Headline
CVE-2022-38611: WatchDog Anti-Virus Research
Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.
Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT SERVICE\TrustedInstaller Allow FullControl NT SERVICE\TrustedInstaller Allow 268435456 NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\SYSTEM Allow 268435456 BUILTIN\Administrators Allow FullControl BUILTIN\Administrators Allow 268435456 BUILTIN\Users Allow -1610612736 CREATOR OWNER Allow 268435456 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow -1610612736 APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow -1610612736 Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;OICIID;0x1301bf;;;BU)(A;ID;FA;;;S-1-5-80-956008885-3 418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631- 2271478464)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;OICIIOID;GXGR;;;BU)(A;OICIIO ID;GA;;;CO)(A;ID;0x1200a9;;;AC)(A;OICIIOID;GXGR;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)(A;OICIIOID;GXGR;;;S-1-15-2-2 ) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\DefaultDatabases Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT SERVICE\TrustedInstaller Allow FullControl NT SERVICE\TrustedInstaller Allow 268435456 NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\SYSTEM Allow 268435456 BUILTIN\Administrators Allow FullControl BUILTIN\Administrators Allow 268435456 BUILTIN\Users Allow -1610612736 CREATOR OWNER Allow 268435456 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow -1610612736 APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow -1610612736 Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;OICIID;0x1301bf;;;BU)(A;ID;FA;;;S-1-5-80-956008885-3 418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631- 2271478464)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;OICIIOID;GXGR;;;BU)(A;OICIIO ID;GA;;;CO)(A;ID;0x1200a9;;;AC)(A;OICIIOID;GXGR;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)(A;OICIIOID;GXGR;;;S-1-15-2-2 ) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1 Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT SERVICE\TrustedInstaller Allow FullControl NT SERVICE\TrustedInstaller Allow 268435456 NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\SYSTEM Allow 268435456 BUILTIN\Administrators Allow FullControl BUILTIN\Administrators Allow 268435456 BUILTIN\Users Allow -1610612736 CREATOR OWNER Allow 268435456 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow -1610612736 APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow -1610612736 Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;OICIID;0x1301bf;;;BU)(A;ID;FA;;;S-1-5-80-956008885-3 418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631- 2271478464)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;OICIIOID;GXGR;;;BU)(A;OICIIO ID;GA;;;CO)(A;ID;0x1200a9;;;AC)(A;OICIIOID;GXGR;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)(A;OICIIOID;GXGR;;;S-1-15-2-2 ) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\C Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\crashpad_handler.exe Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\IEShims.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\libcrypto-1_1-x64.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\libssl-1_1-x64.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\log4cpp.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\log4net.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\Microsoft.Win32.SystemEvents.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\msvcp140d.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\Newtonsoft.Json.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\sciter.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\sentry.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\Setup.exe Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\sfc.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\System.Configuration.ConfigurationManager.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\System.Diagnostics.EventLog.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\System.Diagnostics.EventLog.Messages.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\System.Drawing.Common.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\System.Security.Cryptography.ProtectedData.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\System.Security.Permissions.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\System.Threading.AccessControl.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\ucrtbased.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\unins000.dat Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\unins000.exe Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\vcruntime140d.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\vcruntime140_1.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\vcruntime140_1d.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.deps.json Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.Diag.deps.json Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.Diag.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.Diag.exe Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.Diag.runtimeconfig.json Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.Domain.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.exe Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.runtimeconfig.json Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.Sciter.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.SDK.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\WAV.Shared.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\wsdk-antivirus.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\wsdk-driver.sys Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\attachments Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT SERVICE\TrustedInstaller Allow FullControl NT SERVICE\TrustedInstaller Allow 268435456 NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\SYSTEM Allow 268435456 BUILTIN\Administrators Allow FullControl BUILTIN\Administrators Allow 268435456 BUILTIN\Users Allow -1610612736 CREATOR OWNER Allow 268435456 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow -1610612736 APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow -1610612736 Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;OICIID;0x1301bf;;;BU)(A;ID;FA;;;S-1-5-80-956008885-3 418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631- 2271478464)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;OICIIOID;GXGR;;;BU)(A;OICIIO ID;GA;;;CO)(A;ID;0x1200a9;;;AC)(A;OICIIOID;GXGR;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)(A;OICIIOID;GXGR;;;S-1-15-2-2 ) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\b78311f7-70d6-4ba6-3e3c-6fcc6b771e67.run Owner : DESKTOP-8B89BFF\dev Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT SERVICE\TrustedInstaller Allow FullControl NT SERVICE\TrustedInstaller Allow 268435456 NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\SYSTEM Allow 268435456 BUILTIN\Administrators Allow FullControl BUILTIN\Administrators Allow 268435456 BUILTIN\Users Allow -1610612736 DESKTOP-8B89BFF\dev Allow FullControl CREATOR OWNER Allow 268435456 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow -1610612736 APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow -1610612736 Audit : Sddl : O:S-1-5-21-2015969053-4181822921-3402349266-1000G:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;OICIID;0 x1301bf;;;BU)(A;ID;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80 -956008885-3418522649-1831038044-1853292631-2271478464)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICI IOID;GA;;;BA)(A;OICIIOID;GXGR;;;BU)(A;ID;FA;;;S-1-5-21-2015969053-4181822921-3402349266-1000)(A;OICIIOID;GA;;; CO)(A;ID;0x1200a9;;;AC)(A;OICIIOID;GXGR;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)(A;OICIIOID;GXGR;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\reports Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT SERVICE\TrustedInstaller Allow FullControl NT SERVICE\TrustedInstaller Allow 268435456 NT AUTHORITY\SYSTEM Allow FullControl NT AUTHORITY\SYSTEM Allow 268435456 BUILTIN\Administrators Allow FullControl BUILTIN\Administrators Allow 268435456 BUILTIN\Users Allow -1610612736 CREATOR OWNER Allow 268435456 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow -1610612736 APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow -1610612736 Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;OICIID;0x1301bf;;;BU)(A;ID;FA;;;S-1-5-80-956008885-3 418522649-1831038044-1853292631-2271478464)(A;CIIOID;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631- 2271478464)(A;ID;FA;;;SY)(A;OICIIOID;GA;;;SY)(A;ID;FA;;;BA)(A;OICIIOID;GA;;;BA)(A;OICIIOID;GXGR;;;BU)(A;OICIIO ID;GA;;;CO)(A;ID;0x1200a9;;;AC)(A;OICIIOID;GXGR;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)(A;OICIIOID;GXGR;;;S-1-15-2-2 ) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\b78311f7-70d6-4ba6-3e3c-6fcc6b771e67.run.lock Owner : DESKTOP-8B89BFF\dev Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl DESKTOP-8B89BFF\dev Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:S-1-5-21-2015969053-4181822921-3402349266-1000G:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x130 1bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-2015969053-4181822921-3402349266-1000)(A;ID;0x1200a9; ;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\metadata Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\settings.dat Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\b78311f7-70d6-4ba6-3e3c-6fcc6b771e67.run\session.json Owner : DESKTOP-8B89BFF\dev Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl DESKTOP-8B89BFF\dev Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:S-1-5-21-2015969053-4181822921-3402349266-1000G:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x130 1bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-2015969053-4181822921-3402349266-1000)(A;ID;0x1200a9; ;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\b78311f7-70d6-4ba6-3e3c-6fcc6b771e67.run\__sentry-breadcrumb1 Owner : DESKTOP-8B89BFF\dev Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl DESKTOP-8B89BFF\dev Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:S-1-5-21-2015969053-4181822921-3402349266-1000G:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x130 1bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-2015969053-4181822921-3402349266-1000)(A;ID;0x1200a9; ;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\b78311f7-70d6-4ba6-3e3c-6fcc6b771e67.run\__sentry-breadcrumb2 Owner : DESKTOP-8B89BFF\dev Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl DESKTOP-8B89BFF\dev Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:S-1-5-21-2015969053-4181822921-3402349266-1000G:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x130 1bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-2015969053-4181822921-3402349266-1000)(A;ID;0x1200a9; ;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\.sentry-native\b78311f7-70d6-4ba6-3e3c-6fcc6b771e67.run\__sentry-event Owner : DESKTOP-8B89BFF\dev Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl DESKTOP-8B89BFF\dev Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:S-1-5-21-2015969053-4181822921-3402349266-1000G:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x130 1bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-2015969053-4181822921-3402349266-1000)(A;ID;0x1200a9; ;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\DefaultDatabases\wsdk.fp Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\DefaultDatabases\wsdk.hdb Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\COPYING.txt Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\json-c.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libbz2.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libclamav.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libclamunrar.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libclamunrar_iface.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libcrypto-1_1-x64.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libcurl.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libfreshclam.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libssh2.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libssl-1_1-x64.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\libxml2.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\mspack.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\nghttp2.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\pcre2-8.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\pdcurses.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2) Path : Microsoft.PowerShell.Core\FileSystem::C:\Program Files (x86)\Watchdog Anti-Virus\scanner1\pthreadVC2.dll Owner : BUILTIN\Administrators Group : DESKTOP-8B89BFF\None Access : BUILTIN\Users Allow Modify, Synchronize NT AUTHORITY\SYSTEM Allow FullControl BUILTIN\Administrators Allow FullControl APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES Allow ReadAndExecute, Synchronize APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES Allow ReadAndExecute, Synchronize Audit : Sddl : O:BAG:S-1-5-21-2015969053-4181822921-3402349266-513D:AI(A;ID;0x1301bf;;;BU)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0 x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)