a0045c2afbbed4f118f221ed5260ba88135312cdc7d69389bbd844eadd9ec170233bc7ebd27c777f1855e0f617c8ac223fce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f72bd8617bf882f74240c37a73b6f46
SHA1 962a4c53695c9207872204cbe175b4b18c6c7ea4
SHA256 4beda28702eb40332c7fc9cbc7e6a76e8a7a0f1fc369ac28ff3931c86e9b0547
SHA512 a2e1cd87a9291d59cad446af897a380aabeb7428783ec0e77bd2947b23f7be2f792430a35fef707744cf1c55cf43e52539c2b031d94f0e29c300bbe0e4af97a0

C:\Users\Admin\Downloads\Unconfirmed 837650.crdownload

MD5 fba93d8d029e85e0cde3759b7903cee2
SHA1 525b1aa549188f4565c75ab69e51f927204ca384
SHA256 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA512 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a95029c63328a3d7bb21884f06681ad7
SHA1 ba73bb9606096a9de828852b361a1531cc26d299
SHA256 f11fdbc0bc893a404cba6312270685929c882e7c2ee2ff70571eda75d40f196a
SHA512 8c742a1b7961b16968819a0201be2b15fabfb40e0734ee425f05c093c57c03b9dac080d12978193723a3102d9369859099f289d00f861dc4632e802b691d7e15

C:\Users\Admin\Downloads\Bonzify.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf8fc2a55f87b832037a4562b50e655e
SHA1 d57c218d821d26fc956db0b800b66bdf5f0941b8
SHA256 886b237de0d69fdc39b676e451a264d6901fcfadaf3c3154e46b747f485d775d
SHA512 a4ec0b1a62ad7e85254149938b103d886e2d6e089b35fe7b77c074f632ce80cb460d0703bccac152ccd708f651d4b908cc5824d5cfbaceab943009f85883c897

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6c94c68e1376dd01868889c8ac37c1ca
SHA1 b3364661cb55ad1dc5e33a604d69c5b26c95c23e
SHA256 4a3ec3aa1dde798c6ade36ead04863b9e477781127b0f923fc7ac6dd79aa44c4
SHA512 769846f3cd0a66c8efd99786897815c25c79ccf7f7ce1df276e7cd70ab6194d9022ef15fc77272fbe7900ca0cf091b58f6c865a53302adf69ca0ab9a6968c721

C:\Users\Admin\AppData\Local\Temp\KillAgent.bat

MD5 ea7df060b402326b4305241f21f39736
SHA1 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2
SHA256 e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793
SHA512 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c5937fff42e9a04c7b54bf859819f53e
SHA1 1a6e4ed5eb7ed3622ec8c5503e1c6f22210089e5
SHA256 5f007ee9c4defce0220117ee5e0168725fe41574fd3fd0a565f2451feeefe4ec
SHA512 333f58371a8717c0d3b5e771173008baea3ff4820f3067f8d91334f0f7ba8ab59336119b046289e685ea4692b0690d37e98c7fd58546c22de87c39d810dbaaff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6f1c59d84685a290a4eac3162328c41
SHA1 65fc88231c228d3c67535461f8e20a52c9cd7e7b
SHA256 bf08c171005f0b8324042cf5d589756e064e556f0908de552a87da82c88edfab
SHA512 044c9551e7897874b0b6072250517908e6b41defbed6fd7066016fe4e966e7a300261d81ae605a712365f796f6e8cf61a52f1807241d42508f5809e22745c9b9

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

MD5 66996a076065ebdcdac85ff9637ceae0
SHA1 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA256 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512 e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c

C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat

MD5 f80e36cd406022944558d8a099db0fa7
SHA1 fd7e93ca529ed760ff86278fbfa5ba0496e581ce
SHA256 7b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7
SHA512 436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL

MD5 81e5c8596a7e4e98117f5c5143293020
SHA1 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA256 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA512 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF

MD5 e4a499b9e1fe33991dbcfb4e926c8821
SHA1 951d4750b05ea6a63951a7667566467d01cb2d42
SHA256 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512 a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL

MD5 237e13b95ab37d0141cf0bc585b8db94
SHA1 102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256 d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA512 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE

MD5 5c91bf20fe3594b81052d131db798575
SHA1 eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256 e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512 face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL

MD5 9fafb9d0591f2be4c2a846f63d82d301
SHA1 1df97aa4f3722b6695eac457e207a76a6b7457be
SHA256 e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512 ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL

MD5 48c00a7493b28139cbf197ccc8d1f9ed
SHA1 a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512 c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL

MD5 a334bbf5f5a19b3bdb5b7f1703363981
SHA1 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256 c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA512 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL

MD5 4fbbaac42cf2ecb83543f262973d07c0
SHA1 ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA256 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA512 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL

MD5 7c5aefb11e797129c9e90f279fbdf71b
SHA1 cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512 df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL

MD5 b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1 d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA256 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA512 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB

MD5 f1656b80eaae5e5201dcbfbcd3523691
SHA1 6f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA256 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512 e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL

MD5 0cbf0f4c9e54d12d34cd1a772ba799e1
SHA1 40e55eb54394d17d2d11ca0089b84e97c19634a7
SHA256 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512 bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP

MD5 466d35e6a22924dd846a043bc7dd94b8
SHA1 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256 e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA512 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL

MD5 316999655fef30c52c3854751c663996
SHA1 a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256 ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA512 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF

MD5 b127d9187c6dbb1b948053c7c9a6811f
SHA1 b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256 bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA512 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476

C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe

MD5 3f8f18c9c732151dcdd8e1d8fe655896
SHA1 222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL

MD5 4be7661c89897eaa9b28dae290c3922f
SHA1 4c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256 e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA512 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf

MD5 c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA1 4567ea5044a3cef9cb803210a70866d83535ed31
SHA256 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512 f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp

MD5 80d09149ca264c93e7d810aac6411d1d
SHA1 96e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA512 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll

MD5 1587bf2e99abeeae856f33bf98d3512e
SHA1 aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256 c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA512 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll

MD5 e7cd26405293ee866fefdd715fc8b5e5
SHA1 6326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA512 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll

MD5 497fd4a8f5c4fcdaaac1f761a92a366a
SHA1 81617006e93f8a171b2c47581c1d67fac463dc93
SHA256 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA512 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll

MD5 ed98e67fa8cc190aad0757cd620e6b77
SHA1 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256 e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512 ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf

MD5 0a250bb34cfa851e3dd1804251c93f25
SHA1 c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA256 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA512 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL

MD5 7210d5407a2d2f52e851604666403024
SHA1 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA512 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68

C:\Windows\msagent\chars\Bonzi.acs

MD5 1fd2907e2c74c9a908e2af5f948006b5
SHA1 a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256 f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA512 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e8b20d37e5badd233d21ecb41f54efc
SHA1 f8028fdbadc77bafe1fa716ea3652f370a3f1063
SHA256 a4ee5c9083e0c3e3cea7942443fb2ab7c3b425913166b40a5cbc895e33dfa5e7
SHA512 ab16af583477d5b1ada694754951c14e6a36bae90d4b991d49f5724d3e8fd1a4551f566aa2b610c0577c85e15e995baa42223557e66e861b43cc7bc832868a23

memory/1996-793-0x0000020EEC940000-0x0000020EECA40000-memory.dmp

memory/1996-857-0x00000206C9E60000-0x00000206C9F60000-memory.dmp

memory/1996-856-0x0000020EECB00000-0x0000020EECB20000-memory.dmp

memory/1996-858-0x0000020EFE280000-0x0000020EFE2A0000-memory.dmp

memory/1996-859-0x0000020EFE790000-0x0000020EFE7B0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml

MD5 d1c90f762330f5aacb2f3d2908034d57
SHA1 1362fdbb0f5b08318a9d5d0b830ef42ace21998f
SHA256 c936ba309262ec9c8c2e43936139470909b2e8fa176c2f205b501bec74c07659
SHA512 a1550457fa6558aee182358eac57e0fdad4780140b0931b3ddfd5dde531751d6d1d11ce9733f7b5a2e9341620dbfc0bed50f0778fcf63bbaec90de9378028eb4

memory/1996-943-0x0000020F02020000-0x0000020F02120000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 817e736e9d083786740c921630654bb9
SHA1 46daaf740f760d4e561291a24c6094c706bfb677
SHA256 00c0309960876b32bb442645f473dc7c13aea224ade33bafe959d970f8181b15
SHA512 4656dd32b5eabd050c39e16a9c41d03a08c30e87081a78b727fc57e5cb88edd6be02b435c3609fbe2546bd138b91d0300865c831f8497fe99721341d4882ffab

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml

MD5 f855f477fdfeb2aaa3df27cb88f2aacb
SHA1 715bc1b4b10e5347cc51b6a731750f09a86ab711
SHA256 e112f52a2ae0cd65828dbb72fe25422db04e0200062919c1f9fa951f02e4ac09
SHA512 26da7a17fbd2ceda54476768233e1d052b1eaf14d393d5a8b5118fd93516a0b19255289625cf2a53e9dfc9f95f204842910dfd356db33e6c9612b61bf47538bc

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7975ed70cde668b563ba8a1b4bd45eb6
SHA1 1dcbeeeeb6295a593672624539e0f92afdf463c7
SHA256 2aa7845e16619be571c3d45f0a39fb6dde6ecaba9949c3162d2f1da8ca082a7d
SHA512 1ef6b017ddeb58b1a7da620ebe3e68540e8815394b5757de425afa89175e9130eef398d15d122d7bf1edb888c046bf15796d3921426f81fb3274e3afb1918981

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6597ef28c45f072dfd4c93e4d34e520f
SHA1 2d59ebc405ddadd97e95424663410c75384efdec
SHA256 f109871725fb205f942dc7299db3a2cd2a3d5cf8b6a319c6013631bd965cf8b4
SHA512 3328d05c4507b3e6304a64498af2b697ebab41fb93c618d4ed2cc0343825afb21cc133a6dd08c653bc8f66dbf186850067814916e099a45f893f95eb3332c1e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6d01f615df40ce2315a5cd71b24be91d
SHA1 b650595fbb2c2c919aa1731f1a7bfe7d15340270
SHA256 46ea2a3f9540f157b4d1ffbfe4296432ef01809afbd1126ca50d2904155ad896
SHA512 24b2fb3355a91817624280ea3620ecc481112b0f27faa4220ecebeea7130200414d16a100be3e6d3f24aaf6979bfb2ea0d45e802a6f922f890c7ea7a8fa408f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 66b50b4c61e67dfb67190e87d2c063a5
SHA1 0724cb27e2b6a8b35ede3ac38fa81de2b8b5691a
SHA256 b084613c9b499118fac4d9eeae07ab8a33683c81bc57827930dd3012048dcddf
SHA512 6b5191976e641cb5cf6ea0c7f36cd998bbe97eebae2206f3173e3633751855069315b2824ae30101c94190d2e95835efcd56d53782cc57f59870fd8ae2094be0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 e91ee655fc370fc76cae70be75eb4da7
SHA1 b1c2a36a252373b78768ff0b8c7c414975f8230d
SHA256 2119db0210675f0217218459520534d0442fb93f8d2ad66ba4b20c8d2a430ac2
SHA512 6295ce62fc97be1ee529b0c4dde9d8b806e7972d89378d527740c3865bae85e089883634ad2c3a72b0f0c63f0a0758645733e9e8d9092fb87bd7cc3e95d6c7f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 6a9c1cb513a001ae8c632368ba04fbd9
SHA1 98a14cd125ff5f8e25aa95ee34a8abff73172645
SHA256 457c1b5c098c016c1b13454ae5464b1371e1e8dc16525d9572d217fcb833fe30
SHA512 cbeaa6ea3b05e45fdfe77e124d2bd1e1a03e6ecfe01337a247f67cb9552ee5b50afd17f426fb0ee304d635ef32348f24b346407301853661d2c6dbdd1544a4b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 ef48733031b712ca7027624fff3ab208
SHA1 da4f3812e6afc4b90d2185f4709dfbb6b47714fa
SHA256 c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99
SHA512 ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9719ce28211714ed6f44a9dc257bfa15
SHA1 45f99a3f50bd61cdedb7bd091ce4e30124b22654
SHA256 25ec94344d28ee6fa9dde330ddf461ccf1a433b6c9b71f3d6865ef262112c114
SHA512 d1981374b764c700188f7ac1fe4253a2adefd02e9b09c5d6e470e2fd9a6ea054b1ab4d867b11f80ee46a541d7ac02a0fca71751567f28112635c282f69887499

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d45fc5f0a0f29f00bfae91c665e4654c
SHA1 835acd921affd546f8afd414ef452ec6f83277cb
SHA256 53c0929321be0f4048dcfd4351629df762f53e504ffbf495a0c7a4e78f0ba079
SHA512 943e8a00a541357384249982875241478ef5a122f1e0e6a1fee41a78cb48dc88b5f457201ec52396895f0ef4265c923d6512849575cb5ca62851c34a863e5afd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eedc32bcd11e140ae19f29e400981604
SHA1 d685e2faa0efdd731c2d29a85cffbacc1531512b
SHA256 ee8c6fe24285ddfa9952d9f661ef430e50f897a799a851205218bf4133ff1531
SHA512 e1ee4685b2738aea89823bbbcc1816fdf3cbe952dc0e14f0b08879c892846c7b175aac7828351cd901bf880a823dad9589dcebb27c5000320cac9913179af7b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7835748b0cdba93734df6d9b115801ea
SHA1 4e315e5ee4a9aef66e8e10206e8463276efe529b
SHA256 d77527f866953928fbcf6b05b64c434be6cd466a210f7067e11e2803ab7fd36b
SHA512 32d1aedaed31d4de8bbbcfa48857180bcecbeee19501ab739f1bd740ca064f6847ab7798f2a6f09adc9df62de87861f1ebd32cfc2c5397e3cdbf78a162a9b9c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 60fb62e1a885c2c719bd854745fdced2
SHA1 9aa34ecad8928f12061d3110abef5388b86c0fca
SHA256 de7be29228448882924d988dcfb4f1ada8f317856e6f3664d13c3b71856b75b5
SHA512 c967ddd61b2734d8256483c5aacb21e1eee6dbdeaaeaf18eeff7a007285b31db40d2f800a75851cfe53adc874cf2be7499380313f1cd561581247f30181f5a09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 540d6cf309a077cc0092981fbabae325
SHA1 265f41df748b6d469d8c702e2ca229203133f5ea
SHA256 430cee28902ef758a35ff58aa5b9fc93ebc1d9b29e06c46f76812e4832f0d6a0
SHA512 83d14a723f3feb0b142bf650a4abe9225dd267e263b5132e70a86598c37e61701b8c4c4ab16e81d541a7485e11a450610e059003e1766baab267c78fa004ff9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f44e32da9a97554b7e69e68e2df05352
SHA1 8d16f210e4c21faf3514ef1c4db085fe1bce3084
SHA256 c640aae9b87c911ef120e4ba888c7f747f9e92722836e23d987195648a1fc3e6
SHA512 530155ef72a901d50cde8a82a1454dca8a0de933d967b022388d8011a6618bbec91aae60aabec7849b350ae33f8447e02918e6f869cb6417c4db1d9506ea80ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 7b8b916511d41c0abd1e8565278b0156
SHA1 5ac72f807132849d98ae6bbd32cbe89a8659ed46
SHA256 0e4ab3c20234d32ba39f0c4a74c743181e403eba264faffe48249570cd19018e
SHA512 fb407ac5e78b3d975639160b19617ee3c29e50056ff7bff6af5d520cf9409219d242bfb15707aa9ffb489d06e7768a05f0d440d5e2e24923ee52796db3c2427f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bd884421-e6b1-4a9a-8376-e90482703e4a.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ec1fb5cb81d8bd1f354edeb8646beedd
SHA1 ff16ccde220a0a531e1e0b8a0e7a34680d5af76d
SHA256 8119041c31acc43d992db1c4d5e41d2472366421aedd6f63d7e4774b7fa082f9
SHA512 9a0340fadf59f4321dbaa1aa4cf511d88ce4f9e7ddc4c772d67fec40747cc96ade547e9636a97a605080beb241ef9872faf817e5c9d8ff2495abe9fe3202ee05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4d410f629a529819d2348c24406c323
SHA1 be174d618b26b0ffa63679dc9d7d37c11de958fc
SHA256 996ccf2fbd7bb9981ffa12cb42460bd58f51350ee470eef57a443307485eda18
SHA512 cef2cb30977db635095f032c28e9b3d7b88c7eb5613519fd434e00f8bd03284d171ad91f4252304cca5ad7b3689378bebbd862321759946a6d4381daac60cb24

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e4823281e68815a945d1cb3c1467c515
SHA1 310e6d332426f6d89d9b6f3dd40c0e2477894b44
SHA256 a8af1e8d4ec9fd618c41965af4e313657fe6e5100a813dbfdff88f75fa398c30
SHA512 f940f0d01161c0ca9853295d3d7a5055013b8d08d9f7de39759d5ae5b00d2802d93178e878d270f35b7577126933f3fb697e58b3e9d2279a01ff9551535225ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ca815191b7a5e9e50fb8afd2bf7088d
SHA1 c79024bffc7aee549b7712715f9076be3ae09ec3
SHA256 d1425eebdeebdb52ea3c8fee31be373e6eb22955148313399a79dee9c31b0285
SHA512 efc6e51004b03983bcb7605b32e5426dc555bca02e13bad721a52c4ef848777371c2989f7fb02e5c25b784c212af00031c3d30a9b57c97fb58a9d54ad412213c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 1585c4c0ffdb55b2a4fdc0b0f5c317be
SHA1 aac0e0f12332063c75c690458b2cfe5acb800d0a
SHA256 18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5
SHA512 7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e969406629a1ae36cc93a58e96e54719
SHA1 ddd5cdb975cc3253af4abea20e56d299e931c664
SHA256 473bbcc354d3f7139ba089f08d63083561c92f708afd72a689cd0764160c7806
SHA512 1ff23953c2600d8590c44525cde6ba3526f77c264d3524029b64646a00ba9769df9e990f6f781bab1c66cbaa837e99a2b847fd1f10f7e651834203f4fbe48be9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5087327e354187e742c92ceb49e714c2
SHA1 533c8ce9840d87b24cf27949d00a906d170467aa
SHA256 9bb97f9e7fcfdd94461fe3dbd5801a794ff629877d70023909f9f03b20bd99cc
SHA512 a4148dece72dce033ebf8defe1fb5ac316c1c2f5874827ec08d3ab4eb647beac228da3357e5e31d2b2f73a9be8ed317acfb2070d4011673d6cd616c518196f87

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 15f751a4923673e8ac2e275673d70186
SHA1 5dfba7b90d4a49ac42ce01259970fd7f8141c597
SHA256 b9fed55b27d0f5d8dd46fa340cc05a4ef45bede93e108932db41144f40bf6581
SHA512 452632a7f4f3f1bdc80c503b880a4809cf68060fecec909cebf9dfcb9d09984f34099ff9847ed6bc9528850c5d1092cb790b00b05af9b4c67d2c45ec07d25cb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4961900733c5a5019808949dcdd247af
SHA1 b1bd85b5a8d5e97157a3ae891fdecd4f9ab116c8
SHA256 5edd21ebaf03b5f1f1b4e707433f3163b323370ce840072be48c0c65909d00aa
SHA512 0dd6aab7e3c8c91abe2210dbd830db828b64a839c855d0c6b73b84fb5b971aa3421f5c7359a08f0c471e32da114737d0a2bc765e3cb3737d208c0171ae77ec01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 ad084ae94f2a62341c8a94c326acae69
SHA1 12a3d4b5b0224b69c252e6de42f9c2d38221e2d0
SHA256 be5a10dd2bb7d409794492a1c6aab8ac0aa7f6f8ffb487d2eac22c10e556afed
SHA512 c95be5871884c93e3f5d857f7065fa749d78573ef136577f3dcac7855ecd32231a990986be3b206b75b7ae31d88e2c55fffaf05da6bb4e41eb836f2a8d36d9ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json.tmp

MD5 79f22f8860410e8297442e7e6418cf9b
SHA1 ce1eae42fb2e5f3a7479788ed34e776269fa204e
SHA256 ee3def8df8d28119b957fd1c2b4d6c396cf08e15df5bca085bddc66bc773e577
SHA512 01bf5b55644bd5a264665c359cc24ff17f8f8da4497d953930a1446981e2f485886c1f347e4d7e4a8b9227d51fd20072339c83290782ea155d6e61101a7a6e90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c565387a-e291-4011-8a74-7e35fd79d1aa

MD5 4333bf2a1b0620ae9e6f35158e2c49c7
SHA1 49bb138e14b781852a056e1c82b4f0e31f936e9f
SHA256 860b077040a3589210ec013fd4311d742efcc0c427ddf1d90e3e5e92d743e38e
SHA512 7cf47534539c81c8f808b4db4d8886eee00f0025bcc85c21fa5cc46389f1341723af9d5582d1ceb11ba914f4173423b25dc71471d883d6ac9127e39191f0d492

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c98b9fa2-8af5-4436-ac6d-57a1d7866654

MD5 d034470ac80df4cdc1058cce3d09deee
SHA1 a721076487253c43be43ed2dd66fd19786e16c20
SHA256 81b33c7a67672f5a5bfd4a583f69f75eb960cd89c05e3025a38915c0d3c1cddf
SHA512 ea1d9918a72426094a0a5d55253fdc90b48d74295d86932c20dbcf127ce83aeff74d28eae16dc30bb747034bc64ab228490f571807f24f31f6a308de12ffa70f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

MD5 7e483df181ee69ad5c90dd2db835a51a
SHA1 bbb0a29132ce1a4ce3e9b4a74d72eb91591f4387
SHA256 74ba5c728f865d4875cd0db8dbf1f66488eef3ab99dfe4d29028ce142d87ccc5
SHA512 1f98c0d813890b38efc0ba6d44b6edbb5dfeaa821422e491316d318e3943e4f9d172843fec7fc4600682347a7f737b95d3c231d67532decc11b28380c976e36d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

MD5 1a3070022e53c5535bab2e2ae97a915f
SHA1 faf5f2797c829d160c361de920d937a743188de4
SHA256 1f69126f1fbd13f603be5aedd2b375bfb1a952a9c4a098754a6e6b114b77f186
SHA512 d6b5b951cfab427337555f82f48aa60238702c62e5f99b15cf1c616da29fe349ae6efbd23a8e0404148d1ec828fee8a650be7862ca0472f2a9843974d5c09a15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3808a40ac9f79ac6c2d74730f023a86a
SHA1 49ef1ddaa6721cedef575a6819d61902bd431edc
SHA256 50cc4acfda32160ba8cfc17c7e1ff4012b572e450216cc062079dff512250e93
SHA512 26eff779313cb794528ce5d026b7b938bf7b28e788132f2c7138227e7242d5038e1f9748f1e0129d914dc73ed9c80f4d4d7624777c0771f73c7df3f472de4421

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 465ad604f6e2b92b6534e1742d878ab6
SHA1 067dbef17a619496364f7f62798339655fff6e30
SHA256 4ff0e7a566888f7945024e77dda716c338846f33f0319aa2c9f9bc702293bf60
SHA512 84f95e79d4f93fafb496d7fcd0c859dfde61b7356fa54e18a73aa399503d79254c67396f3a448223783c1f9c72367d3d457cafe7fadba1752f480188698c1523

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

MD5 5e6c1f1054a27aa123f4ec45da81c679
SHA1 045c1c8c8f5aa93b55558c50a58366f0695cd448
SHA256 b1b424d3d89e03eec60acf3cccac1091fab67e9a3af2b3404869a057500e6cc4
SHA512 94ab0fa38b7f8e3ca83c705d4370dfaf2b2958973ee2bbb97daaac5affa6f56ac8c48c88df0a488d96927bbadaf2b32bddfb893081e7ed98038a620560e7d14b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

MD5 c8bb0ae090a2f2d123dcc8e2f56a4791
SHA1 59322cc52b13b1dea388b74cd96c6b2d31a86e6d
SHA256 210663ef0bca946b24256536d18d4961912dd19aad7cc093b577db2fdf638fb8
SHA512 f5a32571937927f032c8b7b9c83ac82c6c8278b750fe39d2280037927cf26fbabe15b319fbebbe5e4d52d5cb187f7e40744b9ca45c5762c30ab7935a620c8058

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b703191f1dde3dc17bded5897a5771e0
SHA1 c2bbbf5ec6a60f6f5e2c44148e10faca7cc758a8
SHA256 f1bc841c1ab25262479a98b3c3c8a003aa16da7bfcac4029c583d0d12be147d0
SHA512 df6104e6eeff6179df92750707d0a6630926b5138610e3541d8355cbe48fb054432548eacf2fae5df55afd158d238f4d1470dda2c9f2524c83bd8f35ce5617c2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d381c34f9a933ea92f93737f6a4385a
SHA1 10301b27365ecb4700067dd120b0267de33288fe
SHA256 c71fd26afca005d1e2fe127def52e1177b1b6f8910133049cfec3c14210a3ebf
SHA512 01f92f3d7923e5c6c24438ab01ac3597c788719fd495ee0f5b28266e3ef4eababd571539dece5f90dc01d1bb895d85f04ab804157238fa57109ad313fd79faed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 eb51be8460c9461b196ef337bb437ff4
SHA1 fd4b123dc00f9fed2a05bc09150625b2420a8811
SHA256 65654462ddb736ef920bed2a5a1f5a01b6f89ae117d5b90296a92c83a28f23b6
SHA512 90fa52320528740d955fed2a451f906279ffce7ec4394d7354e26fb0253177d2059a37e6a67147b4ee5b0a2d2899ad3ca328c84eb1ab8a29d4159f633538f336

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

MD5 b2f17a5053235d0d9eae8a0862252f90
SHA1 ea53ab3268272fbb12a07c30d732540ad272424f
SHA256 a42249bb79ced9f07ed981f9b542ac9e51babaf72b65ed6dcce650d867fdd66c
SHA512 338425313fec37789d279c7f526a685175c756675a0d9e648d9884c407ebb33dd449410cbe1a4d16c0b3f550265d5bca49b6ca351d2e82bb4797c9cd81056d9d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

MD5 e0da9be8ca13605643b348b56fc01945
SHA1 0c042609282c6b49d93617f3ce5ea80f699aaa88
SHA256 915a9da638c762a787e8b206dc362f38d694a2fc22587831f0e5a7a580135b00
SHA512 8b7be6d3cd3fb169c96a44e868e3b181aa3cf45cdc9c1377568fd2f3ff890501ccab38010ffe48db71f7bd5ca7bcd808727e595d0501b94b55c3f555e1b24eb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f63701de74fa5398b8df4c6d99301e27
SHA1 5b6fd133cb3e8f4b03a801bf8cd9e1105dacaff9
SHA256 4158c1078cbb28069cd79b61b9f959632ac3b6459fef9edb435c9ef297728b49
SHA512 6c3ff6a14a947e4c9dd15b5a83b285ea10f0db811b1cfeddd50e4636f0e9a58ecaa559fac4f0309dd0a3a43785556d958d95dbb74c3488eabd17a071f18eeb4e

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

MD5 2140729f13b0e272ae5736e75f10dcbe
SHA1 ee8d4b0bff3994bb34b01f2a7b8f9120e7fcf78c
SHA256 a1173c0cb799d31e8a6f7672b40db933b09c18cf06765ea31bda79fa49cfb99d
SHA512 c89ebcd38ee5b6b798d6ffbdf7adbdd9630a7f9d67d38f5230b45b97d6bbdef99e9600d9f8e45a854e87fd3c37ea51079325d984a354c827f916eba0343c321d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 7422501566202b565ba20e249c5b943b
SHA1 0bb812aae898ba4b6abf6f86bb451f1cd30a13b1
SHA256 efba7d0e0bf960218a97d18145afa5788962d954c08ea629bcc73ce36a4b338e
SHA512 641e27c1875163725d6c3be048ad058a9b08f98c2dc2d309981d26138a931f212e1741cadc569b1083389c95733d135ececf5cfce37191ff584e2fdc11f41d1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1ca2804021b2d3abed5a8581d7f26c9
SHA1 9af82f4661253421edcb4bb447d48ccf98f9a625
SHA256 639b3f812bec5404f9f2a7241d2294ca42a3270a0bacad5d27618b969740f6f9
SHA512 5be17805f02dd77d3df526ec4dca82005fc1ba0fe245581cb554baa72feaa4990dacc8e6c7e5525b4d94f8361a56a1a4e7d34ed512eca705855fa35913fcfad4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 70be824b085a35e508331ba8c0783fb9
SHA1 fa4bb5748987f3a1912a62d6354ae7d089901f13
SHA256 7a7583392db1228cd4ac635a7df9298d5a778152d377d909e62516f091e91a7d
SHA512 f5488fee2be38b70cd09fbc69b8bef6e2c0cb12f625b3325bc6393383d2c809ccd91023f74301ae442d7876fa64774fd95c89d2b63d35e52260a620a76f4e4fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6de3c6eea828b419e2a1e0211fc59a2
SHA1 5999b4d3911c6ecb4ff90e34fcd543f738a472dc
SHA256 2af52fafda184e9903e83287488d16d8a1b454490fcd87eda97c75f841941323
SHA512 28b6652b8d82fa71a038da6a089c67f48ad535402f41ab9fa75945ca712483d6459f32166c38bf63d302edc36366b8655e737b9feab2a956608870b2e2b8e3c2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 768aa6c3e6578a9a4fd6943e46aafc28
SHA1 a704dcd89b6a11b200f03d6ba5e9e815cdca4a68
SHA256 91ac35654bb1deb3897e86e5d21d8174227b594bf7602248ef7bb0358b4b3de0
SHA512 9a6f39daacd9a833d7833edaa7f8646d76bd0cd31eba1e35a20df9763fd83ab70eb4318c3886276185416d42cf0aef65f69509a78c02b442eb935700abc67e60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9baf9621cde4a8f2a3b06e7722a1141
SHA1 e21376176d7435e6ff02190ad8c8bc80d6f16f75
SHA256 d8ee025f9f913dda41dc7c6b3a23a94d662ed3126464274d9bec3f91e480f49d
SHA512 88b9fc4fdf20110b5513c8ecbddabb6306fcb1be0e2e3b1f29b9dd30e8ea2113771ec92332d8e923455cf4b4e4e7bcab274263bc37924ae84e1a9adb9a7a9ad9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\doomed\30401

MD5 4fca5ce8fb186e68eb54059f44b8927f
SHA1 281710f908ea95f9b26b75fcaa250967991d3682
SHA256 e513a210fea797ccecf00b9f75de53cfb1a4340e44a5f466fa808e23d80aaf9e
SHA512 fe93607d33f259a9a97d9843034dbad46f937a15b572545d535825105bab4888a47a9572e3d74497271685a063c360d3b242efdda993210731605fe6540a48ed

C:\Users\Admin\Downloads\CHN1pHSO.zip.part

MD5 a7a51358ab9cdf1773b76bc2e25812d9
SHA1 9f3befe37f5fbe58bbb9476a811869c5410ee919
SHA256 817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
SHA512 3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c641c82b1930122aeb02e6920bbe381
SHA1 48d7e89fe18e4a51224159799d64647edf230ba0
SHA256 db5187d388984477f4e2aa715ff624ae67456c90b59b07d1d9ec747d3a513336
SHA512 a224426e9e189ba98a117bc116a651305702a796caa3f4c42c419472d7e7d1d0266cf1673dae9e9356d33160b92a8b82f21bfc8b88e15ef21d08f7bd001d0801

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 e2a1b9d26824df965113f8d9bc9f7175
SHA1 a7486a0498b8e5e4f3ab30b16885ac7fccff300a
SHA256 c3954da915864004b383548682282e47009819d5e4dfbdf15a500b3a2aeb1386
SHA512 6b9f771fd2b9933ab69e2badb8e32c96a717bdb7fde53d154ed77916719b38366bc3a4513687ed2bcd93910830829dd98b30500e38229e4871b3e8bcdc381f56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2e1606c2104520db8405407e60830dc2
SHA1 d5ffdc193e9598194142d904cf6cf7bab1123da2
SHA256 27c3065c872a8de71026bc588e807f33140f31ace24c22114a962dda36f90a03
SHA512 e554bbaedee2751d50b0da974b23f84c347d3328e0bb39d2e1656072591c0a9bccb8bc42b47cedbf870364df1180bd91fe124758e930e08a64411bc1c7a6c3af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d7dfd2f3267936b04d450a7b153651eb
SHA1 baff0544139718fe928143e89ad8aa0397908807
SHA256 9e0ba7652a1493116ba39d9278dbe498f6cad1a4fc69d0a7376c7a103ad32d26
SHA512 ddcecc855bfb23dc37eb3dce89469639c326abb096c10e169dce3d64f63a06433c14fcaf55274c99081013d52fd3e386a9d9065ff90187d32fe4cdc8c21661be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 8ad508aa5b95831643055cb66b6b164f
SHA1 f58971513378ceea65b80bf1e7dbd4d5cf0dab0c
SHA256 eda5edc4ac741891c4d86cb7ed7ccc63440a60935ce9df93b81ed097f20dd474
SHA512 d5dca210ca0c0882cb2ef3e895fd6fec32247931925e9b17546637b344244ddaa683483488e7e2f67924ca933666b0519ef51beb8504ff85e592039f5468afc6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed5fd8885629640e1b4c5fd6ccefe12f
SHA1 c6e1f214ab2aea43d2c0fc62004629ffae567d2f
SHA256 4264ade51c185707680a6a9ed4a178d0a7a5538c2c89bfa35aa7a3553fd98566
SHA512 3a17d895740e538589cff612f86a2fc520db39d83c7c7a65a5cfad38c758737850ec12f94ac4980bf7efbb7580cbd062692b47ee8eab147c77a0fa48d470f1b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 71e7a0b312c5d87c95602e1961cfab2f
SHA1 6e81b0237b95d39fba943c276f1859a8b22d5dad
SHA256 7ecde64053e535b16f82818297aad4e4089e1a359de76a625389a0967da316ec
SHA512 6d4026dba6facbe074720fb0a24bc8587dc171769ff2fea7173554d1709a4f9c98caabf3ad8b7a1109286457b7ba86ebacd7882842d1b65b4e6ec6f839b25e43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 918bfa6b0af6381ebe636c55f7395d3a
SHA1 c2175f151fa6c86528de62a631f89e883011c729
SHA256 66a5ad2f726129167796d6b144ae4c72040b12513840dfc8b06ce184f6b50b47
SHA512 0a118c869be5245c681a45163a894e730c5aa75262c1cc21db0436d9cc28ad1ec651f1f90175bb52907c15192e1ca991494f6d948f324ef01374903fdff44e0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 193056571978822bc07b0869f563d6d0
SHA1 30cb8205f91448e91ea545e4f18f63c8d9c60bae
SHA256 83fe76a2f032aaea78c9578f620d5eb005cf134b90b634f54fffdd5f3b708298
SHA512 b3fbd11945793fa6201fc64ed8c537206ee199a7297251effc87c7089a662d0f8262ce6a09b78746c9fe6eeeef487e61ba24918ec3a5df55b32003c761c06b31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69c6e6ea95af04bfe0ad4bd9f6bdf32e
SHA1 40466516a1f3f472503409797c9ad2e5163f2805
SHA256 37558d25cbda9706d0371579ca4935ebf5777c4bbc89aaefe6c48a1ec084ea12
SHA512 0f3a768fe9e3d99893eb8b65032e81b262dcd2347b54876a9e7fc2897de0c2974f976ff235dc16cfc8ebef29f531370d4795e3c1e5352c90b92e07426f5b5710

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 860168a14356be3e65650b8a3cf6c3a0
SHA1 ea99e29e119d88caf9d38fb6aac04a97e9c5ac63
SHA256 1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9
SHA512 0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc35a8d835fdcb9fa81503f2a2bad600
SHA1 ae6a2999adb1426197d35bafbaf2fa5fdb54e154
SHA256 b7901fd7f491e8c4771e7f1e505cb6cbbbcc30cec29a60b6bd923702c86c23a7
SHA512 f6577418cc172fda202456c6b7baac124be527e63e2a51702907cc1813ff5bedfaca28452b8c6ee618a2a53eaaf03f34fe806903a0cfae85c0b4abd5b39c8eea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 6af2ab7e6ab7418b947aafb0b46a714b
SHA1 1740732191fa74f1c83d74bab05675ea2b8188a1
SHA256 0c5dbc7d0a551648c98f126c565c24509810788ff96699e8c48aa0cf9849a995
SHA512 97ef06bcc57b1b2640a930de048138358d62b3b7e559da82259dd7d76fa21e796162705465df611d9fa552c7773f9d8e98aaf63a7d8f57c8409193870c99f31c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6283120077b54ac950304fbaf993613
SHA1 e1acd929cfb69b3196a6303f4843aa92ad7ec599
SHA256 20c72708c2bf8a686cb9f480a623b9b3001e7fda755dddfc739d05a1ccf27eb6
SHA512 e9a18c5da9ba3c4c5199cbf058ee554f8bb318966b82fde9b073ff2e0aa7477a000574a6ce38438f4d7a2ebf75c09a97d6ded6817477058e9f8c12457116cc4a

C:\Users\Admin\Downloads\gPPPelVT.zip.part

MD5 ef4fdf65fc90bfda8d1d2ae6d20aff60
SHA1 9431227836440c78f12bfb2cb3247d59f4d4640b
SHA256 47f6d3a11ffd015413ffb96432ec1f980fba5dd084990dd61a00342c5f6da7f8
SHA512 6f560fa6dc34bfe508f03dabbc395d46a7b5ba9d398e03d27dbacce7451a3494fbf48ccb1234d40746ac7fe960a265776cb6474cf513adb8ccef36206a20cbe9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d90edcd80c9abdb9b75479cd21df967c
SHA1 9f82d85f3533b8348ebb4720062486809c502d9e
SHA256 5e3472b498b7c222d1323587a0490bc5750b14eb345e21ce855316f6d6a44353
SHA512 8c4cfcd9bdb7088d202c42b01cf97029f7f2cce84d84e3870b1eb560348a51412771ad4d831334978e5e3a05e81acdf907ae518b5374d8f4cc7fdde099b4ae93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 8c128b76becf49b811d49611589040b6
SHA1 2a54ece048ccdfb0ce68c17c98b11a6e7910957f
SHA256 11aaee8aa24d8c4b832b098298601fdb4c4d21596843e6bf75c22c664894758d
SHA512 b6005e9c14f2da0e1aa6083a68abdc2b939bbbe0068127341dae83625e297b7ce6d199e21ddc913f472a7ee1c2d6f27487fb6ca8e26438a2c56bb96b689a9acf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 924a5de43e9212ae552d3df83ffa951f
SHA1 bdc086bac30f7927489233533a51b801d66b170f
SHA256 4e178cbf66aa0b21d05e54d0c8f006130a75638210d7acca81659034d7cbf689
SHA512 f378ebd2c95be4e87c3236bd420c554df6b985495d4afb287bc71b808d1d68b833dd38ed278ade477fc1371fb5242d5bb5580051e50dc7e51931f64ca9d7e776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 a73ea7882d08830533e9d36dffbea0db
SHA1 4503f42b20f62a4a700c8c161a5515a78116f1d2
SHA256 93cdc43b74c11175c9a833a45b789794716a8fa9b2533bc0fb9b324253df76c5
SHA512 c329a321d3cec6d1fa6ee139793dd2acf845393da48eda204f29b46e3e80b66863135fa8b319eab7c00063ac774fa7ec60626775e0591ef16eacebf73ff1a9c4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 0a2b68842e1dfd6e36357776faaa916d
SHA1 cd1dba08830bb7208cb18a72b61477c2c669f7fa
SHA256 6f39959580c1e3ee6f27d7d147da4b92817a4a8ff74bc2fdc38ff96dd9cb04f8
SHA512 a14e52a56e37bd5a911eab780d081f5cac4b3b554213b52b4d96199f9cdef954fad63f3a531548a59347e762b1e9c6554b09afb5ea4e55314fce4b6314d93899

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 064cb97eedaf034e6543d7961af071bf
SHA1 fa2acb47efb917ab8fa62180280cdcfe033abcae
SHA256 9afd8ed4c48928b93de559f5c963911701cc00f253eb1ac3fa7af9776b8aec44
SHA512 4c76671d86273c65ba5abe2c83a9fa3c279910b243f593d81e610c878f60287dcda3a6c77ee95b10319598e7e7ecd01a1b681c59e764f1c97eb5c343e100efbb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\jumpListCache\quraQ_bNVtspgydp5NAwkGHx8rzUQzErZ24WafaY1pc=.ico

MD5 c9da4495de6ef7289e392f902404b4c8
SHA1 aa002e5d746c3ba0366cd90337a038fc01c987c9
SHA256 13ec8c9e113de6737a59d45ea5a99f345d6cba07f9a820bb2297121b8094790f
SHA512 bb72f0cc815e7b4c44959808b153aad28dbced8d97e50f83ef90229d19ea1c4b3fffff650bf49efe562451fcae0325cdbdffc1a5c4ec5d2c7c70ae9d1a0d8a16

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\jumpListCache\Bt78zPhskxJ1nhEfPeVPK+X3abkQQreJVQWGyi7mADk=.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1d569180866573a63a25e3e763df067a
SHA1 57e7087ffb9b6700331d6eada4b62df64124b9ae
SHA256 9451dac7b53f5457933d3be42404d7a453b143c4f673ef668326b73b9dd6d61e
SHA512 85439dd6ca1c987405b640c2062e2c73b8ebe8aff65757659953a1c802167240e932597b73690cae47cc254a21fe0ca4610909993b1c9e2d32e15973122e9cb4

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

MD5 dc09aa1f3e57234c06f64bb7af6be5c8
SHA1 7efb14b130a228341964ea4c7c3cc42b94ca92d1
SHA256 7cadfbec73af6066c6fe44ec039b70d7cfc63782c4d59c2a2326635dc29f71b6
SHA512 fe40e31213ee8571086e08f7e9c4c420915e55cc3bf56c3cb1ce2e25730d6e7ba93df005ece27999fb75e746ad03c34b10c9b85b36597ad7af7add9e4c1e2128

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe

MD5 989ae3d195203b323aa2b3adf04e9833
SHA1 31a45521bc672abcf64e50284ca5d4e6b3687dc8
SHA256 d30d7676a3b4c91b77d403f81748ebf6b8824749db5f860e114a8a204bca5b8f
SHA512 e9d4e6295869f3a456c7ea2850c246d0c22afa65c2dd5161744ee5b3e29e44d9a2d758335f98001cdb348eaa51a71cd441b4ddc12c8d72509388657126e69305

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 81bd282f207ada36914a6b5dd0f808b0
SHA1 6559570583accac61ec105cb58814a3b73335d15
SHA256 2d624254c2f22e64d5b3d401102dfbd26e8db8bd9ede5ad6388632e3d93e8de1
SHA512 15c5676256223a174374cf272c67004510f61c24030f1e9583a2416928963fe380021c0a496c70d00f6b6a5055bc46c6786e7f139127cfb89c410619e3edea30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f0ada10e674bd7368ff34b7367ca221
SHA1 bc5a2b785095dbba339521e1bf7307093787e1fe
SHA256 9dd5dcbabe60447d94f10401dfee3c6d2f6b0521187c524e934128a879df2d57
SHA512 c0fb84bce775caabc66c914b5c4649e74ae1aaaf3213c8c11e71a7566516c50211da35342c4d5d778fa73c0aa858ae0aeec77114d21fb52cd40a0b387f34411c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 37d3d1dfcd5242ab879de152790ff348
SHA1 1cae4a5db7f6d1bb735c46cf1722b846c54a6312
SHA256 1533db0856db03b1f4d017280e7d10dffd5022868cf84f369442f23160ca3f4a
SHA512 43f07dd18b71036c9e663d789b8befe1ab681be7bcb29322cdbaee9dd31e052091cda1f442961d92760ee20428a4a60ca384c45ee77ec5f97820cd54d2a30606

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

MD5 eea9e9c8efaa4be85bd442b339096981
SHA1 7bb6402315c56d22e0252ccc98583d7d977d4c5d
SHA256 d707f5f92a7fcaf0ded8399f7f787e5ff992413d83b4cc2e4f482e86e2cefc47
SHA512 f4a2eca6db52605d7b9d0caa60a5d8df3205b60471c0518a6c24e61b834877948a2b43eacb0ab3ed66ea0e9c78ba3a5edd4ee4981e2809e2434e1de19155d3ab

C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe

MD5 e263c5b306480143855655233f76dc5a
SHA1 e7dcd6c23c72209ee5aa0890372de1ce52045815
SHA256 1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69
SHA512 e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

C:\Users\Admin\Downloads\NoEscape\NoEscape.exe:Zone.Identifier

MD5 855b405ed94a44bdf272baba04cb09c5
SHA1 ed0e892663d1ba262e10d5501ed606439cc8b3ea
SHA256 5a63f6e83a5c2166565eca5705bff7e18652e9586d5a23eac2edeffde9390587
SHA512 56ecdae0d517f92e16f2a331148ac1b56c4defabbf1bef7253f97e4dc7cb3a35fac82f76ff8cbff02d194a3b5c2fd160e09075fdfd1f097e35a460d0f9f29070

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7974cad4d1f3aa839f5771d23ae134f4
SHA1 4a44fc5ca402ad5573339d4d263d3377f987b120
SHA256 5431e519de6d0a5db82856fcc3cc7f69ed7ca4face66e1d7f911606c3e4f2d4f
SHA512 2e580eaa36a161c99804cef486ec1eb486d9808182d84c0c0f40f87b39e21f17bff478dbd568e3bb4e4577349a08c19052f3bed132e82e99235c5b2cd5dafdf3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

MD5 521472586ff80c43f2fd330cfaa6babc
SHA1 203b321886e5e31887083678d28774f2da9236bb
SHA256 fd1c39105a564599c0922ff9161782c8c7e2250edcb0bcc03c5c3e10a5be3263
SHA512 4202f21595bba8600aef716bc0f16584d754807eaf3e08a009705a4c16c4ac7dac487172e1af23b2737c772ea858db2bc68109cf1949ec031b520872d9ea185c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

MD5 532b91ae14c0e35077aa9e70f26c2671
SHA1 3635262698ca4c0a03ff8e7ca3f344ff3a26703b
SHA256 6a45b0c4ec243ffbf834731fd3cdedf05babf9c0d32ca0e197fdf34fb361a130
SHA512 33fcef054c8195a1e18f76cfd9727c322b7fe634c93b012bc638380e825fd170a2805831afd04e35ed96aff0b777268f58dc926cd6bc46780aa3310a25aa2b13

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

MD5 a3acfcf124735c234ab76b16d6daee26
SHA1 68bf54de0c2ca5676155bb6cd67ecf616ab323d5
SHA256 e741eca87ae00744d31fe37b809ec950901f603ad94f47d560d733b4da5025d6
SHA512 6fc64e4b59758bb4794bf51cfcf0c96b362e41774db45af7c78f73f6a2299382106662fa527144562bf6e558b5ef74429d3938969e79b4a0e954bbaeb50e82b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 08d3dcee265b119ff895f8b12886e32c
SHA1 2a9476faa187ea47151299f57da5abe82af7c8a7
SHA256 2553ce1e8c40cc6a04e5874bc75ef911f9effe9c8e204aa92395f970f9f664ee
SHA512 a3bc4842b411f1db7e95b249f11f15334fccea73e4e75dc7c16beb8c678b96fb0377868f313e6f266c607e2384a5bc97eba81a99e446ecc8e985bf60191dde5e

C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe:Zone.Identifier

MD5 9f43a071ac6a18fd7beceb3a839e2971
SHA1 3e9b057dc1bf9e637d6c54f126ec1fe5d065fe7d
SHA256 781b04dd059e9b1f2a8c205e03cd9126c4fd226940d13418313bd75714c99938
SHA512 6abb380acde7088c0ff1f6d641cdc06698d89d6ac649ebcf2bdd7c46902f382999c2d7697c14a9f3a7aac97a2e71c30c8f010c5436feaddb78b8c1e2302035c9

memory/5164-3136-0x0000000000A60000-0x0000000000AD2000-memory.dmp

memory/5164-3137-0x0000000005520000-0x00000000055BC000-memory.dmp

memory/5164-3138-0x0000000005C20000-0x00000000061C6000-memory.dmp

memory/5164-3139-0x0000000005670000-0x0000000005702000-memory.dmp

memory/5164-3140-0x0000000005620000-0x000000000562A000-memory.dmp

memory/5164-3141-0x00000000058D0000-0x0000000005926000-memory.dmp

memory/5164-3142-0x0000000005650000-0x000000000565A000-memory.dmp

memory/4748-3144-0x0000000002F00000-0x0000000002F01000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a086e4c85bf90ac4cebccbc351b34e14
SHA1 7bc29e2e70c8a277b271d907285b091718769908
SHA256 9eb6d45d9614b6bc0305f6243d6f3c2325003509f6d9e3d9dfddfd42efe72f27
SHA512 1f96a6d635d9b20041f3d3f7029494650ecb977e784981e9311d80049db72fb36c5bd6953baec063e59650445099d290d8a6617a9b536bd935f12efc82060021

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ea60695b3bc419497d717d435bb1ee86
SHA1 3036c0ae5c91794e1f0bd77d52b516a4f95f410e
SHA256 d6162387a700b37a800c12462f65599c8940f75f7f892ef05c724f396827933c
SHA512 f53abb5ec657f0150c0cd796ebd98651fb6d847a2bcd6101906739b3ab276db7ad75b9ecb6b04a439659b93ace42daf8eb0c03974c95bde86a02ccfb40e914f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c244c9d9c248896bd3286f153e4ff8e9
SHA1 0f2e59721bff0c462250bcefab5af38173fc786d
SHA256 a35006e04a4ed14aff8780cb02f106efdcfe5598b16101bbd3deae647319875b
SHA512 cbd4089376cf97984f433edd135cf9f38ccf1a6522e2e783ecba233131e10908119740930fae60b0902c521087030fded66788ffc36c0b8722cf446b839e82d7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 9694519579b6330b8c4ce314c1fda05f
SHA1 0a690fe8ea66e4e79416b4c25ad4c929c15ec8ac
SHA256 38adacbcf76c0025373028d1488e06cbba091aab8f69c65bef04215c6286f0c5
SHA512 7ebc670cfa56d40b1474f5448ce178f1c7bcb9f7fe2428353908045036c7730c4e583f8ec0d509eb7abfeb03f49a956a487e96cc76ba17c9acf1086924cf0c30

C:\Users\Admin\Downloads\aDx8y8zr.zip.part

MD5 a7bcca47b5413eb92250a45f86d1ab75
SHA1 915ad4c18ae188da9ab338ced6862c4efb670091
SHA256 b7f82523253c3a1f18de5c649a96132820d89274cdf7a8c5cd3f47a79e76ed39
SHA512 4a666fe25bbaf41ff217a07bdd19fd9e2f57dba228511d9ae92d3ee75adaeb952fd91d4d4472e0c73babfb86806d54ddbe3d603ae124545b89ebdf570db19d87

C:\Users\Admin\Downloads\CookieClickerHack(1).zip:Zone.Identifier

MD5 dce5191790621b5e424478ca69c47f55
SHA1 ae356a67d337afa5933e3e679e84854deeace048
SHA256 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8
SHA512 a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

C:\Users\Admin\Downloads\CookieClickerHack(2)\[email protected]:Zone.Identifier

MD5 1de81045d6158df78af1b974a7c745a9
SHA1 72cbf6e8e67518b92e0aaa3520a42e45f4eaf2b7
SHA256 b0f2db6d44c531cf747d4d8c7f2c5f0c9bac2eed6bf55f9ef4c6df7b9656196e
SHA512 66658f7a19cabe82a080eaba2e969009317059452363ddb4e521fb346626420248c9efbc9761292bcf1130a1c30933f50e47d20929aa8cb3ef1126a73ea497e3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

MD5 24113810d971e1d21b24fcd9e8e3fd95
SHA1 7826f1b38e9100ecd941ff1a057df4620de594f9
SHA256 9b9835b9194298501309ec635734812cde77109265f5a8b80e83fc3d1b4530c5
SHA512 9b765a911777f60d19609a9b0462340895d2c1c9d83f2c3476953d52ae7c16847e209b2a5935abb845cc8fe70b69a3079eae3909d3a92870e4b11b0a92d029c7

C:\Users\Admin\Downloads\CookieClickerHack(2)\[email protected]

MD5 bc1e7d033a999c4fd006109c24599f4d
SHA1 b927f0fc4a4232a023312198b33272e1a6d79cec
SHA256 13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401
SHA512 f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 bd938f5e48fd9dc79d77c31a50a8dec1
SHA1 c730061741910e6cce45ed115cf9e1804ec5af6d
SHA256 afc8a7d64fde52210b1db7706afb3544ae31aac9f2239ce3720291db7b6805ad
SHA512 49369d48cdeb4c2c020ae7887dc08cbb095a3732941f999ed156fff5cc495a7e7551efa1fea9a312036a86b22ec62fb1a653f065523c9a08a0a9c39e13c5ad37

memory/5728-3413-0x000000001B2D0000-0x000000001B376000-memory.dmp

memory/5728-3414-0x000000001B850000-0x000000001BD1E000-memory.dmp

memory/5728-3415-0x000000001BDD0000-0x000000001BE6C000-memory.dmp

memory/5728-3416-0x0000000000D90000-0x0000000000D98000-memory.dmp

memory/5728-3417-0x000000001C030000-0x000000001C07C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

MD5 dbc3a8c12231f8af9a6ecdc744fec314
SHA1 e4a8d2020d5d01f6b0c5869a749ba6796a3764c8
SHA256 931fdd2097f6ae302b0b3a54fe8a619bf52791ba5a563bb61a57ba21f1d8e018
SHA512 474903fb82995debb5da079b628c0c9361aac16d96a6cd3e7ad28553461c205f3183d6d3a5f5d15fa7eb9a6a918cbc3887fa685878734686fad9b0e47326e0b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json.tmp

MD5 e6c20f53d6714067f2b49d0e9ba8030e
SHA1 f516dc1084cdd8302b3e7f7167b905e603b6f04f
SHA256 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092
SHA512 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

MD5 d86b4a3401ea9d4130e1e20dee6ceb47
SHA1 c3963b06f2d4a1e3671870047ded60e45590a480
SHA256 fcd181a37106ffeeec466f23fcf7d48475986edb506bd91daee01c849a6bbc6e
SHA512 2b89e315cb3bb3d536628108e206038e79e326d6ab1350ae79458fb1af00d93287ce178eea6d814a46e67f84fe22dbeca8d2463ed366521f92723e14c7349920

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionCheckpoints.json

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json

MD5 977172ce8fd01d91919698ef056816de
SHA1 c46bda306e13f8dc3fd83554ded41767178b8b4f
SHA256 398cd2f6c65a77772b6df0ec3a14d7fe9cab6eff371237af79563de7a086339a
SHA512 939e09ed80f0e87136d01120a8c0f802eab4449192a03cdd31041902f3d53b9949f92ba1518ac14fd19c99f3cb7255d2e297f21f44879163190374c2909d12c5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c717e5d7-568c-4662-bbae-adbeeb691994

MD5 1e5257a09fc610828a0c45ec5bac9f2d
SHA1 2ebd6cac153b9f4f52b1f6fd4efb15cebb55c917
SHA256 93a43c68ef7f81391daf9c6482b203ac05480c4e86dec59b5cf83059fe48d982
SHA512 35e91a708039cfc7e7c98f1d8fa0e27e377327ccf4e2b9b303ab1d575b851e0cf207cdce3f8c0860e6b87a457c6efcff3bc6c6e41067006855b7469a71d74f7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c413113b-97b9-4d7b-b56d-978d8ecc18b5

MD5 c1233ce80cf4c3141e8555b4c511da9c
SHA1 b536edeaee917e622e91d0741f0b72b5200c0ef2
SHA256 e017bf3791759231821c9d88e39e19adcc9c4f405280fbe41b4078cf58271984
SHA512 d9ef3362dd65b2c7fa92aa82ed7dcf7dda54a88777ebf109b1e8ffa437fadf4213d68f62074333a424b7b4336b10be4e10fc538232760b4e3e4fa5b174b08bf1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\b93c7e4d-2c76-429a-a55b-7926035689be

MD5 b67bc453ad323d2b90979704cd7b4157
SHA1 b257f0e82915e6da04ba31cb6de138017b5fc376
SHA256 ae8e8550f6e4400daa64d8866ee76717ddd32bd6ebea3219ca21c176737e73b6
SHA512 0882925f0b1bba026c662a2cc45db0b416e80b97fd8a8050a721ac92bf5fda466ba63e6c1313c4bee168288b36c1c58497c80f86333c6eecc2b05cb4b2836d7b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

MD5 73bcc8d7f3567693ebeeb22075d27d47
SHA1 39d827fa4d02f093e1e6e32cc3d5fffaa78d7385
SHA256 4dbc7aab984a3f3b652ea45f4ec6ea354cc402dabf1c0849717f70c58a847537
SHA512 884ae2a4b5a733272afb5ecfbeb8804b793e587dbd68221bdda369063918d98f51a2b785d4e2afd5faf5778f324a1d00baa855ba771572f7a52e4f7aca34e787

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\startupCache\webext.sc.lz4

MD5 5a76bb7ca33ab8ee1ef9582ec06cf748
SHA1 f8f15975cbae2212aa6e60f6ca0996ce081a6ac4
SHA256 1d0db5fa30ccf7a702269c47a2ae808df845d1dadfa1603dca19a18749583229
SHA512 95f7e58293eac42b3364bc475967ad66af7d84465249b9dc4b8e5fffdf2fb311998685534eaf794364f2890814e9791ba74f49f3a48fe7c3394c24a9673ca7d6

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

MD5 4d9d0b8e52b6f98abbd725a2df06ba43
SHA1 2b6389d72a41c868ed5a98455c7d10dc8c7ce698
SHA256 d278e1b4ca4384af0179893906352d28b21b8fbfa405b4f9ae6bb96e6a1a0286
SHA512 28bc77fa864c27baca7a76beba1c28da0e89c321bd5a9a6a8035820aa1b8a29e0e1a833ece15b979bd94ec3dde4b78e62017721555f9338ee9c233d510626dfc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\44A812B5BECDA170D79381AA91D0961F29436101

MD5 a6d5ebdfed2a95dca877e442db8932da
SHA1 7f3eeb00cb33db6785880e3edcd75ec8ca834963
SHA256 f802f1adc6cf9cb56a01119874a763e7f976f9e1e7786db935c725c349ad8d35
SHA512 3611b303c0cff2a59e9d0250b91168376dda55707d1a620b6c57a65da608ef0533afd78089217695616455b5cae8ef45b2b90f22ced9fcc83dad9b96c8b6f352

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3

MD5 0f0fb7cb3683f1b978f348d9050d6c3d
SHA1 9d2dfa365abd27b7a2ffc32c4af28220962a41d8
SHA256 2126c433a8a3c51b6adfb5d215c7045c946241fe070ded55beff263c356c3a74
SHA512 a7091f5263f30e355dcb49d56f558549e459ae852eabc3493cde722554e78cf6419739cbd3a0ed252abd76f4c6845b5cf6869f1b6388dfdebd5f6e053c0502c9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\79679B23E6BBEB689E1C79E27C32C20C5EC9DF47

MD5 d009011e604172655456d6745da3b51a
SHA1 e7075fc8b4451ea754ae15866f424636ec999298
SHA256 7c81b4ce10d74b2b153fceacf3f08ead3cd1c801ecd76e86ed1de96104b508a2
SHA512 75aff4cf3ec6539fa42b13910bcad3728630189caf00ab677609c9e0108c3e56d81d9b6d6790fd071b0b9842006a44a3ef42f0681c9e6614a2d6fdd429a08984

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

MD5 e067fcbdf513deb838ccfa318e5621e1
SHA1 d2e9e4efd97b682aa8bf360a4fc43334a6c7e8d7
SHA256 84cbfbcc923e8ac696e0f03f302335567b3fa0d0ac42ea7044455a83b1111aa4
SHA512 ba1c93328ef08566f852974dc48c6071021c490c76ec1bfdcd843341de1af9a7975e68a42f8ed169af9d6639f0e48e8639bdb9949d75afdc4e8d2cdbd355fffb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\73A861CDE699EE431D74FE52208FA22781309C1D

MD5 a370c170869628073c6851e9c0d51d37
SHA1 e0efd37ecde2a47b03de392bce5e9c790db6d31d
SHA256 133980be2af0aa4b1f9205e4f53a69c0c5da5950e0e5b2d0fe6c92f310224d0b
SHA512 eda71bb73e27127ec4514b3e094e1ac1e7a11498fbfa685ffd3817122817f3c04db4a4ce9d4c291fdb673d14dcd240466075ee0f23bcd2296b78eef3ab02b560

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\AFA9B8322A34ADB148B30328FCEFDA4E33EAFE00

MD5 4f1f9836288ec3f91877a0333709cbb4
SHA1 0bc972584a98f094e1b88d912d9fb19c45547123
SHA256 5968109dad94fb5b40c64aa1c758766ce6d889ccad9438acb42db4aefa08a478
SHA512 c2b467baea37adcb5534d72c883def7f8709ba82537c03bf354e131cf8c5a18fefce48d76a0d195839012b5acd01deebc67f88b0419badec823d2cf36512f99e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\75E10B6CA912F3DD72B094B84BA83E8A0158EE6A

MD5 253f05374fe4ff476369bde0622c341d
SHA1 9c3707d37af56f82e3f7a5d399397e33c3aed7ab
SHA256 d946c6c9353bb416856232b7fa2462cc374d1d2a13ec2f9937c0c0208cf8f02a
SHA512 7e35e48243fac8efc7f06ebfeaa26752086ba8d7072fe1dee9579a35d59b7323df517be92712181e029ae594c859fa7e62494c5b9df13bf4ad2bdc0f60658d41

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\4A472A1677BC1843EF62A5E99F0318F11EF48A12

MD5 7f535df7ca7c60740f0b367e9217657e
SHA1 9926c704fb564e102212b995d545ffcd12851073
SHA256 7e67f68f52b858dfd73790985a5cef942255590dc5807aac22cb018bd04623d7
SHA512 c739aa5bbf73a650508a4884480cf1ab2a82417281a6f9b00e97d7aee1e8423be10748122275b631ef23b9722b83e12493dcf91607b89426e34dabb31f47392c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\5F0EEB28AD7C5A74D9BC991713992FA5BF2B8FCC

MD5 438bd434c832a1b76ba9a2ff44af0279
SHA1 49f826cf1d3edeceb644e78d9a45fa25b5649337
SHA256 59b4f4371c6cb28611d126d0b2f87a0b3d4a6a301dfce160d95ecbc99ee909b8
SHA512 f630b46416263928b055e5465906dde1a14f65cf56fa9adb6d5fc3204c59398b00809284d4e46239bd046a4d7d296b461c635aeb1738f1bc30141a702fa4931b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

MD5 c5a364ae1b033bc7170e0310a3ee4974
SHA1 b7945ef8ab21261c4960306e1747de1c62c22ba9
SHA256 b0f787eac1962e818a874bde0394d3a19119077be7bef131409f999f4e820b24
SHA512 2c89f9a6c607ed636ff0b65792d2bf01afecd6747bf2ba5327ba35f0a6ce2079b49d3873ad720de50baa3de0511d29805dcbfe10f85c027760fb0c9f8e4a818a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BEA4DD767DBD7BEF2D1146F1A7C7B6DBEC858F1D

MD5 f59a25d9bc5e90764c251ad0aa2f9e15
SHA1 dc895ea612bbacd49ca425304acb785dcb9f39c8
SHA256 1ced62b4198a17df426cb40e7ce3a0e6cd11d128578f40858b8000ee47b897c7
SHA512 06bc806cdd43cc0c97f4835f86d52a831cf5b6c48cb9aca3e05b110c7425a09b90a96ad4c2d14c01aea505f9b788eafa0510255ac1173268c0a038b49966db88

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\7FB78C9D4678D3E57F04D54F36A2847939730A90

MD5 14ad1380b26d2a99547bee91c78dbdfd
SHA1 e7cb0832f3516633dac758a59a75f6b049c44023
SHA256 4854f5cfd50c94072151cb7bb47455fdec1e24eb7f9602e79efce98c438b9748
SHA512 0185b2818d464a74dbe52dda1b339349cf13834e67586692e49aa0f9b02adaaa61e75d3bef882d167d42d6209e0a3bdb8480a45627e1423fa6961d9dfdce0f08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\4CB526E6AB19E3D362E9A8F54B3D7D7966D59641

MD5 b1164e9b6da03f0207a4436f738a070d
SHA1 08d8a16a0beaadd6cdd00a5747c0ecc79d85ed93
SHA256 53f1eba20fd60e7cdb0d2bd731aee413954e94d0cc1a9e8d3f762161f4ac577a
SHA512 c9f19035364eaa240c6527db8be9a6ca2f7bb3e2ecaf7e6d5016bdca246b01d3da77bbb6e5603225e472a741e633e65199213222a65f63f0253b769803b88609

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml

MD5 9428825fa70d7346f175bd1b2485c6b4
SHA1 afb31ea8a3e4d37b13d9fe2f56ef61e81033a015
SHA256 31b3761e452b7c586ec7a7c0dcb39da6467f3dfa280a0282e2eb0709c13f0fcc
SHA512 890e4670850c2fb8216eff85c91363cbf03f7c27ef76917066ece66bd956bb436c5aa42712bb13bb20ae8ea678d04766ebc58b18f2a39c53dee33056e001246d

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\57ed7f02-cd53-4ac5-b099-8fb1a2dc555a.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133731776319561878.txt

MD5 80e55d5643d4305dedcb2686764fd662
SHA1 d2e14e1ff9514d87eafd408f1b827ce04133b821
SHA256 a5e0e7f7ebe310c812ebc160364ea3f78a36d5363109ce8d4a88ea5c0b84bda2
SHA512 381ab3774c400d9370c3e993d799a48e9ea51d0503fdf2fdecb241afafc82b17dc1722d0b69f1d6f1bbb1ed79b2d9a1a038035689f20b50172abaa68aeeb5664

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml

MD5 53d5c4a14d9e04fc3d68839e8fd5f089
SHA1 5f4f061d8011ba30beda96beb32787524ae752e0
SHA256 f338c0f09a9add8f34e01dd56baa5249f7be5f602216621e571a4c62a742e674
SHA512 763a089115f51ec340d69cecec40c2fe03225c758ec739554c3eb8bfc383097f6a75e4b887178999865c81c489a1d9de91b678eff1784ce675d305d5bebff01d

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\MSL4LVZ8\www.bing[1].xml

MD5 de0552308868172a567d805a1101cd2b
SHA1 3d0be65c58eb84ce7c49ca7c2877f94611bc0e15
SHA256 5f4b0daa8f11699c7d4d081f806d7e022298f509fd103ce5f313303b935ae680
SHA512 3ba1c2aa69edb619c1610cf3ca04f774604d96bc07796b0a91a98a42be7a41597fdf4e4d436a9b190ec7566e2b5dc319755e648d93071a8f461793c5e43a0658

memory/1996-4746-0x0000020ECB710000-0x0000020ECB730000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

MD5 6c1db6f6723f2acde41182edbe4866c7
SHA1 92e1c2e0a12ca5d690e215e4bc4698f6fb4495d4
SHA256 5316efd4e0581044e0bd18bbdc517de9d6de4fb9f569397c625d7d5a16528c98
SHA512 0046270ccc5fe170770804a214834a2162936ae1b3edadd63ea826ee31ee62350712e31521123571da1a4ae7e0d76a1f17325ef0d4a5f97ce1fc75d70f08a520

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 32c0826428571b0a96169620b82f6672
SHA1 d4ac4210fc81950f7a386dcbefd5dba12a25d9f6
SHA256 5c58ab3c08fde5e3d0538b94a6a9c47b01e31612897b53ea65b1e7b2cf5e8939
SHA512 f56bb55716c70d230df53ddcc5077910afba966f1694c67e9a1c91798aa4b704a76dfce958691af5dc00a66fd8232d11dff6da901f08201b8bbb62f9be024ed9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\DE19FBBC0296AA5572AC5AA18B372DEEB6773A76

MD5 cf011edf7faf646df3c473e8917ce2d0
SHA1 cd6b261a93841a5864436c53d5bebb501d32e18f
SHA256 655357f36c090214c58801afa6880e2e640c67c22bfec5dcacbbe0aa8a6d37f4
SHA512 b437b95c06494c6480e6e6bf20745a0ec39786fd8bfd1f21c5c65bccf4d156e854115bfbe42b44887d266b768929fca656a62a1c307bfc64e9f1ef3cf35327a7

C:\Users\Admin\Downloads\3bNCf1RD.zip.part

MD5 69977a5d1c648976d47b69ea3aa8fcaa
SHA1 4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512 ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 f60597bc2f6a411cd67f5b3db3aa5e74
SHA1 ce915809fecbf6a2c898c0c9fd7e48906ac8119c
SHA256 c27bd3eaecda9140384a80aef389f7dd60bd2b545f2152c02a4ae9539da20751
SHA512 fd7015628f4048cf84f24d3ab81b671587bf96b47baf540f2ace0cdd2017de05e0dba733f6e580ac6b427fb8ea1cbbc5a288f7cf02d6bbe34542bcc05ceba620

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

MD5 7b8dbd408a9616d98ceb1174142d673a
SHA1 6b5c5a17a8902b8f6cc4c376deb39deae94945b6
SHA256 071256707133d428f02907a709856374b9ffab775166c644e65c4f6fee8f75f8
SHA512 9d5ef5108330f8b41f361190c71612bf5c1183a5fa52a27ad5f695d5f84ad93b8b6875ef18e10739965597992ab625b5777c2954dc88f0720f740413f12c97c1

C:\Users\Admin\Downloads\MEMZ\[email protected]

MD5 19dbec50735b5f2a72d4199c4e184960
SHA1 6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256 a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512 aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

C:\Users\Admin\Downloads\MEMZ\[email protected]:Zone.Identifier

MD5 8500b4e61469876221e37a4b7b9fabca
SHA1 6137fa6affb5c8daaea9c3d40994b00175ccbd11
SHA256 4302f0764aef9b19393988c51f218f5ab65a9582c5d848549cb3118165f3077b
SHA512 0787cb0b4316996522e75649d51c51a48770f27d832742e5efa3b7deae752e549475420b1e6e9bc6acadc74c64a9fb3bc8dbde3ae940a2db4d1152c0f7207915

memory/2648-4876-0x0000000076D90000-0x0000000076E0C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\crashes\store.json.mozlz4

MD5 a6338865eb252d0ef8fcf11fa9af3f0d
SHA1 cecdd4c4dcae10c2ffc8eb938121b6231de48cd3
SHA256 078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965
SHA512 d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

memory/5012-4939-0x0000000076D90000-0x0000000076E0C000-memory.dmp

memory/3820-4999-0x0000000076D90000-0x0000000076E0C000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

MD5 de8f4a44509764acf1ab9af0a243ad51
SHA1 10d2defc7f92be7a56d707f0a34e687d431fa09a
SHA256 d4ee6e0af648648ac7a174ee7c78d6846dda935521532ba28d4d1a3be6cf3972
SHA512 856a7a475a42ef2ed88c510327fdef508ec33ef6352e6d558858ef4bd1d4f3aee1aa15a45e8d5843f549377e569134d0c21c3fd9b65b6e25115b93c147aa9b02

memory/5848-5065-0x0000000076D90000-0x0000000076E0C000-memory.dmp

memory/4940-5125-0x0000000076D90000-0x0000000076E0C000-memory.dmp

memory/2648-5186-0x00000000035E0000-0x0000000003964000-memory.dmp

memory/2648-5187-0x00000000035E0000-0x0000000003964000-memory.dmp

memory/2648-5189-0x00000000035E0000-0x0000000003964000-memory.dmp

memory/2648-5190-0x0000000076E10000-0x0000000076F5D000-memory.dmp

memory/2648-5191-0x0000000076E10000-0x0000000076F5D000-memory.dmp