Analysis Overview
Threat Level: Likely malicious
The file https://github.com/TheDarkMythos/windows-malware was found to be: Likely malicious.
Malicious Activity Summary
Event Triggered Execution: AppInit DLLs
Possible privilege escalation attempt
Boot or Logon Autostart Execution: Active Setup
Downloads MZ/PE file
Modifies file permissions
Loads dropped DLL
Executes dropped EXE
Enumerates connected drives
Power Settings
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
System Location Discovery: System Language Discovery
Access Token Manipulation: Create Process with Token
Event Triggered Execution: Accessibility Features
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
NTFS ADS
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Kills process with taskkill
Uses Volume Shadow Copy service COM API
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-12 19:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-12 19:15
Reported
2024-10-12 19:45
Platform
win11-20241007-en
Max time kernel
1799s
Max time network
1685s
Command Line
Signatures
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\MACHINE\software\WOW6432Node\microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Active Setup\Installed Components | C:\Windows\explorer.exe | N/A |
Downloads MZ/PE file
Event Triggered Execution: AppInit DLLs
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify (1).exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | N/A | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\tv_enua = "RunDll32 advpack.dll,LaunchINFSection C:\\Windows\\INF\\tv_enua.inf, RemoveCabinet" | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Windows\explorer.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\explorer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\SET3161.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\SysWOW64\SET3161.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\msvcp50.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\SET2C91.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\Agt0409.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\Agt0409.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentCtl.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C6B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C90.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\help\SET2C93.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tv_enua.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C8F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C90.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\agtinst.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C8F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\tv_enua.hlp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\fonts\SET315F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\executables.bin | C:\Users\Admin\Downloads\Bonzify (1).exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C6E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\help\SET2C93.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C6E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET315D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C5A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C6D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\mslwvtts.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET315D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\chars\Bonzi.acs | C:\Users\Admin\Downloads\Bonzify (1).exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDp2.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET2C91.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C92.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\SET315C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\INF\SET3160.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C5A.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C8E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2CA5.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C6C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\andmoipa.ttf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentPsh.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\finalDestruction.bin | C:\Users\Admin\Downloads\Bonzify (1).exe | N/A |
| File created | C:\Windows\msagent\SET2C6B.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C6C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSR.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\fonts\SET315F.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\tv_enua.inf | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentAnm.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C92.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\tv\tvenuax.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentMPx.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\lhsp\help\SET315E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\help\SET315E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentSvr.exe | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\intl\SET2C94.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\lhsp\tv\SET315C.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\SET2C6D.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2CA5.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgtCtl15.tlb | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\INF\SET3160.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\AgentDPv.dll | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File created | C:\Windows\msagent\SET2C8E.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| File opened for modification | C:\Windows\msagent\intl\SET2C94.tmp | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Bonzify (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Install.exe:Zone.Identifier | N/A | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Browser Information Discovery
Event Triggered Execution: Accessibility Features
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\takeown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | N/A | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C | C:\Windows\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities | C:\Windows\explorer.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\explorer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\GPU | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31E-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ = "C:\\Windows\\msagent\\AgentMPx.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08C75162-3C9C-11D1-91FE-00C04FD701A5}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB23-9968-11D0-AC6E-00C04FD97575}\ = "IAgentCommandWindow" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent Control 2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE3-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtl" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C83-7B81-11D0-AC5F-00C04FD97575}\ = "IAgentCommand" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "7424" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8563FF20-8ECC-11D1-B9B4-00C04FD97575}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.lwv | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D7A6D440-8872-11D1-9EC6-00C04FD7081F}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib\ = "{A7B93C73-7B81-11D0-AC5F-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE8EF600-2F82-11D1-ACAC-00C04FD97575} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8F2846E-CE36-11D0-AC83-00C04FD97575}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Server.2 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0913412-3B44-11D1-ACBA-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93C8B-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98BBE491-2EED-11D1-ACAC-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00D18159-8466-11D0-AC63-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE8-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BE1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B77181C-D3EF-11D1-8500-00C04FA34A14}\ = "IAgentCtlAnimationNames" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlAudioObject" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A7B93CA0-7B81-11D0-AC5F-00C04FD97575}\ProxyStubClsid32 | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\ = "{D6589123-FC70-11D0-AC94-00C04FD97575}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32\ = "C:\\Windows\\msagent\\AgentCtl.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD9-7DE6-11D0-91FE-00C04FD701A5}\ = "IAgentCtlCharacter" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C80-7B81-11D0-AC5F-00C04FD97575} | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7B93C8F-7B81-11D0-AC5F-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13726" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDB-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BDF-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5BE8BF0-7DE6-11D0-91FE-00C04FD701A5}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FileType\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\1\ = "0,4,FFFFFFFF,C2ABCDAB" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "12675" | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{822DB1C0-8879-11D1-9EC6-00C04FD7081F}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD3-7DE6-11D0-91FE-00C04FD701A5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD300-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\ = "Microsoft Agent Character File" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7B93C92-7B81-11D0-AC5F-00C04FD97575}\TreatAs\ = "{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D6589123-FC70-11D0-AC94-00C04FD97575}\2.0\0\win32\ = "C:\\Windows\\msagent\\AgentSvr.exe\\2" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D6589121-FC70-11D0-AC94-00C04FD97575}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\msagent\AgentSvr.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4ABF875-8100-11D0-AC63-00C04FD97575}\TypeLib\ = "{F5BE8BC2-7DE6-11D0-91FE-00C04FD701A5}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Agent.Character2.2\shellex\PropertySheetHandlers\CharacterPage | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6D0ECB27-9968-11D0-AC6E-00C04FD97575}\TypeLib\Version = "2.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F5BE8BD1-7DE6-11D0-91FE-00C04FD701A5}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D45FD2FC-5C6E-11D1-9EC1-00C04FD7081F}\ = "Microsoft Agent Server 2.0" | C:\Windows\msagent\AgentSvr.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 920009.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Bonzify (1).exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 864896.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Install.exe:Zone.Identifier | N/A | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 304951.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: 33 | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Bonzify (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe | N/A |
| N/A | N/A | C:\Windows\msagent\AgentSvr.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe | N/A |
| N/A | N/A | C:\Windows\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/TheDarkMythos/windows-malware
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84baa3cb8,0x7ff84baa3cc8,0x7ff84baa3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
C:\Users\Admin\Downloads\Bonzify (1).exe
"C:\Users\Admin\Downloads\Bonzify (1).exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im AgentSvr.exe
C:\Windows\SysWOW64\takeown.exe
takeown /r /d y /f C:\Windows\MsAgent
C:\Windows\SysWOW64\icacls.exe
icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,2807315591889299941,15408863082686630561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDPv.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\mslwvtts.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentMPx.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentSR.dll"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Windows\msagent\AgentPsh.dll"
C:\Windows\msagent\AgentSvr.exe
"C:\Windows\msagent\AgentSvr.exe" /regserver
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
INSTALLER.exe /q
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll
C:\Windows\SysWOW64\grpconv.exe
grpconv.exe -o
C:\Windows\msagent\AgentSvr.exe
C:\Windows\msagent\AgentSvr.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.22000.1_none_f1c351dedf09f213\AddInProcess.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.22000.1_none_f1c351dedf09f213\AddInProcess.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_addinprocess_b77a5c561934e089_10.0.22000.1_none_f1c351dedf09f213\AddInProcess.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.22000.1_none_129f03fe4394fb1a\AddInUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.22000.1_none_129f03fe4394fb1a\AddInUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_addinutil_b77a5c561934e089_10.0.22000.1_none_129f03fe4394fb1a\AddInUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.22000.1_none_14b6e41f87bda897\c2wtshost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.22000.1_none_14b6e41f87bda897\c2wtshost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_c2wtshost_31bf3856ad364e35_10.0.22000.1_none_14b6e41f87bda897\c2wtshost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.22000.1_none_88524a4a93391e18\ComSvcConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.22000.1_none_88524a4a93391e18\ComSvcConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_comsvcconfig_b03f5f7f11d50a3a_10.0.22000.1_none_88524a4a93391e18\ComSvcConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.22000.1_none_c7f9dd62a8df7576\DataSvcUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.22000.1_none_c7f9dd62a8df7576\DataSvcUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_datasvcutil_b77a5c561934e089_10.0.22000.1_none_c7f9dd62a8df7576\DataSvcUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.22000.1_none_02971972479d3255\dfsvc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.22000.1_none_02971972479d3255\dfsvc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_dfsvc_b03f5f7f11d50a3a_10.0.22000.1_none_02971972479d3255\dfsvc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.22000.1_none_c5fd122e0036c04c\EdmGen.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.22000.1_none_c5fd122e0036c04c\EdmGen.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_edmgen_b77a5c561934e089_10.0.22000.1_none_c5fd122e0036c04c\EdmGen.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.22000.1_none_2d8b0e006fd7fa09\VMCreate.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.22000.1_none_2d8b0e006fd7fa09\VMCreate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmcreate_31bf3856ad364e35_10.0.22000.1_none_2d8b0e006fd7fa09\VMCreate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.22000.1_none_7b6044ae48f3e66a\VMImport.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.22000.1_none_7b6044ae48f3e66a\VMImport.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_hyperv-ux-ui-vmimport_31bf3856ad364e35_10.0.22000.1_none_7b6044ae48f3e66a\VMImport.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.22000.1_none_1baa132fc64be8aa\IEExec.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.22000.1_none_1baa132fc64be8aa\IEExec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_ieexec_b03f5f7f11d50a3a_10.0.22000.1_none_1baa132fc64be8aa\IEExec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.22000.1_none_1e1bb3d123f89974\InspectVhdDialog6.2.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.22000.1_none_1e1bb3d123f89974\InspectVhdDialog6.2.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_inspectvhddialog6.2_31bf3856ad364e35_10.0.22000.1_none_1e1bb3d123f89974\InspectVhdDialog6.2.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.22000.1_none_1e1cb41b23f7b2cb\InspectVhdDialog6.3.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.22000.1_none_1e1cb41b23f7b2cb\InspectVhdDialog6.3.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_inspectvhddialog6.3_31bf3856ad364e35_10.0.22000.1_none_1e1cb41b23f7b2cb\InspectVhdDialog6.3.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.22000.1_none_6c676f39acc16196\InspectVhdDialog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.22000.1_none_6c676f39acc16196\InspectVhdDialog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_inspectvhddialog_31bf3856ad364e35_10.0.22000.1_none_6c676f39acc16196\InspectVhdDialog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.22000.1_none_449dcae096165671\jsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.22000.1_none_449dcae096165671\jsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_jsc_b03f5f7f11d50a3a_10.0.22000.1_none_449dcae096165671\jsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.22000.1_none_a6701472f0a2fc75\WmsDashboard.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.22000.1_none_a6701472f0a2fc75\WmsDashboard.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004CC
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_multipoint-wmsdashboard_31bf3856ad364e35_10.0.22000.1_none_a6701472f0a2fc75\WmsDashboard.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.22000.1_none_07efd2effca007c3\PresentationFontCache.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.22000.1_none_07efd2effca007c3\PresentationFontCache.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_presentationfontcache_31bf3856ad364e35_10.0.22000.1_none_07efd2effca007c3\PresentationFontCache.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.22000.1_none_e7968f70baa52389\ServiceModelReg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.22000.1_none_e7968f70baa52389\ServiceModelReg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_servicemodelreg_b03f5f7f11d50a3a_10.0.22000.1_none_e7968f70baa52389\ServiceModelReg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.22000.1_none_af23998013107627\SMSvcHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.22000.1_none_af23998013107627\SMSvcHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_10.0.22000.1_none_af23998013107627\SMSvcHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.22000.1_none_a5a77d19762002a4\WsatConfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.22000.1_none_a5a77d19762002a4\WsatConfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\msil_wsatconfig_b03f5f7f11d50a3a_10.0.22000.1_none_a5a77d19762002a4\WsatConfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\Temp\PendingDeletes\4833c22ad03dd801643e0000585e205e.nfsclnt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\Temp\PendingDeletes\4833c22ad03dd801643e0000585e205e.nfsclnt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\Temp\PendingDeletes\4833c22ad03dd801643e0000585e205e.nfsclnt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15806.0_none_9d9bd2a20503beca\aspnet_compiler.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15806.0_none_9d9bd2a20503beca\aspnet_compiler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_aspnet_compiler_b03f5f7f11d50a3a_4.0.15806.0_none_9d9bd2a20503beca\aspnet_compiler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15806.0_none_8e3cbaaac5859590\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15806.0_none_8e3cbaaac5859590\aspnet_regbrowsers.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_aspnet_regbrowsers_b03f5f7f11d50a3a_4.0.15806.0_none_8e3cbaaac5859590\aspnet_regbrowsers.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15806.0_none_d4aecc3168a74ea1\aspnet_regsql.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15806.0_none_d4aecc3168a74ea1\aspnet_regsql.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_aspnet_regsql_b03f5f7f11d50a3a_4.0.15806.0_none_d4aecc3168a74ea1\aspnet_regsql.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.1_none_b6c65439a52aae5e\tar.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.1_none_b6c65439a52aae5e\tar.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.1_none_b6c65439a52aae5e\tar.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\f\tar.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\f\tar.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\f\tar.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\r\tar.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\r\tar.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\r\tar.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\tar.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\tar.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_bsdtar_31bf3856ad364e35_10.0.22000.434_none_5be11e6025939378\tar.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15806.0_none_f0ab60f89c5230a9\CasPol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15806.0_none_f0ab60f89c5230a9\CasPol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_caspol_b03f5f7f11d50a3a_4.0.15806.0_none_f0ab60f89c5230a9\CasPol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.1_none_df03f8075654adaa\curl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.1_none_df03f8075654adaa\curl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.1_none_df03f8075654adaa\curl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\curl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\curl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\curl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\f\curl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\f\curl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\f\curl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\r\curl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\r\curl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_curl_31bf3856ad364e35_10.0.22000.434_none_841ec22dd6bd92c4\r\curl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.22000.1_none_55901fff3cdcf96d\eventvwr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.22000.1_none_55901fff3cdcf96d\eventvwr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_eventviewersettings_31bf3856ad364e35_10.0.22000.1_none_55901fff3cdcf96d\eventvwr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15806.0_none_004c4e52cd93dc90\InstallUtil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15806.0_none_004c4e52cd93dc90\InstallUtil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_installutil_b03f5f7f11d50a3a_4.0.15806.0_none_004c4e52cd93dc90\InstallUtil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15806.0_none_2ca8c9f483ea58df\jsc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15806.0_none_2ca8c9f483ea58df\jsc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_jsc_b03f5f7f11d50a3a_4.0.15806.0_none_2ca8c9f483ea58df\jsc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.22000.1_none_62bf16472b013b3d\GameBarPresenceWriter.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.22000.1_none_62bf16472b013b3d\GameBarPresenceWriter.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-gaming-ga..rnal-presencewriter_31bf3856ad364e35_10.0.22000.1_none_62bf16472b013b3d\GameBarPresenceWriter.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\f\pcaui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\f\pcaui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\f\pcaui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\pcaui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\pcaui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\pcaui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\r\pcaui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\r\pcaui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_10.0.22000.65_none_6e6aca3ab1161ee5\r\pcaui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\f\sdbinst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\f\sdbinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\f\sdbinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\r\sdbinst.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\r\sdbinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\r\sdbinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\sdbinst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\sdbinst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.22000.282_none_da8c01e10676f001\sdbinst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.22000.1_none_65a3d9d5feeb86c2\SystemUWPLauncher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.22000.1_none_65a3d9d5feeb86c2\SystemUWPLauncher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..l-systemuwplauncher_31bf3856ad364e35_10.0.22000.1_none_65a3d9d5feeb86c2\SystemUWPLauncher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.22000.1_none_43d2192836b57f90\PackagedCWALauncher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.22000.1_none_43d2192836b57f90\PackagedCWALauncher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..packagedcwalauncher_31bf3856ad364e35_10.0.22000.1_none_43d2192836b57f90\PackagedCWALauncher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.22000.1_none_3b89d92484239859\psr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.22000.1_none_3b89d92484239859\psr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..roblemstepsrecorder_31bf3856ad364e35_10.0.22000.1_none_3b89d92484239859\psr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\ByteCodeGenerator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\f\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\f\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\f\ByteCodeGenerator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\r\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\r\ByteCodeGenerator.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-a..t-bytecodegenerator_31bf3856ad364e35_10.0.22000.71_none_ccb71d3ee4c7b8a6\r\ByteCodeGenerator.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.22000.1_none_c387f681de81f59d\agentactivationruntimestarter.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.22000.1_none_c387f681de81f59d\agentactivationruntimestarter.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.22000.1_none_c387f681de81f59d\agentactivationruntimestarter.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.22000.1_none_b8e76ca03e65a2b6\cacls.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.22000.1_none_b8e76ca03e65a2b6\cacls.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-acluifilefoldercomtool_31bf3856ad364e35_10.0.22000.1_none_b8e76ca03e65a2b6\cacls.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\LaunchTM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\LaunchTM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\LaunchTM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\Taskmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\Taskmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\f\Taskmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\LaunchTM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\LaunchTM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\LaunchTM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\r\LaunchTM.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\r\LaunchTM.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\r\LaunchTM.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\r\Taskmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\r\Taskmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\r\Taskmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\Taskmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\Taskmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-advancedtaskmanager_31bf3856ad364e35_10.0.22000.65_none_9b4fcb543bd21a13\Taskmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\appidtel.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\appidtel.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\appidtel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\f\appidtel.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\f\appidtel.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\f\appidtel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\r\appidtel.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\r\appidtel.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-appidcore_31bf3856ad364e35_10.0.22000.318_none_349d8ac96fe3d679\r\appidtel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.22000.1_none_13d214402b909a8e\mavinject.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.22000.1_none_13d214402b909a8e\mavinject.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-appmanagement-appvwow_31bf3856ad364e35_10.0.22000.1_none_13d214402b909a8e\mavinject.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.22000.1_none_3038f7c9577f0d5f\AtBroker.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.22000.1_none_3038f7c9577f0d5f\AtBroker.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.22000.1_none_3038f7c9577f0d5f\AtBroker.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.22000.1_none_132662a9c55e557b\attrib.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.22000.1_none_132662a9c55e557b\attrib.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-attrib_31bf3856ad364e35_10.0.22000.1_none_132662a9c55e557b\attrib.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.22000.1_none_ad99ec61bd0e5b20\at.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.22000.1_none_ad99ec61bd0e5b20\at.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-at_31bf3856ad364e35_10.0.22000.1_none_ad99ec61bd0e5b20\at.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.120_none_7c599f579e2e019d\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.120_none_7c599f579e2e019d\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.120_none_7c599f579e2e019d\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\f\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\f\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\f\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\r\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\r\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\r\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\SpatialAudioLicenseSrv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-audiocore_31bf3856ad364e35_10.0.22000.348_none_7c4c059b9e36fe85\SpatialAudioLicenseSrv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\f\SndVol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\f\SndVol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\f\SndVol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\r\SndVol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\r\SndVol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\r\SndVol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\SndVol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\SndVol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_10.0.22000.100_none_cbf7ec6fc0f80985\SndVol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.22000.1_none_795ac390c0ee4b33\chkntfs.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.22000.1_none_795ac390c0ee4b33\chkntfs.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.22000.1_none_795ac390c0ee4b33\chkntfs.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.22000.1_none_428c3541faeaf85a\autochk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.22000.1_none_428c3541faeaf85a\autochk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-autochk_31bf3856ad364e35_10.0.22000.1_none_428c3541faeaf85a\autochk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.22000.1_none_d18b284aa244a1ec\backgroundTaskHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.22000.1_none_d18b284aa244a1ec\backgroundTaskHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..nfrastructurebghost_31bf3856ad364e35_10.0.22000.1_none_d18b284aa244a1ec\backgroundTaskHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\f\memtest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\f\memtest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\f\memtest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\memtest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\memtest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\memtest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\r\memtest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\r\memtest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.318_none_de01ffa2be1c4596\r\memtest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\f\memtest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\f\memtest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\f\memtest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\memtest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\memtest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\memtest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\r\memtest.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\r\memtest.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_10.0.22000.469_none_ddccf236be43e7c9\r\memtest.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.22000.1_none_ada9d8fa4595e169\bitsadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.22000.1_none_ada9d8fa4595e169\bitsadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_10.0.22000.1_none_ada9d8fa4595e169\bitsadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.22000.1_none_c5b187e40e57e8e5\bthudtask.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.22000.1_none_c5b187e40e57e8e5\bthudtask.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.22000.1_none_c5b187e40e57e8e5\bthudtask.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.22000.1_none_c5b187e40e57e8e5\fsquirt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.22000.1_none_c5b187e40e57e8e5\fsquirt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-bth-user_31bf3856ad364e35_10.0.22000.1_none_c5b187e40e57e8e5\fsquirt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.22000.1_none_4aa1c639c898ed19\comrepl.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.22000.1_none_4aa1c639c898ed19\comrepl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_10.0.22000.1_none_4aa1c639c898ed19\comrepl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.22000.1_none_8de8e95b9cda88b4\MigRegDB.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.22000.1_none_8de8e95b9cda88b4\MigRegDB.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_10.0.22000.1_none_8de8e95b9cda88b4\MigRegDB.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.22000.1_none_0a56493353e5cd68\calc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.22000.1_none_0a56493353e5cd68\calc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.22000.1_none_0a56493353e5cd68\calc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.1_none_c8a8db7c509219cf\certreq.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.1_none_c8a8db7c509219cf\certreq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.1_none_c8a8db7c509219cf\certreq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\certreq.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\certreq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\certreq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\f\certreq.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\f\certreq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\f\certreq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\r\certreq.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\r\certreq.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-certificaterequesttool_31bf3856ad364e35_10.0.22000.434_none_6dc3a5a2d0fafee9\r\certreq.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.1_none_161d4fe56c866837\certutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.1_none_161d4fe56c866837\certutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.1_none_161d4fe56c866837\certutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\certutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\certutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\certutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\f\certutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\f\certutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\f\certutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\r\certutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\r\certutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-certutil_31bf3856ad364e35_10.0.22000.434_none_bb381a0becef4d51\r\certutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-charmap_31bf3856ad364e35_10.0.22000.1_none_52f20556dd84fc53\charmap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-charmap_31bf3856ad364e35_10.0.22000.1_none_52f20556dd84fc53\charmap.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-charmap_31bf3856ad364e35_10.0.22000.1_none_52f20556dd84fc53\charmap.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-chkdsk_31bf3856ad364e35_10.0.22000.1_none_227ea1d8c5da52fb\chkdsk.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-chkdsk_31bf3856ad364e35_10.0.22000.1_none_227ea1d8c5da52fb\chkdsk.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-chkdsk_31bf3856ad364e35_10.0.22000.1_none_227ea1d8c5da52fb\chkdsk.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-choice_31bf3856ad364e35_10.0.22000.1_none_23ff3304c4ecc196\choice.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-choice_31bf3856ad364e35_10.0.22000.1_none_23ff3304c4ecc196\choice.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-choice_31bf3856ad364e35_10.0.22000.1_none_23ff3304c4ecc196\choice.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-cipher_31bf3856ad364e35_10.0.22000.1_none_0daec752de4278a6\cipher.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-cipher_31bf3856ad364e35_10.0.22000.1_none_0daec752de4278a6\cipher.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-cipher_31bf3856ad364e35_10.0.22000.1_none_0daec752de4278a6\cipher.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.22000.1_none_cddc7e5996b5a69e\cleanmgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.22000.1_none_cddc7e5996b5a69e\cleanmgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-cleanmgr_31bf3856ad364e35_10.0.22000.1_none_cddc7e5996b5a69e\cleanmgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-clip_31bf3856ad364e35_10.0.22000.1_none_08742a15552b44fb\clip.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-clip_31bf3856ad364e35_10.0.22000.1_none_08742a15552b44fb\clip.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-clip_31bf3856ad364e35_10.0.22000.1_none_08742a15552b44fb\clip.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-cloudnotifications_31bf3856ad364e35_10.0.22000.1_none_f29fe3d9ca66cdd6\CloudNotifications.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-cloudnotifications_31bf3856ad364e35_10.0.22000.1_none_f29fe3d9ca66cdd6\CloudNotifications.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-cloudnotifications_31bf3856ad364e35_10.0.22000.1_none_f29fe3d9ca66cdd6\CloudNotifications.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.22000.1_none_4a402141287803ba\mtstocom.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.22000.1_none_4a402141287803ba\mtstocom.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-setup_31bf3856ad364e35_10.0.22000.1_none_4a402141287803ba\mtstocom.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-ui_31bf3856ad364e35_10.0.22000.1_none_11400bad816266c9\dcomcnfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-ui_31bf3856ad364e35_10.0.22000.1_none_11400bad816266c9\dcomcnfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-com-complus-ui_31bf3856ad364e35_10.0.22000.1_none_11400bad816266c9\dcomcnfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-com-surrogate-core_31bf3856ad364e35_10.0.22000.1_none_9582d7fd0fc1e753\dllhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-com-surrogate-core_31bf3856ad364e35_10.0.22000.1_none_9582d7fd0fc1e753\dllhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-com-surrogate-core_31bf3856ad364e35_10.0.22000.1_none_9582d7fd0fc1e753\dllhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-com-surrogate_31bf3856ad364e35_10.0.22000.1_none_a4bc36ae2cabd6e1\dllhst3g.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-com-surrogate_31bf3856ad364e35_10.0.22000.1_none_a4bc36ae2cabd6e1\dllhst3g.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-com-surrogate_31bf3856ad364e35_10.0.22000.1_none_a4bc36ae2cabd6e1\dllhst3g.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-commandlinehelp_31bf3856ad364e35_10.0.22000.1_none_34c37d9c426177d3\help.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-commandlinehelp_31bf3856ad364e35_10.0.22000.1_none_34c37d9c426177d3\help.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-commandlinehelp_31bf3856ad364e35_10.0.22000.1_none_34c37d9c426177d3\help.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_10.0.22000.1_none_eba50eb553865eda\cmd.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_10.0.22000.1_none_eba50eb553865eda\cmd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_10.0.22000.1_none_eba50eb553865eda\cmd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-compact_31bf3856ad364e35_10.0.22000.1_none_5a8d82c2eebc5ec0\compact.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-compact_31bf3856ad364e35_10.0.22000.1_none_5a8d82c2eebc5ec0\compact.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-compact_31bf3856ad364e35_10.0.22000.1_none_5a8d82c2eebc5ec0\compact.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-computerdefaults_31bf3856ad364e35_10.0.22000.1_none_670ee9a3fc734020\ComputerDefaults.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-computerdefaults_31bf3856ad364e35_10.0.22000.1_none_670ee9a3fc734020\ComputerDefaults.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-computerdefaults_31bf3856ad364e35_10.0.22000.1_none_670ee9a3fc734020\ComputerDefaults.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\control.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\control.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\control.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\f\control.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\f\control.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\f\control.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\r\control.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\r\control.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-control_31bf3856ad364e35_10.0.22000.318_none_9f38aa7663fcbf45\r\control.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-convert_31bf3856ad364e35_10.0.22000.1_none_fd6d92b3e17c096a\convert.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-convert_31bf3856ad364e35_10.0.22000.1_none_fd6d92b3e17c096a\convert.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-convert_31bf3856ad364e35_10.0.22000.1_none_fd6d92b3e17c096a\convert.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-credwiz_31bf3856ad364e35_10.0.22000.1_none_0072f8a3a4fef3f3\credwiz.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-credwiz_31bf3856ad364e35_10.0.22000.1_none_0072f8a3a4fef3f3\credwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-credwiz_31bf3856ad364e35_10.0.22000.1_none_0072f8a3a4fef3f3\credwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.22000.1_none_50931f3c57820a75\cttunesvr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.22000.1_none_50931f3c57820a75\cttunesvr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-cttunesvr_31bf3856ad364e35_10.0.22000.1_none_50931f3c57820a75\cttunesvr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-cttune_31bf3856ad364e35_10.0.22000.1_none_141cd469f7aeedb6\cttune.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-cttune_31bf3856ad364e35_10.0.22000.1_none_141cd469f7aeedb6\cttune.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-cttune_31bf3856ad364e35_10.0.22000.1_none_141cd469f7aeedb6\cttune.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..-externaldictionary_31bf3856ad364e35_10.0.22000.1_none_9d33d1a7f1c90bf8\IMEWDBLD.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..-externaldictionary_31bf3856ad364e35_10.0.22000.1_none_9d33d1a7f1c90bf8\IMEWDBLD.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..-externaldictionary_31bf3856ad364e35_10.0.22000.1_none_9d33d1a7f1c90bf8\IMEWDBLD.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.22000.1_none_4dc986ddab447f27\IMJPDCT.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.22000.1_none_4dc986ddab447f27\IMJPDCT.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.22000.1_none_4dc986ddab447f27\IMJPDCT.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.22000.1_none_4dc986ddab447f27\IMJPUEX.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.22000.1_none_4dc986ddab447f27\IMJPUEX.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_10.0.22000.1_none_4dc986ddab447f27\IMJPUEX.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..-warp-jitexecutable_31bf3856ad364e35_10.0.22000.1_none_2e5256cb5b543e55\Windows.WARP.JITService.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..-warp-jitexecutable_31bf3856ad364e35_10.0.22000.1_none_2e5256cb5b543e55\Windows.WARP.JITService.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..-warp-jitexecutable_31bf3856ad364e35_10.0.22000.1_none_2e5256cb5b543e55\Windows.WARP.JITService.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..agement-commandline_31bf3856ad364e35_10.0.22000.1_none_901640fccc3c2d55\Dism.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..agement-commandline_31bf3856ad364e35_10.0.22000.1_none_901640fccc3c2d55\Dism.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..agement-commandline_31bf3856ad364e35_10.0.22000.1_none_901640fccc3c2d55\Dism.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.22000.1_none_6bd596e0ba043609\imjpuexc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.22000.1_none_6bd596e0ba043609\imjpuexc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_10.0.22000.1_none_6bd596e0ba043609\imjpuexc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..d-searchintegration_31bf3856ad364e35_10.0.22000.1_none_e64ff994c88b8371\IMESEARCH.EXE"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..d-searchintegration_31bf3856ad364e35_10.0.22000.1_none_e64ff994c88b8371\IMESEARCH.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..d-searchintegration_31bf3856ad364e35_10.0.22000.1_none_e64ff994c88b8371\IMESEARCH.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.22000.1_none_9b248a22d85ad72f\IMEPADSV.EXE"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.22000.1_none_9b248a22d85ad72f\IMEPADSV.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.22000.1_none_9b248a22d85ad72f\IMEPADSV.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..me-japanese-setting_31bf3856ad364e35_10.0.22000.1_none_12c84018b608c95b\IMJPSET.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..me-japanese-setting_31bf3856ad364e35_10.0.22000.1_none_12c84018b608c95b\IMJPSET.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..me-japanese-setting_31bf3856ad364e35_10.0.22000.1_none_12c84018b608c95b\IMJPSET.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.22000.1_none_3ccc038fc75b3c47\imecfmui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.22000.1_none_3ccc038fc75b3c47\imecfmui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..omerfeedbackmanager_31bf3856ad364e35_10.0.22000.1_none_3ccc038fc75b3c47\imecfmui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..tofservice-oposhost_31bf3856ad364e35_10.0.22000.1_none_dd6521dd430a0c17\OposHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..tofservice-oposhost_31bf3856ad364e35_10.0.22000.1_none_dd6521dd430a0c17\OposHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..tofservice-oposhost_31bf3856ad364e35_10.0.22000.1_none_dd6521dd430a0c17\OposHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_10.0.22000.1_none_845be02a96edce3b\dxdiag.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_10.0.22000.1_none_845be02a96edce3b\dxdiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_10.0.22000.1_none_845be02a96edce3b\dxdiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ddodiag_31bf3856ad364e35_10.0.22000.1_none_96eeda0ad6188215\ddodiag.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ddodiag_31bf3856ad364e35_10.0.22000.1_none_96eeda0ad6188215\ddodiag.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ddodiag_31bf3856ad364e35_10.0.22000.1_none_96eeda0ad6188215\ddodiag.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.22000.1_none_f9ae56b6c96ec8d4\dfrgui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.22000.1_none_f9ae56b6c96ec8d4\dfrgui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-defrag-adminui_31bf3856ad364e35_10.0.22000.1_none_f9ae56b6c96ec8d4\dfrgui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-deployment_31bf3856ad364e35_10.0.22000.1_none_5c873ec32677d78e\setupugc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-deployment_31bf3856ad364e35_10.0.22000.1_none_5c873ec32677d78e\setupugc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-deployment_31bf3856ad364e35_10.0.22000.1_none_5c873ec32677d78e\setupugc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-devicepairingapp_31bf3856ad364e35_10.0.22000.1_none_d036a9a63b365d9c\DevicePairingWizard.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-devicepairingapp_31bf3856ad364e35_10.0.22000.1_none_d036a9a63b365d9c\DevicePairingWizard.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-devicepairingapp_31bf3856ad364e35_10.0.22000.1_none_d036a9a63b365d9c\DevicePairingWizard.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_10.0.22000.1_none_62466b235333f53a\dvdplay.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_10.0.22000.1_none_62466b235333f53a\dvdplay.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_10.0.22000.1_none_62466b235333f53a\dvdplay.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.22000.1_none_c970ad52cf16bc2f\diskpart.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.22000.1_none_c970ad52cf16bc2f\diskpart.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.22000.1_none_c970ad52cf16bc2f\diskpart.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-diskusage_31bf3856ad364e35_10.0.22000.1_none_12679a433ec476cd\diskusage.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-diskusage_31bf3856ad364e35_10.0.22000.1_none_12679a433ec476cd\diskusage.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-diskusage_31bf3856ad364e35_10.0.22000.1_none_12679a433ec476cd\diskusage.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.22000.1_none_de6b1af4069aa942\dpapimig.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.22000.1_none_de6b1af4069aa942\dpapimig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.22000.1_none_de6b1af4069aa942\dpapimig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-dpiscaling_31bf3856ad364e35_10.0.22000.1_none_dae01b2e9419ebcf\DpiScaling.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-dpiscaling_31bf3856ad364e35_10.0.22000.1_none_dae01b2e9419ebcf\DpiScaling.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-dpiscaling_31bf3856ad364e35_10.0.22000.1_none_dae01b2e9419ebcf\DpiScaling.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.22000.1_none_f6bb136dce337547\driverquery.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.22000.1_none_f6bb136dce337547\driverquery.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.22000.1_none_f6bb136dce337547\driverquery.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.22000.1_none_1b04230fd5e53bb5\verifiergui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.22000.1_none_1b04230fd5e53bb5\verifiergui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.22000.1_none_1b04230fd5e53bb5\verifiergui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.22000.1_none_3a2434f5fe6af698\esentutl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.22000.1_none_3a2434f5fe6af698\esentutl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.22000.1_none_3a2434f5fe6af698\esentutl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_10.0.22000.1_none_5f37ed4d2eae86cf\DWWIN.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_10.0.22000.1_none_5f37ed4d2eae86cf\DWWIN.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_10.0.22000.1_none_5f37ed4d2eae86cf\DWWIN.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.1_none_8165809779001f16\edpnotify.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.1_none_8165809779001f16\edpnotify.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.1_none_8165809779001f16\edpnotify.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.434_none_26804abdf9690430\edpnotify.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.434_none_26804abdf9690430\edpnotify.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.434_none_26804abdf9690430\edpnotify.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_10.0.22000.1_none_6882f2754501b4c0\rekeywiz.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_10.0.22000.1_none_6882f2754501b4c0\rekeywiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_10.0.22000.1_none_6882f2754501b4c0\rekeywiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-efs-ui_31bf3856ad364e35_10.0.22000.1_none_570d0ffac0c0516c\efsui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-efs-ui_31bf3856ad364e35_10.0.22000.1_none_570d0ffac0c0516c\efsui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-efs-ui_31bf3856ad364e35_10.0.22000.1_none_570d0ffac0c0516c\efsui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.22000.1_none_810efa0e3f0e1154\wermgr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.22000.1_none_810efa0e3f0e1154\wermgr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.22000.1_none_810efa0e3f0e1154\wermgr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFault.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFault.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFault.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFaultSecure.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFaultSecure.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFaultSecure.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFault.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFault.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFault.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFaultSecure.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFaultSecure.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFaultSecure.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFault.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFault.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFault.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFaultSecure.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFaultSecure.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFaultSecure.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFault.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFault.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFault.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFaultSecure.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFaultSecure.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFaultSecure.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFault.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFault.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFault.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFaultSecure.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFaultSecure.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFaultSecure.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.22000.1_none_a25504994fc2b024\EhStorAuthn.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.22000.1_none_a25504994fc2b024\EhStorAuthn.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.22000.1_none_a25504994fc2b024\EhStorAuthn.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eudcedit_31bf3856ad364e35_10.0.22000.1_none_ba30cc9df8a7fca4\eudcedit.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eudcedit_31bf3856ad364e35_10.0.22000.1_none_ba30cc9df8a7fca4\eudcedit.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eudcedit_31bf3856ad364e35_10.0.22000.1_none_ba30cc9df8a7fca4\eudcedit.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_10.0.22000.1_none_5ba5eadfaddccaf4\wecutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_10.0.22000.1_none_5ba5eadfaddccaf4\wecutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_10.0.22000.1_none_5ba5eadfaddccaf4\wecutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventcreate_31bf3856ad364e35_10.0.22000.1_none_35fb189c78bdb167\eventcreate.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventcreate_31bf3856ad364e35_10.0.22000.1_none_35fb189c78bdb167\eventcreate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventcreate_31bf3856ad364e35_10.0.22000.1_none_35fb189c78bdb167\eventcreate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\r\wevtutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\r\wevtutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\r\wevtutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\wevtutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\wevtutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\wevtutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\f\wevtutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\f\wevtutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\f\wevtutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\r\wevtutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\r\wevtutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\r\wevtutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\wevtutil.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\wevtutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\wevtutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.22000.1_none_b90ac474910a4673\expand.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.22000.1_none_b90ac474910a4673\expand.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.22000.1_none_b90ac474910a4673\expand.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\explorer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\f\explorer.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\f\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\f\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\r\explorer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\r\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\r\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\explorer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\r\explorer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\r\explorer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\r\explorer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-extrac32_31bf3856ad364e35_10.0.22000.1_none_3bc1e2973d0f3919\extrac32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-extrac32_31bf3856ad364e35_10.0.22000.1_none_3bc1e2973d0f3919\extrac32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-extrac32_31bf3856ad364e35_10.0.22000.1_none_3bc1e2973d0f3919\extrac32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\comp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\comp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\comp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\fc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\fc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\fc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.22000.1_none_7a25fafa5e81834c\fltMC.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.22000.1_none_7a25fafa5e81834c\fltMC.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.22000.1_none_7a25fafa5e81834c\fltMC.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.22000.1_none_87c7d35a92de7cef\findstr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.22000.1_none_87c7d35a92de7cef\findstr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.22000.1_none_87c7d35a92de7cef\findstr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-fontview_31bf3856ad364e35_10.0.22000.1_none_a4fc5537efa0db6f\fontview.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-fontview_31bf3856ad364e35_10.0.22000.1_none_a4fc5537efa0db6f\fontview.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-fontview_31bf3856ad364e35_10.0.22000.1_none_a4fc5537efa0db6f\fontview.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.22000.1_none_b5bbb79816b29fb5\forfiles.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.22000.1_none_b5bbb79816b29fb5\forfiles.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.22000.1_none_b5bbb79816b29fb5\forfiles.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\fsutil.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\fsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\fsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\r\fsutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\r\fsutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\r\fsutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ftp_31bf3856ad364e35_10.0.22000.1_none_0d83a5e891b3d321\ftp.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ftp_31bf3856ad364e35_10.0.22000.1_none_0d83a5e891b3d321\ftp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ftp_31bf3856ad364e35_10.0.22000.1_none_0d83a5e891b3d321\ftp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpresult.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpresult.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpresult.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpupdate.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpupdate.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpupdate.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-getmac_31bf3856ad364e35_10.0.22000.1_none_6c96deb2db24e7d4\getmac.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-getmac_31bf3856ad364e35_10.0.22000.1_none_6c96deb2db24e7d4\getmac.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-getmac_31bf3856ad364e35_10.0.22000.1_none_6c96deb2db24e7d4\getmac.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.22000.1_none_9929679adadef360\powershell_ise.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.22000.1_none_9929679adadef360\powershell_ise.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.22000.1_none_9929679adadef360\powershell_ise.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.22000.1_none_c5af807aa8d61858\gpscript.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.22000.1_none_c5af807aa8d61858\gpscript.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.22000.1_none_c5af807aa8d61858\gpscript.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.22000.1_none_03206cd676d7ae6a\grpconv.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.22000.1_none_03206cd676d7ae6a\grpconv.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.22000.1_none_03206cd676d7ae6a\grpconv.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.22000.1_none_c4795c793bc04b9f\hvsiproxyapp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.22000.1_none_c4795c793bc04b9f\hvsiproxyapp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.22000.1_none_c4795c793bc04b9f\hvsiproxyapp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.22000.1_none_28ee3eaabde6507f\hh.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.22000.1_none_28ee3eaabde6507f\hh.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.22000.1_none_28ee3eaabde6507f\hh.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\iexplore.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\iexplore.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\iexplore.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\r\iexplore.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\r\iexplore.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\r\iexplore.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.22000.1_none_3b0bf3364e41c5b0\iscsicli.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.22000.1_none_3b0bf3364e41c5b0\iscsicli.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.22000.1_none_3b0bf3364e41c5b0\iscsicli.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\setup.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\setup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\setup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\_isdel.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\_isdel.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\_isdel.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\appcmd.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\appcmd.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\appcmd.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\iissetup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\iissetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\iissetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\InputSwitchToastHandler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\InputSwitchToastHandler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\InputSwitchToastHandler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\r\InputSwitchToastHandler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\r\InputSwitchToastHandler.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\r\InputSwitchToastHandler.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCLNWZ.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCLNWZ.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCLNWZ.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCPROP.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCPROP.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCPROP.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-icacls_31bf3856ad364e35_10.0.22000.1_none_934ce708df2406c6\icacls.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-icacls_31bf3856ad364e35_10.0.22000.1_none_934ce708df2406c6\icacls.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-icacls_31bf3856ad364e35_10.0.22000.1_none_934ce708df2406c6\icacls.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.22000.1_none_7b86f3d8c7ad2322\dccw.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.22000.1_none_7b86f3d8c7ad2322\dccw.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.22000.1_none_7b86f3d8c7ad2322\dccw.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.22000.1_none_9af0ff62d9f93c09\colorcpl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.22000.1_none_9af0ff62d9f93c09\colorcpl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.22000.1_none_9af0ff62d9f93c09\colorcpl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.22000.1_none_ede3b211ad614222\mshta.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.22000.1_none_ede3b211ad614222\mshta.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.22000.1_none_ede3b211ad614222\mshta.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.22000.1_none_c3ebc2d9be02340b\ieUnatt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.22000.1_none_c3ebc2d9be02340b\ieUnatt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.22000.1_none_c3ebc2d9be02340b\ieUnatt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.22000.1_none_e1b91bffeb2fd335\InetMgr6.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.22000.1_none_e1b91bffeb2fd335\InetMgr6.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.22000.1_none_e1b91bffeb2fd335\InetMgr6.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\aspnetca.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\aspnetca.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\aspnetca.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\iisreset.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\iisreset.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\iisreset.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.22000.1_none_36b24ce0b35c1e60\IMCCPHR.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.22000.1_none_36b24ce0b35c1e60\IMCCPHR.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.22000.1_none_36b24ce0b35c1e60\IMCCPHR.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.22000.1_none_cd2ccbb7d5393f64\InfDefaultInstall.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.22000.1_none_cd2ccbb7d5393f64\InfDefaultInstall.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.22000.1_none_cd2ccbb7d5393f64\InfDefaultInstall.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.22000.1_none_aa19bcc4bf43b810\msiexec.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.22000.1_none_aa19bcc4bf43b810\msiexec.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.22000.1_none_aa19bcc4bf43b810\msiexec.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.22000.1_none_20b20a4d26c387fd\MuiUnattend.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.22000.1_none_20b20a4d26c387fd\MuiUnattend.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.22000.1_none_20b20a4d26c387fd\MuiUnattend.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.22000.1_none_acd238f8511877bc\ipconfig.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.22000.1_none_acd238f8511877bc\ipconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.22000.1_none_acd238f8511877bc\ipconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.22000.1_none_388372a9953bb48f\iscsicpl.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.22000.1_none_388372a9953bb48f\iscsicpl.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.22000.1_none_388372a9953bb48f\iscsicpl.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.22000.1_none_e92240163a52addb\ktmutil.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.22000.1_none_e92240163a52addb\ktmutil.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.22000.1_none_e92240163a52addb\ktmutil.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-label_31bf3856ad364e35_10.0.22000.1_none_b7c753c003725517\label.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-label_31bf3856ad364e35_10.0.22000.1_none_b7c753c003725517\label.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-label_31bf3856ad364e35_10.0.22000.1_none_b7c753c003725517\label.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.22000.1_none_430c6a5b816abeb9\hdwwiz.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.22000.1_none_430c6a5b816abeb9\hdwwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.22000.1_none_430c6a5b816abeb9\hdwwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.22000.1_none_700b9308aecc1425\mmc.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.22000.1_none_700b9308aecc1425\mmc.exe"
C:\Windows\explorer.exe
explorer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.22000.1_none_700b9308aecc1425\mmc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.22000.1_none_a4e82f5676e0e198\odbcad32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.22000.1_none_a4e82f5676e0e198\odbcad32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.22000.1_none_a4e82f5676e0e198\odbcad32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.22000.1_none_d0b58ed08fdbb9ff\cliconfg.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.22000.1_none_d0b58ed08fdbb9ff\cliconfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.22000.1_none_d0b58ed08fdbb9ff\cliconfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\find.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\find.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\find.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\replace.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\replace.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\replace.exe" /grant "everyone":(f)
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\doskey.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\doskey.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\doskey.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\print.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\print.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\print.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\subst.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\subst.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\subst.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.22000.1_none_21361b29ac61361b\wmprph.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.22000.1_none_21361b29ac61361b\wmprph.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.22000.1_none_21361b29ac61361b\wmprph.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.1_none_cec61f64d1d9b52e\Magnify.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.1_none_cec61f64d1d9b52e\Magnify.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.1_none_cec61f64d1d9b52e\Magnify.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-makecab_31bf3856ad364e35_10.0.22000.1_none_5167c9dea268ae49\makecab.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-makecab_31bf3856ad364e35_10.0.22000.1_none_5167c9dea268ae49\makecab.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-makecab_31bf3856ad364e35_10.0.22000.1_none_5167c9dea268ae49\makecab.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.22000.1_none_36e30e5c0bb5efc5\mmgaserver.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.22000.1_none_36e30e5c0bb5efc5\mmgaserver.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.22000.1_none_36e30e5c0bb5efc5\mmgaserver.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\fixmapi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\fixmapi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\fixmapi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\r\fixmapi.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\r\fixmapi.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\r\fixmapi.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\mfpmp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\mfpmp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\r\mfpmp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\r\mfpmp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\r\mfpmp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_7b92f89679249548\wmlaunch.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_7b92f89679249548\wmlaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_7b92f89679249548\wmlaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmplayer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpconfig.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpconfig.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpconfig.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmplayer.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmplayer.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmplayer.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpshare.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpshare.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpshare.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_4bd8d42ffb32ad8a\logagent.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_4bd8d42ffb32ad8a\logagent.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_4bd8d42ffb32ad8a\logagent.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\setup_wm.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\setup_wm.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\setup_wm.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\unregmp2.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\unregmp2.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\unregmp2.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_4fe921868d7ef368\mobsync.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_4fe921868d7ef368\mobsync.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_4fe921868d7ef368\mobsync.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_12f1c1658a9d216d\mountvol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_12f1c1658a9d216d\mountvol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_12f1c1658a9d216d\mountvol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_781d59aef5ebc75f\auditpol.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_781d59aef5ebc75f\auditpol.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_781d59aef5ebc75f\auditpol.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_061aa9eb56b04ee9\msdt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_061aa9eb56b04ee9\msdt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_061aa9eb56b04ee9\msdt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\r\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\r\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\r\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\r\msinfo32.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\r\msinfo32.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\r\msinfo32.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_7aa4e433ee022a53\mcbuilder.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_7aa4e433ee022a53\mcbuilder.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_7aa4e433ee022a53\mcbuilder.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_ef1ce2dee8e9f117\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_ef1ce2dee8e9f117\BackgroundTransferHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_ef1ce2dee8e9f117\BackgroundTransferHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_d0ba8259b7939cb1\NetCfgNotifyObjectHost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_d0ba8259b7939cb1\NetCfgNotifyObjectHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_d0ba8259b7939cb1\NetCfgNotifyObjectHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_b2ca9978aba0e546\net.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_b2ca9978aba0e546\net.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_b2ca9978aba0e546\net.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_e7743b698dbcffb9\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_e7743b698dbcffb9\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_e7743b698dbcffb9\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\r\net1.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\r\net1.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\r\net1.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_c0fd105a306dfcd0\netbtugc.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_c0fd105a306dfcd0\netbtugc.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_c0fd105a306dfcd0\netbtugc.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_4deefcbe498bbe87\Netplwiz.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_4deefcbe498bbe87\Netplwiz.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_4deefcbe498bbe87\Netplwiz.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_c0393e363102a7bd\netsh.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_c0393e363102a7bd\netsh.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_c0393e363102a7bd\netsh.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\ndadmin.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\ndadmin.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\ndadmin.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\newdev.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\newdev.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\newdev.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_cfb2d573a92990de\notepad.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_cfb2d573a92990de\notepad.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_cfb2d573a92990de\notepad.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_2c18bbe89f9c63f0\nslookup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_2c18bbe89f9c63f0\nslookup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_2c18bbe89f9c63f0\nslookup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_aa4d552cc54f3bba\Fondue.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_aa4d552cc54f3bba\Fondue.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_aa4d552cc54f3bba\Fondue.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.22000.1_none_85d889245f3a20db\OneDriveSetup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.22000.1_none_85d889245f3a20db\OneDriveSetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.22000.1_none_85d889245f3a20db\OneDriveSetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_47beaef9238dff6e\openfiles.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_47beaef9238dff6e\openfiles.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_47beaef9238dff6e\openfiles.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_cdb916a4abddbb05\OpenWith.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_cdb916a4abddbb05\OpenWith.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_cdb916a4abddbb05\OpenWith.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_4294863d020c9d21\tcmsetup.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_4294863d020c9d21\tcmsetup.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_4294863d020c9d21\tcmsetup.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\printui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\r\printui.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\r\printui.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\r\printui.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\diskperf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\diskperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\diskperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\logman.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\logman.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\logman.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\relog.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\relog.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\relog.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\tracerpt.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\tracerpt.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\tracerpt.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\typeperf.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\typeperf.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\typeperf.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_69f4002fb9e8f9d3\powercfg.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_69f4002fb9e8f9d3\powercfg.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_69f4002fb9e8f9d3\powercfg.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\r\ntprint.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\r\ntprint.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\r\ntprint.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.22000.1_none_398d4981eff37ba2\perfhost.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.22000.1_none_398d4981eff37ba2\perfhost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.22000.1_none_398d4981eff37ba2\perfhost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\lodctr.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\lodctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\lodctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\unlodctr.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\unlodctr.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\unlodctr.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\perfmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\perfmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\perfmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\resmon.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\resmon.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\resmon.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_0e45b35a878542f9\PickerHost.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_0e45b35a878542f9\PickerHost.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_0e45b35a878542f9\PickerHost.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PATHPING.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PATHPING.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PATHPING.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PING.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PING.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PING.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\TRACERT.EXE"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\TRACERT.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\TRACERT.EXE" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_c9ae46ac3b5c78ef\powershell.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_c9ae46ac3b5c78ef\powershell.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_c9ae46ac3b5c78ef\powershell.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_0b6ad273acba9ca1\w3wp.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_0b6ad273acba9ca1\w3wp.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_0b6ad273acba9ca1\w3wp.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_885f3fcfcb8efd54\proquota.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_885f3fcfcb8efd54\proquota.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_885f3fcfcb8efd54\proquota.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_cb20c829bd1c95e8\provlaunch.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_cb20c829bd1c95e8\provlaunch.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_cb20c829bd1c95e8\provlaunch.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe" /grant "everyone":(f)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\quickassist.exe"
C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\quickassist.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\quickassist.exe" /grant "everyone":(f)
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 92.123.128.180:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | r.bing.com | tcp |
| GB | 92.123.128.187:443 | r.bing.com | tcp |
| CA | 69.50.175.178:80 | tcp | |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9314124f4f0ad9f845a0d7906fd8dfd8 |
| SHA1 | 0d4f67fb1a11453551514f230941bdd7ef95693c |
| SHA256 | cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e |
| SHA512 | 87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85 |
\??\pipe\LOCAL\crashpad_3920_PCJBGEWVSYHHCAKI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e1544690d41d950f9c1358068301cfb5 |
| SHA1 | ae3ff81363fcbe33c419e49cabef61fb6837bffa |
| SHA256 | 53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724 |
| SHA512 | 1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9eddedca95224ba85619798b82103c99 |
| SHA1 | 5ad4155b3e6c572f1996277860e6514cd806cd0d |
| SHA256 | 7fafc65b6e08594f9aa2278688a49a160d571b87d3a0b383d518c4f1d2c36680 |
| SHA512 | 920209850944f24926ab7fc8610c7a61551dbf28f41a52b918d31faad0ffa564b8245882f6093c1ff815bf114a52955823c1df5dbfd7ccc323cc4a5805b664fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bc306e36dff6015bfb9ba2825c3d9efc |
| SHA1 | 69dc383a0bcff5ae0ff830c6e6bc39c2eb376e29 |
| SHA256 | b5274e806a5c6f3552a9d414963691cf64a1916de8ab643ab5ce6fd4cc1d8a7f |
| SHA512 | 356029d31d1541185c5da65dd7ca2609ea7375bbb5e6631b029064d623af0ab2fd435fc51588a02ad5a21e4ebb9ee00effe99ada9815e7666209e2aae2662dad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 456132735456ed3f14d770bb5ddc1891 |
| SHA1 | 2ce4d8f6e5df5e24a5c7fd871517d8e56db6edb7 |
| SHA256 | 4a6d6a5f8b4a7b12b1b6b3e51b6cad7c273e25037341e4e24300c9244fdb2927 |
| SHA512 | 8b49f600fc2fb498e53f976264e2b6c3a1f6501a032d41262b8c2a780e3c2d56276aa78f58bfb7e23b95ae7139b5d1a4373e56ff297b190d4c80182504996604 |
C:\Users\Admin\Downloads\Unconfirmed 304951.crdownload
| MD5 | fba93d8d029e85e0cde3759b7903cee2 |
| SHA1 | 525b1aa549188f4565c75ab69e51f927204ca384 |
| SHA256 | 66f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764 |
| SHA512 | 7c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a68f527f532bb81f1552c000c267900e |
| SHA1 | b8e3d1f3e883746a93d480e028548f1c1e61f967 |
| SHA256 | ffe47a704fa1cd0f75f5f3adb701c83e7e6fafcae1033402d4448060d56d7f41 |
| SHA512 | 1b7dd0ed39f057f648ff52295633624b42b66b16b6b8c64872d4d11c971b20664aed00f5eada7e376ad08005432e194266baa00668fc2191596a11c11bece125 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c0a0.TMP
| MD5 | 22cb3fae945eebfe1fe8c773a7eab122 |
| SHA1 | a44e3bc1a5865ef123ec38c8048c48a574ed5f21 |
| SHA256 | ae27eec34ed8cd90bdd838a35f5cae0ae65aaf917c127030debef4b4bdbcf95e |
| SHA512 | 06bcde86daf27aa6a7ccef9f03217bcffa18208db31dfe0913968a4acbc154e32bd8eb696a3853c1a9f88a779e7cdc274d0e1e8d0f399f20c28c5f48a9c18efb |
C:\Users\Admin\Downloads\Bonzify (1).exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 2c5e00c1cdc8c5cd46efde9c2b18e055 |
| SHA1 | b4fbf7080f3d3a39f66333655d77833d732bd8c1 |
| SHA256 | 52666f91e97c9d7e4938df17d5eb66cca2715fcaf6ff1b6ae2e8ae28901eb13a |
| SHA512 | 6740d1c76e151cb4960ac193e8d489d34c5770d6ea3380848fb36ee9f1b426ea3c3bf71d7d1b679a992e3c8f4e9378c44e33750f8424fddead4808b5940b98aa |
C:\Users\Admin\AppData\Local\Temp\KillAgent.bat
| MD5 | ea7df060b402326b4305241f21f39736 |
| SHA1 | 7d58fb4c58e0edb2ddceef4d21581ff9d512fdc2 |
| SHA256 | e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793 |
| SHA512 | 3147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 842a47204955f8dd02c564283ff428b5 |
| SHA1 | e4b7e9d5f8e5ac8d51dcffce9033ae41f65d60d2 |
| SHA256 | 26844936381f6eeced95a2ffabf13f3cc4d233b99712e3ca414a89e856dc150e |
| SHA512 | 1632ed628c60c3dfdb60c1bbc5420fe0b924aca9a5d120a068bbabfe915c2d1a139c3abc0100b822db0dbe4a33cac6bee9256567880ceb05c3fefe0cb2ab5c6a |
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
| MD5 | 66996a076065ebdcdac85ff9637ceae0 |
| SHA1 | 4a25632b66a9d30239a1a77c7e7ba81bb3aee9ce |
| SHA256 | 16ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa |
| SHA512 | e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ADVPACK.DLL
| MD5 | 81e5c8596a7e4e98117f5c5143293020 |
| SHA1 | 45b7fe0989e2df1b4dfd227f8f3b73b6b7df9081 |
| SHA256 | 7d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004 |
| SHA512 | 05b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT20.INF
| MD5 | e4a499b9e1fe33991dbcfb4e926c8821 |
| SHA1 | 951d4750b05ea6a63951a7667566467d01cb2d42 |
| SHA256 | 49e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d |
| SHA512 | a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLL
| MD5 | 7c5aefb11e797129c9e90f279fbdf71b |
| SHA1 | cb9d9cbfbebb5aed6810a4e424a295c27520576e |
| SHA256 | 394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed |
| SHA512 | df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTCTL.DLL
| MD5 | 237e13b95ab37d0141cf0bc585b8db94 |
| SHA1 | 102c6164c21de1f3e0b7d487dd5dc4c5249e0994 |
| SHA256 | d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a |
| SHA512 | 9d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSVR.EXE
| MD5 | 5c91bf20fe3594b81052d131db798575 |
| SHA1 | eab3a7a678528b5b2c60d65b61e475f1b2f45baa |
| SHA256 | e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175 |
| SHA512 | face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLL
| MD5 | 4fbbaac42cf2ecb83543f262973d07c0 |
| SHA1 | ab1b302d7cce10443dfc14a2eba528a0431e1718 |
| SHA256 | 6550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5 |
| SHA512 | 4146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTDP2.DLL
| MD5 | a334bbf5f5a19b3bdb5b7f1703363981 |
| SHA1 | 6cb50b15c0e7d9401364c0fafeef65774f5d1a2c |
| SHA256 | c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de |
| SHA512 | 1fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLL
| MD5 | 48c00a7493b28139cbf197ccc8d1f9ed |
| SHA1 | a25243b06d4bb83f66b7cd738e79fccf9a02b33b |
| SHA256 | 905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7 |
| SHA512 | c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLL
| MD5 | b4ac608ebf5a8fdefa2d635e83b7c0e8 |
| SHA1 | d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9 |
| SHA256 | 8414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f |
| SHA512 | 2c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLP
| MD5 | 466d35e6a22924dd846a043bc7dd94b8 |
| SHA1 | 35e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10 |
| SHA256 | e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801 |
| SHA512 | 23b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTCTL15.TLB
| MD5 | f1656b80eaae5e5201dcbfbcd3523691 |
| SHA1 | 6f93d71c210eb59416e31f12e4cc6a0da48de85b |
| SHA256 | 3f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2 |
| SHA512 | e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLL
| MD5 | 0cbf0f4c9e54d12d34cd1a772ba799e1 |
| SHA1 | 40e55eb54394d17d2d11ca0089b84e97c19634a7 |
| SHA256 | 6b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1 |
| SHA512 | bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MSLWVTTS.DLL
| MD5 | 316999655fef30c52c3854751c663996 |
| SHA1 | a7862202c3b075bdeb91c5e04fe5ff71907dae59 |
| SHA256 | ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0 |
| SHA512 | 5555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGTINST.INF
| MD5 | b127d9187c6dbb1b948053c7c9a6811f |
| SHA1 | b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9 |
| SHA256 | bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00 |
| SHA512 | 88e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLL
| MD5 | 9fafb9d0591f2be4c2a846f63d82d301 |
| SHA1 | 1df97aa4f3722b6695eac457e207a76a6b7457be |
| SHA256 | e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d |
| SHA512 | ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a |
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exe
| MD5 | 3f8f18c9c732151dcdd8e1d8fe655896 |
| SHA1 | 222cc49201aa06313d4d35a62c5d494af49d1a56 |
| SHA256 | 709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331 |
| SHA512 | 398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF16.DLL
| MD5 | 7210d5407a2d2f52e851604666403024 |
| SHA1 | 242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9 |
| SHA256 | 337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af |
| SHA512 | 1755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.dll
| MD5 | ed98e67fa8cc190aad0757cd620e6b77 |
| SHA1 | 0317b10cdb8ac080ba2919e2c04058f1b6f2f94d |
| SHA256 | e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d |
| SHA512 | ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcp50.dll
| MD5 | 497fd4a8f5c4fcdaaac1f761a92a366a |
| SHA1 | 81617006e93f8a171b2c47581c1d67fac463dc93 |
| SHA256 | 91cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a |
| SHA512 | 73d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Msvcirt.dll
| MD5 | e7cd26405293ee866fefdd715fc8b5e5 |
| SHA1 | 6326412d0ea86add8355c76f09dfc5e7942f9c11 |
| SHA256 | 647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255 |
| SHA512 | 1114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\andmoipa.ttf
| MD5 | c3e8aeabd1b692a9a6c5246f8dcaa7c9 |
| SHA1 | 4567ea5044a3cef9cb803210a70866d83535ed31 |
| SHA256 | 38ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e |
| SHA512 | f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.hlp
| MD5 | 80d09149ca264c93e7d810aac6411d1d |
| SHA1 | 96e8ddc1d257097991f9cc9aaf38c77add3d6118 |
| SHA256 | 382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42 |
| SHA512 | 8813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tvenuax.dll
| MD5 | 1587bf2e99abeeae856f33bf98d3512e |
| SHA1 | aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9 |
| SHA256 | c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0 |
| SHA512 | 43161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tv_enua.inf
| MD5 | 0a250bb34cfa851e3dd1804251c93f25 |
| SHA1 | c10e47a593c37dbb7226f65ad490ff65d9c73a34 |
| SHA256 | 85189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae |
| SHA512 | 8e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\W95INF32.DLL
| MD5 | 4be7661c89897eaa9b28dae290c3922f |
| SHA1 | 4c9d25195093fea7c139167f0c5a40e13f3000f2 |
| SHA256 | e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5 |
| SHA512 | 2035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f |
C:\Windows\msagent\chars\Bonzi.acs
| MD5 | 1fd2907e2c74c9a908e2af5f948006b5 |
| SHA1 | a390e9133bfd0d55ffda07d4714af538b6d50d3d |
| SHA256 | f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95 |
| SHA512 | 8eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171 |
C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat
| MD5 | f80e36cd406022944558d8a099db0fa7 |
| SHA1 | fd7e93ca529ed760ff86278fbfa5ba0496e581ce |
| SHA256 | 7b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7 |
| SHA512 | 436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2 |
memory/1156-725-0x000002B240520000-0x000002B240620000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | be85a012866f82533b134a3e7c03581c |
| SHA1 | 8f361377763dc0f643a3c2746149ca5850c5d8c0 |
| SHA256 | 7c0534066657219aeecf9763515dbb8eeb5b0cc4509d25ed75d5347476f443a0 |
| SHA512 | 38aa3dc3c36a5319162d52fb0bdb7588dfa9fada5247c49ee53d870b7d928ea5be1387e176e8caf3dd6cad9b6975d432eae587c0103f8dffc56f17ef887ae621 |
memory/1156-758-0x000002B272C80000-0x000002B272D80000-memory.dmp
memory/1156-770-0x000002B272C80000-0x000002B272D80000-memory.dmp
memory/1156-813-0x000002B273B80000-0x000002B273C80000-memory.dmp
memory/1156-815-0x000002B2738F0000-0x000002B273910000-memory.dmp
memory/1156-816-0x000002B273F20000-0x000002B273F40000-memory.dmp
memory/1156-812-0x000002B272C20000-0x000002B272C40000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SLUK5XI7\www.bing[1].xml
| MD5 | d09771e76dbef26d948bc32a6b704722 |
| SHA1 | 030d00a2349d87fb861ea8db5f04bd0a76fa63f6 |
| SHA256 | bb623bbb035c2b2d2e6409908fcbab2b1d7a50a0920c71ca6c6400eecf04e5dc |
| SHA512 | 2eb28f316bf12db4b44da7d9a39d7e75b3382212ec27195ff89ddc03d50c4080384fd939de8eebcfe24dea63037c042785e48ca658f389ae7ea3ae6b01c1f318 |
memory/1156-901-0x000002B277710000-0x000002B277810000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\SLUK5XI7\www.bing[1].xml
| MD5 | 6a0333783eec9d189a910c6e5934ad81 |
| SHA1 | 7e28b8b784b922edf636cffac3660621cb5a844b |
| SHA256 | f3e9dbfdd58b336ca8f55218926da4b8e23c6eb19e82246824d3e5e773ed11f1 |
| SHA512 | 3c900fa0408803e0fb9646b39410da135498cd44887932049030809cc6d78eba5e94cafe292f56f11e4e8c127ea893be921905b0ca08b92d5bddbbbd0b1b3e0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3a7437a95fa872512faccae42b9803e0 |
| SHA1 | 6b9f69def1f92eb604869c580b724f9584b4f26b |
| SHA256 | 9f5ef95fdc6af64968774747f3ff95d65c37881b0a92121d613aa03d8b50d255 |
| SHA512 | b835a21dcc3dd663c3950249c1f46bb7b7a696884c5a6eea6b6827d6c3063407079ce61181f77a99ee63786edd7ff3474e45e978172c37b9b840de906d372fbc |
memory/2720-997-0x000000000E570000-0x000000000E5F6000-memory.dmp
memory/2720-996-0x000000000E490000-0x000000000E566000-memory.dmp
memory/1156-1023-0x000002B279B10000-0x000002B279BE6000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 864896.crdownload
| MD5 | 2949c1a5ed0da748d949ac59dbc15059 |
| SHA1 | 9fa86b84cba147b2806f4e11dd76f38dc358c202 |
| SHA256 | 2e0b86cba229e27b6eec45751be45b24f9197cdc7b2eca30447112f917899d0a |
| SHA512 | 65eac714afaa0e7e84a41a18dc710b233afc80a03022e4504b3a30fdc5a82dd22f3ec78e2f5ad9df360c0e93f7d06d53b7a638fbaea93d62093a524beb627a66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 67a8ff2c7f0af632d0bb95f5cfb27b4b |
| SHA1 | 2c6eb524a577bf5d0d0394fea550abd8f0964245 |
| SHA256 | 57a6b3586d9567f13bdbb4b954edc2b5ea309d10375cd851eff1f3de8bebce38 |
| SHA512 | d4af07ed22b74ab90ff80bd34ecd0adfd757c13b9855dcc7eabb859e989229cd9df1f6e1a661390ac9d54ec5b6d37ae5b28adaae6c0ed13226aec1870d67c00c |
C:\Users\Admin\Downloads\Install.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 87addd52aa22309e4a13cfb01a08962d |
| SHA1 | 0cea2de30270c3b993aa4d2ab39bbd2699ce2b24 |
| SHA256 | d0eb4d82043af3456bc3025a6a795c4c91c752bca77d33e5d0ff8d1ff852df00 |
| SHA512 | 92b9cc33d159d7e1678bc0057a87f9e159853d85ffde3d4c3d9e8d65be674c6811a005269fa0e2da6ee2f7ecf06cb94df26526459d6b0ec3079510dce8e96eec |
C:\HookDLL.dll
| MD5 | b2ca1151f83573bc172ddaa172f20c3d |
| SHA1 | 1d1f37de1726055f2f4f7e04fb40ba16404776ba |
| SHA256 | 448a89afddb9bfd9d19efed398d9102a8e80405ff720d9562b5e2ba2a36bfbf3 |
| SHA512 | c146e9389fcb66553db632d48a9fb76253f6c52a2037547a242d5b31fa55cebb72f5554257b2fd58639896f3df08985a66dfd76c35ef4103db5b7e2c0a7c8d1b |
memory/4692-1061-0x0000000075CD0000-0x0000000075D4C000-memory.dmp
memory/4692-1101-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3833e0d3fa6f9ab57e858eb0639ae461 |
| SHA1 | f1644f24866aa177de90146197ade34427b73d97 |
| SHA256 | 5b8f18cf6039671a82b25c343e08b16de3d6adeeea2112af0948760d416fd97d |
| SHA512 | e4efc4e165f6e4392729fe14f6180f3134a766e137b802da3997bc37aec14649c2d63f2f11ac2dbc37ecfd4b7b900f13f986a24b13d47393030bcc963b20597b |
memory/4692-1136-0x0000000000400000-0x000000000040E000-memory.dmp