Analysis
-
max time kernel
151s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13-10-2023 20:43
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.d2093a12c26ccb442b4f3ff378505640.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.d2093a12c26ccb442b4f3ff378505640.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.d2093a12c26ccb442b4f3ff378505640.exe
-
Size
297KB
-
MD5
d2093a12c26ccb442b4f3ff378505640
-
SHA1
3cb6d0611aeab0de663c6ce393cb4f66cff12807
-
SHA256
152285e43b43e21b5565498c9fd20cefd8a4e0f88077b72786665ff16315b184
-
SHA512
fad41cdcbe12ce2f409cbae48f9991e4983f5348db91404c08650977c1aef5b610013a623a7778b10d2e33470944b137c7e5ded8a7d479fb5d1429eb4e3bd5dd
-
SSDEEP
6144:/pW2bgbbV28okoS1oWMkdlZQ5iinNrv26OoN:/pW2IoioS6N
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe -
Disables Task Manager via registry modification
-
Possible privilege escalation attempt 64 IoCs
pid Process 2080 takeown.exe 368 takeown.exe 4368 icacls.exe 2028 takeown.exe 1552 icacls.exe 2064 icacls.exe 3376 icacls.exe 3436 takeown.exe 3524 icacls.exe 3904 takeown.exe 1500 takeown.exe 1420 takeown.exe 1744 takeown.exe 3076 icacls.exe 3164 takeown.exe 3948 icacls.exe 1296 icacls.exe 2660 icacls.exe 1120 icacls.exe 4032 takeown.exe 3744 icacls.exe 2944 takeown.exe 3512 takeown.exe 3260 takeown.exe 3848 icacls.exe 3916 icacls.exe 3204 icacls.exe 3696 takeown.exe 2992 icacls.exe 3100 icacls.exe 4084 takeown.exe 1020 icacls.exe 2236 icacls.exe 3996 takeown.exe 4248 takeown.exe 4408 icacls.exe 1936 takeown.exe 2496 takeown.exe 4336 takeown.exe 1584 icacls.exe 696 takeown.exe 3580 icacls.exe 3840 takeown.exe 1964 icacls.exe 1100 icacls.exe 2836 takeown.exe 2292 takeown.exe 3712 takeown.exe 3800 icacls.exe 4352 icacls.exe 1820 icacls.exe 3284 takeown.exe 2212 takeown.exe 2696 takeown.exe 2500 takeown.exe 2712 takeown.exe 2452 icacls.exe 3616 icacls.exe 3960 takeown.exe 1736 icacls.exe 1448 takeown.exe 4048 takeown.exe 2672 icacls.exe 3396 icacls.exe -
Modifies file permissions 1 TTPs 64 IoCs
pid Process 2524 takeown.exe 3084 takeown.exe 3840 takeown.exe 1964 icacls.exe 4384 takeown.exe 1592 takeown.exe 3752 takeown.exe 4004 icacls.exe 3552 icacls.exe 3696 takeown.exe 1828 takeown.exe 1296 icacls.exe 2096 takeown.exe 3832 icacls.exe 4032 takeown.exe 4280 takeown.exe 2696 takeown.exe 1552 icacls.exe 2236 icacls.exe 3396 icacls.exe 3684 icacls.exe 4312 icacls.exe 4320 takeown.exe 2460 takeown.exe 3172 icacls.exe 3420 icacls.exe 4256 icacls.exe 4272 icacls.exe 4352 icacls.exe 3284 takeown.exe 3764 icacls.exe 4328 icacls.exe 4400 takeown.exe 1692 takeown.exe 1880 icacls.exe 1636 takeown.exe 3568 takeown.exe 3904 takeown.exe 3064 icacls.exe 2380 icacls.exe 2736 icacls.exe 2992 icacls.exe 3588 takeown.exe 3824 takeown.exe 4136 icacls.exe 2572 icacls.exe 1676 takeown.exe 3628 takeown.exe 1020 icacls.exe 3020 icacls.exe 2808 icacls.exe 1696 takeown.exe 2904 icacls.exe 3164 takeown.exe 3608 takeown.exe 1076 takeown.exe 4368 icacls.exe 1680 icacls.exe 3848 icacls.exe 3968 icacls.exe 368 takeown.exe 1700 takeown.exe 2828 takeown.exe 992 icacls.exe -
Modifies system executable filetype association 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe BATCF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\SystemPropertiesAdvanced.exe NEAS.d2093a12c26ccb442b4f3ff378505640.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 13 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe NTPAD %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\jpegfile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe JPGIF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\inffile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe NTPAD %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\icofile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe JPGIF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe NTPAD %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\giffile\shell\Open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe JPGIF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open\Command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe VBSSF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\rtffile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe RTFDF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe HTMWF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe NTPAD %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\batfile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe BATCF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\cmdfile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe CMDSF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\pngfile\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\NEAS.d2093a12c26ccb442b4f3ff378505640.exe JPGIF %1" NEAS.d2093a12c26ccb442b4f3ff378505640.exe -
Modifies registry key 1 TTPs 2 IoCs
pid Process 2892 reg.exe 804 reg.exe -
Suspicious behavior: EnumeratesProcesses 21 IoCs
pid Process 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe -
Suspicious use of AdjustPrivilegeToken 22 IoCs
description pid Process Token: SeDebugPrivilege 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe Token: SeTakeOwnershipPrivilege 2320 takeown.exe Token: SeTakeOwnershipPrivilege 1612 takeown.exe Token: SeTakeOwnershipPrivilege 2620 takeown.exe Token: SeTakeOwnershipPrivilege 2696 takeown.exe Token: SeTakeOwnershipPrivilege 2052 takeown.exe Token: SeTakeOwnershipPrivilege 2464 takeown.exe Token: SeTakeOwnershipPrivilege 2552 takeown.exe Token: SeTakeOwnershipPrivilege 2944 takeown.exe Token: SeTakeOwnershipPrivilege 2720 takeown.exe Token: SeTakeOwnershipPrivilege 2668 takeown.exe Token: SeTakeOwnershipPrivilege 1500 takeown.exe Token: SeTakeOwnershipPrivilege 588 takeown.exe Token: SeTakeOwnershipPrivilege 2700 takeown.exe Token: SeTakeOwnershipPrivilege 1936 takeown.exe Token: SeTakeOwnershipPrivilege 1692 takeown.exe Token: SeTakeOwnershipPrivilege 2748 takeown.exe Token: SeTakeOwnershipPrivilege 2496 takeown.exe Token: SeTakeOwnershipPrivilege 2500 takeown.exe Token: SeTakeOwnershipPrivilege 1448 takeown.exe Token: SeTakeOwnershipPrivilege 2580 takeown.exe Token: SeTakeOwnershipPrivilege 1684 takeown.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2916 wrote to memory of 2892 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 28 PID 2916 wrote to memory of 2892 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 28 PID 2916 wrote to memory of 2892 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 28 PID 2916 wrote to memory of 804 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 29 PID 2916 wrote to memory of 804 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 29 PID 2916 wrote to memory of 804 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 29 PID 2916 wrote to memory of 2320 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 34 PID 2916 wrote to memory of 2320 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 34 PID 2916 wrote to memory of 2320 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 34 PID 2916 wrote to memory of 1296 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 36 PID 2916 wrote to memory of 1296 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 36 PID 2916 wrote to memory of 1296 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 36 PID 2916 wrote to memory of 2052 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 37 PID 2916 wrote to memory of 2052 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 37 PID 2916 wrote to memory of 2052 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 37 PID 2916 wrote to memory of 1584 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 39 PID 2916 wrote to memory of 1584 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 39 PID 2916 wrote to memory of 1584 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 39 PID 2916 wrote to memory of 1612 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 40 PID 2916 wrote to memory of 1612 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 40 PID 2916 wrote to memory of 1612 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 40 PID 2916 wrote to memory of 1736 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 41 PID 2916 wrote to memory of 1736 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 41 PID 2916 wrote to memory of 1736 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 41 PID 2916 wrote to memory of 2944 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 43 PID 2916 wrote to memory of 2944 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 43 PID 2916 wrote to memory of 2944 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 43 PID 2916 wrote to memory of 2856 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 44 PID 2916 wrote to memory of 2856 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 44 PID 2916 wrote to memory of 2856 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 44 PID 2916 wrote to memory of 2668 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 48 PID 2916 wrote to memory of 2668 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 48 PID 2916 wrote to memory of 2668 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 48 PID 2916 wrote to memory of 2672 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 49 PID 2916 wrote to memory of 2672 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 49 PID 2916 wrote to memory of 2672 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 49 PID 2916 wrote to memory of 2696 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 51 PID 2916 wrote to memory of 2696 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 51 PID 2916 wrote to memory of 2696 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 51 PID 2916 wrote to memory of 2704 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 50 PID 2916 wrote to memory of 2704 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 50 PID 2916 wrote to memory of 2704 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 50 PID 2916 wrote to memory of 2580 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 58 PID 2916 wrote to memory of 2580 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 58 PID 2916 wrote to memory of 2580 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 58 PID 2916 wrote to memory of 2584 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 54 PID 2916 wrote to memory of 2584 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 54 PID 2916 wrote to memory of 2584 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 54 PID 2916 wrote to memory of 2552 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 53 PID 2916 wrote to memory of 2552 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 53 PID 2916 wrote to memory of 2552 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 53 PID 2916 wrote to memory of 2660 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 57 PID 2916 wrote to memory of 2660 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 57 PID 2916 wrote to memory of 2660 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 57 PID 2916 wrote to memory of 2620 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 61 PID 2916 wrote to memory of 2620 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 61 PID 2916 wrote to memory of 2620 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 61 PID 2916 wrote to memory of 2588 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 59 PID 2916 wrote to memory of 2588 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 59 PID 2916 wrote to memory of 2588 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 59 PID 2916 wrote to memory of 2464 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 62 PID 2916 wrote to memory of 2464 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 62 PID 2916 wrote to memory of 2464 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 62 PID 2916 wrote to memory of 2528 2916 NEAS.d2093a12c26ccb442b4f3ff378505640.exe 63
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.d2093a12c26ccb442b4f3ff378505640.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.d2093a12c26ccb442b4f3ff378505640.exe"1⤵
- Modifies system executable filetype association
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2916 -
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f2⤵
- UAC bypass
- Modifies registry key
PID:2892
-
-
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f2⤵
- Modifies registry key
PID:804
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\bfsvc.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2320
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\bfsvc.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1296
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\HelpPane.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2052
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\HelpPane.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:1584
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\hh.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1612
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\hh.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:1736
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\splwow64.exe"2⤵
- Possible privilege escalation attempt
- Suspicious use of AdjustPrivilegeToken
PID:2944
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\splwow64.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2856
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\winhlp32.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2668
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\winhlp32.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:2672
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\write.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2704
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\write.exe"2⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:2696
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\msra.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2552
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\raserver.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2584
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\msra.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:2660
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\raserver.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2580
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\quickassist.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2588
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\quickassist.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2620
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\sdchange.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2464
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\sdchange.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2528
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\logagent.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2428
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\logagent.exe"2⤵
- Possible privilege escalation attempt
- Suspicious use of AdjustPrivilegeToken
PID:2500
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\rrinstaller.exe"2⤵
- Possible privilege escalation attempt
- Suspicious use of AdjustPrivilegeToken
PID:1500
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\CameraSettingsUIHost.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2192
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\rrinstaller.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2472
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\CameraSettingsUIHost.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2720
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\gpscript.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2700
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\gpscript.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1020
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\mavinject.exe"2⤵
- Possible privilege escalation attempt
- Suspicious use of AdjustPrivilegeToken
PID:1448
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\mavinject.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:916
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\provlaunch.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:588
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\provlaunch.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1512
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\sdiagnhost.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1960
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\sdiagnhost.exe"2⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1692
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\mstsc.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2152
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\mstsc.exe"2⤵
- Possible privilege escalation attempt
- Suspicious use of AdjustPrivilegeToken
PID:1936
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\runas.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2788
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\runas.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2748
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\SysWOW64\msinfo32.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2516
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\SysWOW64\msinfo32.exe"2⤵
- Possible privilege escalation attempt
- Suspicious use of AdjustPrivilegeToken
PID:2496
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:1100
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:1752
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1684
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:324
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:1696
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1628
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:2712
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3020
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2132
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2300
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2688
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:1744
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:400
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:1076
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:2524
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3064
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2644
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2436
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2544
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:2808
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:1420
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:2452
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:904
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1440
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2936
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:2572
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:2028
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:1820
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:1568
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2576
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2072
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2824
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2776
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:992
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:1592
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1728
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:1564
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:2080
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:1880
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:580
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:2460
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:872
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:1016
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1552
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:696
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2316
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:1676
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:2904
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:2836
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:572
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:1408
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2844
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:2292
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2340
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:368
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:2380
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2160
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:1828
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3048
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1616
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2756
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2020
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:2212
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2504
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:876
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2236
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2224
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2880
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1896
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:2648
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:1700
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:640
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:1824
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:2064
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:1680
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:676
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2992
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2740
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:1068
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:1120
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:2096
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1168
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:1636
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3076
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:3084
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3100
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3108
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3116
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3144
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3156
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3220
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3204
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3196
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3188
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3180
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3172
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3164
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3228
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3236
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3244
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:3260
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3268
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3284
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3376
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3388
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3396
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3420
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3404
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:3436
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3448
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3464
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3476
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3492
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3500
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3524
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3540
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:3512
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:3568
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3552
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3580
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:3588
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3596
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:3608
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3616
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:3628
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3644
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3660
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3696
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3704
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3684
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:3712
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3720
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3736
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3744
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:3752
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3764
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3788
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3800
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3808
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3816
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:3824
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3832
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3840
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3848
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3904
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3896
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3888
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3876
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3860
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3916
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3936
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:3948
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:3960
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:3968
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3976
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:3988
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:3996
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:4004
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4032
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:4048
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4040
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4092
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:4084
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4068
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:2828
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1468
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:3004
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:1216
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:2940
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:2736
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:1660
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1964
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:112
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4104
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:4112
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4120
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:4128
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:4136
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:4152
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4216
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4240
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:4228
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:4248
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:4256
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:4264
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:4272
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:4280
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4288
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:4304
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:4312
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:4320
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Modifies file permissions
PID:4328
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Possible privilege escalation attempt
PID:4336
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4352
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵PID:4360
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:4368
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:4384
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵PID:4392
-
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /S ZWKQHIWB /U Admin /F "C:\Windows\System32\SystemPropertiesAdvanced.exe"2⤵
- Modifies file permissions
PID:4400
-
-
C:\Windows\System32\icacls.exe"C:\Windows\System32\icacls.exe" "C:\Windows\System32\SystemPropertiesAdvanced.exe" /INHERITANCE:e /GRANT:r Admin:(F)2⤵
- Possible privilege escalation attempt
PID:4408
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
297KB
MD5ec7fd13521cfb0b1af66a4896977cba0
SHA1776a650de73e75ed24f501fb63b5bca12b56b1a1
SHA256c9d952c6ff4f859f510ad74749852abeb2a21d9e7e1ae9750c6ca6479b860b65
SHA51292a716217543e9483151d4e19ff3545d7fe3383956e255281a27a16e5947e7928cfc1fd0379b21ec47dcfad92a8fc195dd679399ae70be10d5eec5f7be1f76c2
-
Filesize
297KB
MD5b97454c810086683f2887dbd130844c9
SHA166f4346b32fe336e3046bedd727ed589c786a30e
SHA256cd2f59c99830eafb9e69f96705ea7fe289d32876f7dcd887abfd2248f61269a0
SHA51228da1247b5b1c3b78feadad8065fc6a86a0fd68ab40e861b9cb4dbf5445502e6d28f6393524732607415e523b8b527142c8d577aef7b1e2fd56cfb96e8f57e20
-
Filesize
297KB
MD55b97ef371212782a40e980e1a1d57d67
SHA1382f8e9d2f57bf3f2cc441f9e08e3db28fca1d24
SHA2562655066be6912fd6ba618ca2d96f1becb16c380ca346838044f116bc2363f073
SHA5129f353937e9666eaa06808d7aa8e8a302a73eacf62580ad05f8e785698482ce6bf0f803937314358371b88bfc73039fb88524546db88dc65e05087c3ec48409b1
-
Filesize
297KB
MD5b97454c810086683f2887dbd130844c9
SHA166f4346b32fe336e3046bedd727ed589c786a30e
SHA256cd2f59c99830eafb9e69f96705ea7fe289d32876f7dcd887abfd2248f61269a0
SHA51228da1247b5b1c3b78feadad8065fc6a86a0fd68ab40e861b9cb4dbf5445502e6d28f6393524732607415e523b8b527142c8d577aef7b1e2fd56cfb96e8f57e20
-
Filesize
297KB
MD58b541c66019270268d2e5927d2a6e218
SHA15592b3bdf7bc02297c438e73c7994dc78584fa7b
SHA25672c021d83d07c8f4055c31fb55a132fb556c45138b47c7333eba4c7e169787ad
SHA5129ba2536f0ca3953f411f0708f9144ffad73d44f58095157a07c165e53df2d05c937bb910c841c3792ae77585a1ddf953e2555761756102802227c83dd993c19c
-
Filesize
297KB
MD5bb60f8c4289e2f23abf65759b88a8136
SHA1e88322558b4e5648dd40dd44cc15c0932eecce06
SHA25686b74a7c2dd463182470012a905f1369f97e13996fef92978cb19265dc5f576a
SHA512b4ad8cd86a3b4b50b14f4e59bb8f02ac8d4648d60e72d0146f6721120154c2605de9c5555bcf8293f687eca87639377c0e85628296e4830909cb9d56271b680e
-
Filesize
297KB
MD546786dc327d50b62f0366d636a90834d
SHA1a71c21d583ec30c7fe098a38cd99939d5b0442f8
SHA2563d952a3c0725a480ddabf19925c0af1c06a08520a116bb3103a7753f38221cb9
SHA5127b5b012f7d8a6aeecf093064b2c79306ffbdf0eb017ec4eba1289aac6a37d36edc4fee826b6d477720b8428269a3c6d4fe0df744016d1ed37ea874083fcbda85
-
Filesize
297KB
MD5821838f5e299fc7cea0b2f0c9ce281de
SHA11291679c3afbbee79b101d1d4abce852f5541e31
SHA256111578e061f0d8ea6d2a12f72706a2464d6ece90b1e93c70b001bd33f92c0fda
SHA512e1aadae7dc87d7d142ce2795a734a989ca69e0b7740c02348982f5754b2fcb3115ce75fb47286e45d910a87e1f6b77aa3462b73c61dc817754a575c987b0cb5d
-
Filesize
297KB
MD57060dac70c3a4490f06f5f18a5a41bcd
SHA1f10e69c2235defd2c90ed8ba6eb83e8fb070bf44
SHA256b179826cd446d6f20348660bd7b58de3cbd03f222e5ce92d576806b1262c027b
SHA512897d08ac345d9f737fd6f66e1163df44fcce1fc23bd2b287d1d39fbc9a5d77f9d7b0960d26728606fec9d0fda6ae5b37eedd1f0e567af68f2072d6ef18893e62
-
Filesize
297KB
MD577365bdd6f0c8ffc7925b10193a3b893
SHA1d8c4d1d0a7dfa81b8b4d74e1b47eed4aa98a2cff
SHA256ad26b6ee82c7401920c0a0db79e6a18389a57140d1121ae502e6f09a6aaa747b
SHA5129c66601d189602ab40be1b7c8fed23eca5b3a30604605d0930f167f3f4676f06a6678cf6f1c2d08013eac769f0ac98c0d398bd2dadc4c6638f1f441dcedf8779
-
Filesize
298KB
MD57d9f130f2904ced5b4c01cca9bae539e
SHA1efed2a4976840da87642c8dc570a9b8dd73d9013
SHA2562299336ce4ac8f4885ffeaa0369d077fc5ade8a0b0ff7905ffbe7a642a2f9df7
SHA5121f64917a4032db8e2869119321e49b0fd5e31ca207ca54434923370481fbcf0ab881fd657dd2b96c23b80d33976534ec495e6b6e625fa836070bac179de29ceb
-
Filesize
298KB
MD520cf06b3d47d1f4b6d49438e970e6259
SHA15a07ec00cb6d08bf90481cf6745981782a75ad71
SHA2560c0c11b7204ebf29604ad3578e0392407b15d5e06570cc780dceb69efe2e30fc
SHA51232c655a8a17d8f1f7383bd9366f2e2495af3e586d2826e7054a8e841ab97a48c45f7913d634e926dc2ab464a1c4789da41f5bd3aa42158d3d2594f7bc822e0ca
-
Filesize
298KB
MD559ae65b253524f1939711a77de05752e
SHA1be02d49f2bedbc274f2c81f1536e8109d5ec6fd6
SHA2569c0bd13c355bcc4145d4e06b186a2517ce5bf2e770c049e4b0f1acc872f1c5d3
SHA512b9ab54b0dd5494cbee4d401a25dd873dff4899b19ff96910144f7afcc6a1120b0b6b56706cba5f7d5efab18b7e445c11d9120e8ee8d000602a6aef72b2b6d3b4
-
Filesize
298KB
MD559ae65b253524f1939711a77de05752e
SHA1be02d49f2bedbc274f2c81f1536e8109d5ec6fd6
SHA2569c0bd13c355bcc4145d4e06b186a2517ce5bf2e770c049e4b0f1acc872f1c5d3
SHA512b9ab54b0dd5494cbee4d401a25dd873dff4899b19ff96910144f7afcc6a1120b0b6b56706cba5f7d5efab18b7e445c11d9120e8ee8d000602a6aef72b2b6d3b4
-
Filesize
298KB
MD500d5353a23b1d14cc1e5e111e4a88ba1
SHA18a85a1d1b6fd2b9b214cd7ee4f3f0fa7783bc261
SHA25620a014703103f37998efa469b8fb8bcb73a166d5f7cda1cf72a86121e517316d
SHA512a9103a0db4676d712a8e7e3e130fadb9d843907eb05874cfbac582734c00842a737f2734d1d7689fddac7fae3a1e04b89dc7b1fa3dce133cdc592a3f0af4c657
-
Filesize
298KB
MD5e60eb755bf5061180a7dc03144a0ab0f
SHA18c292e9fd8b32d89768f128a819761104796ba26
SHA256197f702af489dad9fe73283ff1c044a8ab1e75c2cda28edef3628d9bf160dd14
SHA5127a8f622367d49b928bd03076c9aaab060d993a743c2a3ee5bd9f730198bbf02b121e1c13c8a6daca4c25e2d7d3463c9802ad25abf3ac712c816ae4a08814e081
-
Filesize
298KB
MD50da9c998c74146bd9691a439c25c39fd
SHA1d3512bfda14af7116484e4fa938782a9b915b63f
SHA256f0495540c7aaae888088eb317bf01e766707012b0fd8e4805a14be57920ecd0a
SHA5127b0cc255a49e3423720298e0864de600d63d8c124448a8303c1cae64a5d54cf076bf940858174c8355d60f1f6c1f9046ffa359b04b900b4b54d00d71f0434a7b
-
Filesize
298KB
MD56612952388300171201dd737310ac81f
SHA10f2e452225f48741e66f116a021076ea1152a08c
SHA256f8f84e64bde0272e753b584418f86ebca1afc660ec7d3118acd5d6614abfc62a
SHA512f1e9b24acc369a4750b8fbb1785d2823bdc914a1be41db054d230e38db4bebadd38f6eb7fea814d2faf5fe614425e7a25003fc1eefbf9c644539a711b23a1d35
-
Filesize
298KB
MD541318a241de703e336b100b0148db87d
SHA13669513125410dfe63f1dee55534c5a0db7d2f7a
SHA25615352584917b0e6360de9772de2f010b6706dc00aba3c09bd5aa1d9c04888396
SHA51292027d877f2075f8bf3c6c34c46fb08968cede317baa33586d193b6a282c16adc3294469c692052521c03bc4d09f58ca6991af4720b0f88f61f1d0ff8dac1ddf
-
Filesize
298KB
MD508749fd1b50ca67dc0b8e6c2bbf92186
SHA128e3fb7da110d26951de70a015e0e7b851fe625d
SHA2564da2a6577f23af79f8b9158f7c83d250ce1cbe9f01ff8df6d184c779b3724df7
SHA512a0b0ecbba9a3176ad04d4c94a4cf6cf9aaeeb5812f3645cd0c48170af88dea6fd0cf08c172ef50b841800f1ade38b48a3746686905c7d1c25b034c56cbf08bd9
-
Filesize
298KB
MD508749fd1b50ca67dc0b8e6c2bbf92186
SHA128e3fb7da110d26951de70a015e0e7b851fe625d
SHA2564da2a6577f23af79f8b9158f7c83d250ce1cbe9f01ff8df6d184c779b3724df7
SHA512a0b0ecbba9a3176ad04d4c94a4cf6cf9aaeeb5812f3645cd0c48170af88dea6fd0cf08c172ef50b841800f1ade38b48a3746686905c7d1c25b034c56cbf08bd9
-
Filesize
298KB
MD58ed6c3cdc4716f908d6355dba8207840
SHA1cd885c85d7f6742e8420028ee61cb0977b72b912
SHA256340382a6956f96d21e7df6c52e49ae2bcf2bfa74c04a4280305d3056ddfd5cb7
SHA5121c58492ddbdb32c81d6d1f091fafb85c2ff780428d4d8b432d0a72282fa0797fbed09cacfbb470482b3953122db80b8803702bc5ba33ee4a3240c4c7cafa0a28
-
Filesize
298KB
MD599cba59212ebf5d8787a968ad58e10d1
SHA1339b8d4e6e7b5eab9956bdfdb510a77a5dc47eeb
SHA25623332bac5b36bc561fbd02f5ab5d69c46c849c2e8b2c0ccb11d711044ce0c68b
SHA5122159d98d8e107350125df58eab5999adc67939bccfe50673ffe08b0b45297186081838c6acbc2bc63c4cf45fb950fa2bb75076c3b40d8e001005eafc0945d485
-
Filesize
298KB
MD506af156c25a4b12218501ffb4743ebfa
SHA16d943fb2d90f2d57420d336b6b6ee6ed31923239
SHA256333d1dee6d4666da7c57209220eadb24e998f478714c86a4461040751040cddc
SHA51221710dbc3242ecbb6f72a33434c14abe2b5ab62d4b8968f65037ae1a489da080d267220bde27a73414748832d9804b581059d8803cfc29b80a7f72524ba66833
-
Filesize
298KB
MD5f888afec30adaf10c95f7737cac12505
SHA1a2474f1fdce80952308488fb4497129d4d83cf16
SHA25634698dffa835572eaf69516e698e5ed930a3044d4f6d604d1a0f11d2d718ec2d
SHA512b3e96893b5d3737eb9a7c87e92169d55043155cf50937402f566c5741ebd57e9943bd54d911048aa32ac07fd18299a404c2d3bb02bf346ec98a099dce0344c58
-
Filesize
298KB
MD5f888afec30adaf10c95f7737cac12505
SHA1a2474f1fdce80952308488fb4497129d4d83cf16
SHA25634698dffa835572eaf69516e698e5ed930a3044d4f6d604d1a0f11d2d718ec2d
SHA512b3e96893b5d3737eb9a7c87e92169d55043155cf50937402f566c5741ebd57e9943bd54d911048aa32ac07fd18299a404c2d3bb02bf346ec98a099dce0344c58
-
Filesize
298KB
MD5ea018bf838cb7076103468667eac5579
SHA1eefff7dde30bc2a00b1764a4d6cbb3541436456f
SHA256c34ed4d0e64028dcc1da1c861b7018a7a7df4bacb85b1ad1402064c4597e4dfe
SHA5129084eda7c5367d384ddfbf723b7675513585246e1b2fdabc452265522d25b6ce64f270fe9d44ed5ccc545188e92d7597344a16f11c6de03f28861400b6e2001d
-
Filesize
298KB
MD5f2f267bc7db64a4ca0ffb05ddb46e3df
SHA162dd4af39859f4d56c9e6e345d9fe4d2173c086b
SHA256c9a1e0898891fc5c24716003c7a1bdee250b19bef37aba34f4e945173fc0fa7c
SHA512edf10ff8834282eb17e0e0cd6702bfe465f0b41cc249644484c10236d167a00592853c824a2e1078fab02917ab2ef87fe6b6eead3054d415503516c88dd866b5
-
Filesize
298KB
MD5dad784cd5acdd1a588ceb25d66699522
SHA1c9a32f388859b2d9a74a2002a961fc31deaa0a6c
SHA256b05fc005925e815ca57caed6812bebb89cc07d8e2d0c0e758d128147557501e2
SHA5123a1388e4f4b4e15bfc31cc5c91f2697e331dae654f6d47b4b21f73c381a824809777d8606a0d1d1bd49adbed2b3808cc03514a3c4b8bd2eb265770db0d2a2fd5
-
Filesize
298KB
MD5a355bc4242b31b4c756c7d32c3fb34e4
SHA177911d500d2db2f4fed25c6bfb5ffaf3060c9763
SHA256bc4f46f770738aa4aa1532a5f16177725b8cb25cb2db1e05e64c4467f62b5c23
SHA51234f2728491991026d339e4da0c9900b589ddc441d6cc8c9965f1ae202b37a4f85e4e96d496fca8677e43683d816d2b50285ae5a8126694d82424d2d5f3343c61
-
Filesize
298KB
MD5c71ade09ece804f5f6d4ec8aed98fe47
SHA1d8145adf995b5fc978c0ade2d8da76ceff9ae8a9
SHA2568958bb9201a943877a1632ffbf2480620740d627f6208d51fa8df87d2fdc6c9a
SHA51244f88a163536903d48c303b1563a4beede5fb55572e6f4afeeb9841ee660ba4af4e1e54a6bdee670002c541102067815ffeaf923e5cb0ea8f294b51b745284ee
-
Filesize
298KB
MD5c71ade09ece804f5f6d4ec8aed98fe47
SHA1d8145adf995b5fc978c0ade2d8da76ceff9ae8a9
SHA2568958bb9201a943877a1632ffbf2480620740d627f6208d51fa8df87d2fdc6c9a
SHA51244f88a163536903d48c303b1563a4beede5fb55572e6f4afeeb9841ee660ba4af4e1e54a6bdee670002c541102067815ffeaf923e5cb0ea8f294b51b745284ee
-
Filesize
298KB
MD5f80b81a4bf0cfc552271dd2bf9d02381
SHA1c1aac84c1e0f31d1426d7aafc96d1cb153a49e5b
SHA256f3d52909495dd6ade44ab5c21c57491aca5902fd38515aae8d1ce8da30b1bd6f
SHA5127db57ffd67fb3af283b844f49c51f5b5d3ec915d9ffb2c84109a27b1a74ced72d69cc82decbfc5ef49408afd1fef22091c6e5b696476fd4b319c24264162159a
-
Filesize
298KB
MD5aa26ab7f85100afd547d775799b74027
SHA1d37f9c3c6f12db319eef03ff40166be779a61157
SHA256e511e6c152f1bab6cb69d7fcaa105bf1e16a2b8653cc6ff6fd994cdae3f0ad10
SHA51224ba1f83e1ca52f3e8e0e500162da89d5d33fcda3b35a6f9d594a9e4210591a5b29c7a23003a69cc6d60ffe13c66cc9b99124f8f31e007b82a3fbca506800edb
-
Filesize
299KB
MD52b4a3051d499e439d41e1fc170cb8166
SHA13cb215b4aa04c894c16d295c9c41ebcc096b0afa
SHA2566116155df689dce9652443f432e8b14b57e1f38b86b185e694970c6ed03fc6e3
SHA512595746aaefa151956217fdff311d4f2ac5755d8485bf7d9a4347640851f2d8441d716965281b71e3fddfd6489f788a4547cb2f5e38eb65c0d5b2a8dd5d15c380
-
Filesize
299KB
MD52b4a3051d499e439d41e1fc170cb8166
SHA13cb215b4aa04c894c16d295c9c41ebcc096b0afa
SHA2566116155df689dce9652443f432e8b14b57e1f38b86b185e694970c6ed03fc6e3
SHA512595746aaefa151956217fdff311d4f2ac5755d8485bf7d9a4347640851f2d8441d716965281b71e3fddfd6489f788a4547cb2f5e38eb65c0d5b2a8dd5d15c380
-
Filesize
299KB
MD521f6ad70dea5e9b0ab3a744e98f1d393
SHA155301c41a26c5539bb5bd82640b1d1048aa89d5e
SHA256d06e12728c3369bd9410c4cb4a94bc171aa56ca3bc5639bef9c387369ecca553
SHA5120287d3d368a28c9b490df86b184b7af0c95d918774693dff336b11b3e172f5bf20017dab9e3a26c7409702e460c7649b8e0bce6516c60fd262f8fdca085242f5
-
Filesize
299KB
MD5ceab876fd62f6370eec91f1ed08c834c
SHA1dd14191be635e29e054cbe80d56707115c0f4b84
SHA2567248e3c7a57ac6a5218160e691ff39e13618547dbc5096f28ef3a72eb8ed8fcd
SHA5122cd7415874a60f4d0d8b500de81d8b57cb1ff0301e8cfd66f3f71bf3a304346bec39c263b1d15d60975fd40cbedfaf03681b857d35c44b467e97cc60873eab13
-
Filesize
299KB
MD5a8e327289db9c50c5e101afb8fa4beeb
SHA1ab12042bb29f98803e998c8f06a3af247153e710
SHA2562a54229c66e7657c97fd3dd39b0bc0af0e6d54d22f75f7fbc6db8864ccd0415e
SHA5128e826f860e47a1597bdaa80cea5bfbd7b5ff30fbd7b0704768c42e8827b8d24f5cc5a1a56eb0cedd2f696ecba42e8508d79bc4ffd10df4b176608949347615c1
-
Filesize
299KB
MD5a8e327289db9c50c5e101afb8fa4beeb
SHA1ab12042bb29f98803e998c8f06a3af247153e710
SHA2562a54229c66e7657c97fd3dd39b0bc0af0e6d54d22f75f7fbc6db8864ccd0415e
SHA5128e826f860e47a1597bdaa80cea5bfbd7b5ff30fbd7b0704768c42e8827b8d24f5cc5a1a56eb0cedd2f696ecba42e8508d79bc4ffd10df4b176608949347615c1
-
Filesize
299KB
MD5b9eaead78932ce48d83f036313350036
SHA10378d31a4376134a8a7b205096b449ff6bf7a760
SHA256bddf4583256b805ae1e33a0adb5c3fb636cc8feed969c42d9de09522220e1863
SHA5129cab336456a5d92138f6ef4930c843b58f485bbafe9abfea57fcb6ab72ea384a9e3294241df18daf378ceb77ddd788bde8c17be98c387b69e3db5a8bcb679c73
-
Filesize
299KB
MD53789c1307b1d015fff75f751e121d01e
SHA1fdf2c05a49e435077e9d7f94570849134500d082
SHA256cdabcff1f6a991f84137ca2484dc14b1e99e83f1e7c13ee15edace0580e2124b
SHA51272d512f6d621982a97de062892225e970d4feb605502f42ba529a8600ed6ebcb24ab87778cf2c6ed0f89ed78920599e89d3490ec3de5130de5e626179550af22
-
Filesize
299KB
MD54e2caf48a7802dbe9626f707d8d826d7
SHA13523ea33264313ed073a24f3dfb1fb9402e3080c
SHA25691a7e43a1c125b5c58a68c9b09973854b2a7b7cbda0758fa9a5e519ddaab6f3c
SHA5123b0cb852e4360c78bced885859e80e36bb6d76e3afd25edb93fe7aaa09caad8302d550d0e1e3255723ed03c07ac67a9540f90fef7bfc90919af69c3058af95f5
-
Filesize
299KB
MD54e2caf48a7802dbe9626f707d8d826d7
SHA13523ea33264313ed073a24f3dfb1fb9402e3080c
SHA25691a7e43a1c125b5c58a68c9b09973854b2a7b7cbda0758fa9a5e519ddaab6f3c
SHA5123b0cb852e4360c78bced885859e80e36bb6d76e3afd25edb93fe7aaa09caad8302d550d0e1e3255723ed03c07ac67a9540f90fef7bfc90919af69c3058af95f5
-
Filesize
299KB
MD54e2caf48a7802dbe9626f707d8d826d7
SHA13523ea33264313ed073a24f3dfb1fb9402e3080c
SHA25691a7e43a1c125b5c58a68c9b09973854b2a7b7cbda0758fa9a5e519ddaab6f3c
SHA5123b0cb852e4360c78bced885859e80e36bb6d76e3afd25edb93fe7aaa09caad8302d550d0e1e3255723ed03c07ac67a9540f90fef7bfc90919af69c3058af95f5
-
Filesize
299KB
MD515dc4721ccc0a7deb513a79ce40c3145
SHA1ac7a80a06c14f59038e99cc133eb0c0617be3701
SHA2569950d1c4c5ec2dee3e25312241cc0619237d0df08bf639a731349e37c9e231a7
SHA5123850e492a7275bcf5d27fe2b96fdec26629e0224ffd39d8bde36472c9441f3c49479e78b79a476df3d379dd984e4de5a8d22f8fe1e54e1ad9cb6a1b2295586cd
-
Filesize
299KB
MD515dc4721ccc0a7deb513a79ce40c3145
SHA1ac7a80a06c14f59038e99cc133eb0c0617be3701
SHA2569950d1c4c5ec2dee3e25312241cc0619237d0df08bf639a731349e37c9e231a7
SHA5123850e492a7275bcf5d27fe2b96fdec26629e0224ffd39d8bde36472c9441f3c49479e78b79a476df3d379dd984e4de5a8d22f8fe1e54e1ad9cb6a1b2295586cd
-
Filesize
299KB
MD5e3afc9e26e5005809f09627dd087e684
SHA115ca57fd0cbd79b1b37fe59eca7c70871f361162
SHA25626d91f63b7b8f8b33e9cb8e2f469c1752b98d97bc2f48d39350c2f3dce4c46db
SHA5128c974c8b25c9cd04fc17d390e239e819d2c79b04b615c4be09446752283991e636d05ac50a70b11faf92371864e5d37d234202f835e53f991e7d8db2f579b7b7
-
Filesize
299KB
MD5f8370308109b7e2fd09a1ab6598e495c
SHA1b0dc7a3c27c70b778691ce1be3925bf079eb7d12
SHA2562c86a6c7628907601753b5679cb19dcb1fc9694759f3b8f6a767c8f61ddeef53
SHA512b93847511420f6ed9e6ad5ce9507811c8da88ea2547da38a8d83722711e0e81b4185a8545cb842ef58736c2289315705f9fe96024cb47bfa0446900f0530e894
-
Filesize
299KB
MD5d1cbe2c81daf1c2aaec63d46faaafb6d
SHA1b0b3e18461c13b3099999144c8f76ec3815e240a
SHA256cba0d21bfddc61d8e2125b88f2df2f1d0fe65e1444ef4d07daf0416526fdda2c
SHA512c27d956a54db088e390b573560594173758b710c417d8e128a0e9d3addc727ead974c467f96d1c1944974bf9cd512139b1f13e765b1c358822a394efc299319a
-
Filesize
299KB
MD5dd09ac8be2680c94bd0e4354b7b0045a
SHA19be3ad46eac4b82d1d7832ee23e41ca158d6fa04
SHA256e00668ec87dd32e6586b36fd68f01c77e1534b8d4abe150417f0fa98bdf4bfd3
SHA5123c548427dd441e83fe4ccefd16c55d02a4ee8c17f00d9fbe70841041a21b9d1efde9d8947d794dfe745956011cdddce105873e4c4aa1a282584d7f74a94d6ed2
-
Filesize
299KB
MD5355754eeb3f747b526ce7b070278fc37
SHA172e2f1b3447b1a56b42fdc31107a70678cc2a50f
SHA256e87d11ec96d8bf46f435f3ff5079846d6f8ac3e1668f58c1a96788f929ae2a7d
SHA5128e78d2d6f365d968133eca5f864b34bc11a313dc6c2c3f3ba6726f028e1781bedcad35602c5fb9d0de81f6d9acc8360fb7c9cd03bc5e50ad9c355519756ed9d4
-
Filesize
299KB
MD520a7492942bdf92ae937b6817ba10156
SHA17ba4042537ca9b407a330fb111ecd9eb1caaca99
SHA256e96824a416a6f977b5c2f8a69bbcee7fc0cfbedb71b595391015f7c5e2b794ea
SHA512e436ccd455ceac7bc47bd54fb3e199643ad92642522f0cbbc4497ab350773f2cba6fc31f3bc7f43b83b115dc3727d3204e1a4e92771a62e84c8a58a11a11a1ff
-
Filesize
299KB
MD5b1e90759f74a9080d62b92d22e18e48c
SHA19a1b2d659741adeea194a3a4c2b23bac650d06c2
SHA25637241f875554cdf156be9a67cfe15c3507b3bc1e2e674483799752d2222c62d8
SHA512e08ab931bf31159245d4c11e8a6c910e6717b1439b804413a98fd0b40392779fefde9c6e5c0132f48d32d2276b99b95244afefb3e03ea7d6f5ed148b00867e17
-
Filesize
299KB
MD543b46e49527712a03cc384740c6490a0
SHA1bda66c5cde958765a80673d0f07c4d005c11ac82
SHA256da61c534b0b56b2041ec1d14afbcbd798c3df9c9bbee4df4259a340488d66bb3
SHA512108da1b097966edf18a3d254c9582080ed79577d097c87525fa820a2f5ad5872cd4f6b0ece718ecdfcd2d5f2c0dfc39bcb4e26f514c3e08c9b2358a695eba9fa
-
Filesize
299KB
MD543b46e49527712a03cc384740c6490a0
SHA1bda66c5cde958765a80673d0f07c4d005c11ac82
SHA256da61c534b0b56b2041ec1d14afbcbd798c3df9c9bbee4df4259a340488d66bb3
SHA512108da1b097966edf18a3d254c9582080ed79577d097c87525fa820a2f5ad5872cd4f6b0ece718ecdfcd2d5f2c0dfc39bcb4e26f514c3e08c9b2358a695eba9fa
-
Filesize
299KB
MD5a63c61161e0ef577230eb5beec7a8961
SHA19f4138f95a3c244b3680f24830cac5ecb06d34af
SHA25697ad8d2ce4e712591f9649666c77a7c35223043d55256dc5e884a4503f7c6049
SHA51203ad74655815e367417b6db6656f5a454f6d1ffd51bad3878e60d735a2529878c7c8d3f6394f6ca87849599b927a40230656f997d393dd267726074d7c04dc62
-
Filesize
299KB
MD532a43cf2cb48cbca7cee961ffe7d4645
SHA17f10707e94b03fe51581ee1e744f1c7d33ae9a96
SHA2562cb3887c74aeded430a4f8b8752cdffa7797c57dd93960f7e9ec56a32dd7c2fb
SHA512a27b9138993e51f2794c38fab842809e8698dcee390d40a2807cd77d2ebb26f62c734d98a764058dd41f61aa39e3d89f404ec9198f2c9f8e943a27df9b6b5559
-
Filesize
299KB
MD53a34bfb054e216266229a6550e7fdb7c
SHA16b13d3ce1dbe9395322b10dd39c109b062ebd27b
SHA2563393ac020b41634fa783e9c52bca4aff3b0aaf75ab42e5103d26bd477668d5a8
SHA512f43a5cfb280e64d08b15f13be06f270396deaa4e7add6b83bbce7f83767d9f891a79264f32435c9724ef12e3b0a638fa706ad5a526a5eb6fa54d900b35d2c57d
-
Filesize
299KB
MD58e980cd78e3b776d5e66d844500c147f
SHA12e18cfefce7fa17d95ab198f3f7fbb87ceb91a9e
SHA25656f5f140ba6ee0c409adb5931099e00d050ea81a8403e4adcd1cb9226df59e83
SHA5127a3a5ff6869c4b10a2fee1ec4ec96dc51cff864c636b223ae0a461f0700f9daa81220cc0c669405ec383adda33a3fc778a91b3048e69819d76211f77a558e498
-
Filesize
299KB
MD58e980cd78e3b776d5e66d844500c147f
SHA12e18cfefce7fa17d95ab198f3f7fbb87ceb91a9e
SHA25656f5f140ba6ee0c409adb5931099e00d050ea81a8403e4adcd1cb9226df59e83
SHA5127a3a5ff6869c4b10a2fee1ec4ec96dc51cff864c636b223ae0a461f0700f9daa81220cc0c669405ec383adda33a3fc778a91b3048e69819d76211f77a558e498
-
Filesize
299KB
MD5f752383ce3bb6b30afe82fc67da83290
SHA18b9bfe3f726bf2ed3982f01c053216feea292222
SHA256a485f6861c1a72e29be894fae6baa5c4504db8ced770b578885cd39ef9ded8cd
SHA5126d60fa52bf8d26f46a01e196a37c39c665735bbb55b1ad7f9f406912423552cdbee083ba36f5a4f05ed673e174d5387033d19f1f84a3b86d314b2c5107729ece
-
Filesize
299KB
MD5609a4b1a30b3371816915dc8581f84ae
SHA17852b5bd0178e408ec13fb90c2074a3c0f3e90cf
SHA25668304992b84bbca50abc4eff2b585dd8fef1c7a1e97915706c2fe23ef4dfbca5
SHA512d487471cef1707358cabc87961e1fb11143836695a59ee6fe30fcb60a64a6eae08a3d5156c89a9a0a8412104196cddddaf6091bd35508f37053a6af697e89b27
-
Filesize
299KB
MD5a47ac4e7c1193429261452933b453a1a
SHA12636166ba7e4e55bebc004f2f3cdd0f8806875ef
SHA256032bee3ef86ef8c0131e744ab642fc18311b8e0da7be128a4c83ad5e65da8883
SHA512b9687a041b0e57cf0e356e47f2d62158c480e75ed2ef6e9729d226ae153be89cc606ab7e94e7b01578d63dd519e069f5250f7e6edb7ce1f89b481e6893f64c53
-
Filesize
299KB
MD5220e39d54ad85d9a7de6b9bea3b73df1
SHA1cdebedc73ceca6df4ce190af4fff5e52a8032f41
SHA256634f766e9690589a500a0dcb9e22560ce8c714825c1e62d38aad3bfbc14775db
SHA512e844c87a0257e30e2ae117e91e0d9d004a6990c57b79366994e9430d49234a8a52bfc3cc3b6fbdc4371fde5518d94689146555a3b57e42b79e0a61a73d96f43d