Analysis Overview
SHA256
97609ae0b6b53252439d92caf6261c32cad76a69c93047c336cc5c42b458af3d
Threat Level: Known bad
The file Chernobyl.exe was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Contains code to disable Windows Defender
UAC bypass
Possible privilege escalation attempt
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Modifies file permissions
Modifies system executable filetype association
Loads dropped DLL
Modifies WinLogon
Checks whether UAC is enabled
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
System policy modification
Modifies registry class
Modifies File Icons
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-03 02:40
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-03 02:40
Reported
2024-03-03 02:42
Platform
win7-20240221-en
Max time kernel
56s
Max time network
18s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, cluttscape.exe" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Disables Task Manager via registry modification
Possible privilege escalation attempt
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies file permissions
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD = "1" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\kill.ico | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| File opened for modification | C:\Windows\System32\wallpaper.jpg | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\cluttscape.exe | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| File opened for modification | C:\Windows\cluttscape.exe | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Enumerates physical storage devices
Modifies File Icons
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\3 = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\4 = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htlm | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\textfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{1248BD21-B584-4EB8-85D0-8EC479CD043B}\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{1248BD21-B584-4EB8-85D0-8EC479CD043B}\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\icmfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JSEFile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\textfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\zapfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htlm\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inffile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pnffile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giffile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jntfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5} | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htlm\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\icofile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\sysfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pjpegfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Unknown\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jpegfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pngfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ratfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sysfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\CLSID\{1248BD21-B584-4EB8-85D0-8EC479CD043B} | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JSFile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mscfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\regfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile = "1" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe
"C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-18661415541084549064-687029012-380500796265320750-1884029111-1289568299145413653"
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16953254912048192401-276045950-673724962381683991-4469699051509398184-1511253387"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1810036655-172200348893730452-1322726407415403870-182197278-2113052371-1264868574"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1150835332340064281-259588362-1127273452-409818638641984761366656154-1103727545"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1767864022-1308662221-1069213531878456378-1587059530-548800618-1747515438-1251835387"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-12772374311665413587-69129367812137017371237203362870359652-84976767526777496"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1405019126-12243150941044976475-17813914919858660611833369641306924272292556936"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1307127662-107060260311557797023666889281697548855-2939290432042359970-1597695911"
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-210238553016917089331010034836-1567596916-1827639105-659246687-2075062454-1565333383"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-21155673116816260131997062280-1095554101-1292021758-1491836792-3352399501927153593"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "13669794761094653553-205795711-6853691541595159405436150691-739119374-1113539486"
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\smss.exe && icacls C:\Windows\System32\smss.exe /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\csrss.exe && icacls C:\Windows\System32\csrss.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\smss.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\wininit.exe && icacls C:\Windows\System32\wininit.exe /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\LogonUI.exe && icacls C:\Windows\System32\LogonUI.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\csrss.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\lsass.exe && icacls C:\Windows\System32\lsass.exe /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\smss.exe /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\wininit.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\csrss.exe /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\LogonUI.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\services.exe && icacls C:\Windows\System32\services.exe /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\winlogon.exe && icacls C:\Windows\System32\winlogon.exe /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\wininit.exe /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\LogonUI.exe /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\lsass.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\services.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\winload.efi && icacls C:\Windows\System32\winload.efi /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\lsass.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\winload.exe && icacls C:\Windows\System32\winload.exe /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\services.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\ntoskrnl.exe && icacls C:\Windows\System32\ntoskrnl.exe /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\svchost.exe && icacls C:\Windows\System32\svchost.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\winload.efi
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\winlogon.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\winload.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\smss.exe && icacls C:\Windows\SysWOW64\smss.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\ntoskrnl.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\winload.efi /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\csrss.exe && icacls C:\Windows\SysWOW64\csrss.exe /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\winlogon.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\wininit.exe && icacls C:\Windows\SysWOW64\wininit.exe /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\winload.exe /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\ntoskrnl.exe /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\svchost.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\LogonUI.exe && icacls C:\Windows\SysWOW64\LogonUI.exe /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\lsass.exe && icacls C:\Windows\SysWOW64\lsass.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\smss.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\csrss.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\services.exe && icacls C:\Windows\SysWOW64\services.exe /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\winlogon.exe && icacls C:\Windows\SysWOW64\winlogon.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\LogonUI.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\wininit.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\lsass.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\winload.efi && icacls C:\Windows\SysWOW64\winload.efi /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\winload.exe && icacls C:\Windows\SysWOW64\winload.exe /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\svchost.exe /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\SysWOW64\wininit.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\ntoskrnl.exe && icacls C:\Windows\SysWOW64\ntoskrnl.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\services.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\winlogon.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\winload.efi
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\svchost.exe && icacls C:\Windows\SysWOW64\svchost.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\winload.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\1394bus.sys && icacls C:\Windows\System32\drivers\1394bus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\ntoskrnl.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\1394ohci.sys && icacls C:\Windows\System32\drivers\1394ohci.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\acpi.sys && icacls C:\Windows\System32\drivers\acpi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\SysWOW64\svchost.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\acpipmi.sys && icacls C:\Windows\System32\drivers\acpipmi.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\1394bus.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\SysWOW64\ntoskrnl.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\adp94xx.sys && icacls C:\Windows\System32\drivers\adp94xx.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\1394ohci.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\1394bus.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\1394ohci.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\adpahci.sys && icacls C:\Windows\System32\drivers\adpahci.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\adpu320.sys && icacls C:\Windows\System32\drivers\adpu320.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\afd.sys && icacls C:\Windows\System32\drivers\afd.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\adp94xx.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\agilevpn.sys && icacls C:\Windows\System32\drivers\agilevpn.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1743243246110326044316636768-13933959559582312582017733875-14720616462114132855"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\acpi.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\AGP440.sys && icacls C:\Windows\System32\drivers\AGP440.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\adp94xx.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\acpipmi.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\afd.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\acpi.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\acpipmi.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\aliide.sys && icacls C:\Windows\System32\drivers\aliide.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1168732066-3464805642056026499276143827-476238947182205371315290063362127953582"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\afd.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\adpahci.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\adpahci.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdide.sys && icacls C:\Windows\System32\drivers\amdide.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\agilevpn.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\adpu320.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdk8.sys && icacls C:\Windows\System32\drivers\amdk8.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\AGP440.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\aliide.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\agilevpn.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\aliide.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\adpu320.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\AGP440.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdppm.sys && icacls C:\Windows\System32\drivers\amdppm.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdsata.sys && icacls C:\Windows\System32\drivers\amdsata.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdide.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdide.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdppm.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdsbs.sys && icacls C:\Windows\System32\drivers\amdsbs.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdk8.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdppm.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdxata.sys && icacls C:\Windows\System32\drivers\amdxata.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\appid.sys && icacls C:\Windows\System32\drivers\appid.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdk8.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\arc.sys && icacls C:\Windows\System32\drivers\arc.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdsata.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdsbs.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\arcsas.sys && icacls C:\Windows\System32\drivers\arcsas.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdsbs.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdsata.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\asyncmac.sys && icacls C:\Windows\System32\drivers\asyncmac.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdxata.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\appid.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\atapi.sys && icacls C:\Windows\System32\drivers\atapi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdxata.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\arcsas.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\arc.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\appid.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\asyncmac.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ataport.sys && icacls C:\Windows\System32\drivers\ataport.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\arcsas.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\b57nd60a.sys && icacls C:\Windows\System32\drivers\b57nd60a.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\asyncmac.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\arc.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\battc.sys && icacls C:\Windows\System32\drivers\battc.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\atapi.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ataport.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\beep.sys && icacls C:\Windows\System32\drivers\beep.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\atapi.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ataport.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\blbdrive.sys && icacls C:\Windows\System32\drivers\blbdrive.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bowser.sys && icacls C:\Windows\System32\drivers\bowser.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\b57nd60a.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\battc.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\b57nd60a.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BrFiltLo.sys && icacls C:\Windows\System32\drivers\BrFiltLo.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BrFiltUp.sys && icacls C:\Windows\System32\drivers\BrFiltUp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bridge.sys && icacls C:\Windows\System32\drivers\bridge.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\battc.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\beep.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bowser.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BrSerId.sys && icacls C:\Windows\System32\drivers\BrSerId.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BrFiltUp.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BrFiltLo.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bowser.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\beep.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BrFiltUp.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\blbdrive.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BrFiltLo.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\blbdrive.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bridge.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BrSerWdm.sys && icacls C:\Windows\System32\drivers\BrSerWdm.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BrUsbMdm.sys && icacls C:\Windows\System32\drivers\BrUsbMdm.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bridge.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BrSerId.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BrUsbSer.sys && icacls C:\Windows\System32\drivers\BrUsbSer.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BrSerWdm.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BrSerWdm.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BrUsbMdm.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bthmodem.sys && icacls C:\Windows\System32\drivers\bthmodem.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bxvbda.sys && icacls C:\Windows\System32\drivers\bxvbda.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BrSerId.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BrUsbMdm.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BrUsbSer.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cdfs.sys && icacls C:\Windows\System32\drivers\cdfs.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bthmodem.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BrUsbSer.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cdrom.sys && icacls C:\Windows\System32\drivers\cdrom.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bthmodem.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\circlass.sys && icacls C:\Windows\System32\drivers\circlass.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bxvbda.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cdfs.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bxvbda.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cdfs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Classpnp.sys && icacls C:\Windows\System32\drivers\Classpnp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\CmBatt.sys && icacls C:\Windows\System32\drivers\CmBatt.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1799722272-1099004074-77107880120776206646494299541121092589-1291408077-1863244836"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cmdide.sys && icacls C:\Windows\System32\drivers\cmdide.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cng.sys && icacls C:\Windows\System32\drivers\cng.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\circlass.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cdrom.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\circlass.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\compbatt.sys && icacls C:\Windows\System32\drivers\compbatt.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cdrom.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\CompositeBus.sys && icacls C:\Windows\System32\drivers\CompositeBus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\CmBatt.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cmdide.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Classpnp.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cng.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\CmBatt.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\crashdmp.sys && icacls C:\Windows\System32\drivers\crashdmp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\crcdisk.sys && icacls C:\Windows\System32\drivers\crcdisk.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\compbatt.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cmdide.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\csc.sys && icacls C:\Windows\System32\drivers\csc.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cng.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\compbatt.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dfsc.sys && icacls C:\Windows\System32\drivers\dfsc.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Classpnp.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\discache.sys && icacls C:\Windows\System32\drivers\discache.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\disk.sys && icacls C:\Windows\System32\drivers\disk.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\crashdmp.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\csc.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\crcdisk.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\CompositeBus.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\crcdisk.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\crashdmp.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\csc.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Diskdump.sys && icacls C:\Windows\System32\drivers\Diskdump.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\CompositeBus.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dmvsc.sys && icacls C:\Windows\System32\drivers\dmvsc.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dfsc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\drmk.sys && icacls C:\Windows\System32\drivers\drmk.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\drmkaud.sys && icacls C:\Windows\System32\drivers\drmkaud.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\disk.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Diskdump.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\discache.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Dumpata.sys && icacls C:\Windows\System32\drivers\Dumpata.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dfsc.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dmvsc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dumpfve.sys && icacls C:\Windows\System32\drivers\dumpfve.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\disk.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Diskdump.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\drmk.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dxapi.sys && icacls C:\Windows\System32\drivers\dxapi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\discache.sys /grant "Admin:F"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-468445834-2128230535-764611997-4886643961977447839-439545291-574288105-609608957"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dmvsc.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\drmkaud.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dxg.sys && icacls C:\Windows\System32\drivers\dxg.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\drmk.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\drmkaud.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dxgkrnl.sys && icacls C:\Windows\System32\drivers\dxgkrnl.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dxgmms1.sys && icacls C:\Windows\System32\drivers\dxgmms1.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dumpfve.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dxg.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Dumpata.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dxapi.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\elxstor.sys && icacls C:\Windows\System32\drivers\elxstor.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\errdev.sys && icacls C:\Windows\System32\drivers\errdev.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dumpfve.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dxg.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dxgmms1.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dxapi.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Dumpata.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\evbda.sys && icacls C:\Windows\System32\drivers\evbda.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1463292706144096278-370651642-2100047424-6415482721416079351070316455-383142363"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\exfat.sys && icacls C:\Windows\System32\drivers\exfat.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dxgmms1.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dxgkrnl.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\errdev.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\elxstor.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fastfat.sys && icacls C:\Windows\System32\drivers\fastfat.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\errdev.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\evbda.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fdc.sys && icacls C:\Windows\System32\drivers\fdc.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dxgkrnl.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\exfat.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\elxstor.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fileinfo.sys && icacls C:\Windows\System32\drivers\fileinfo.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\evbda.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fastfat.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\filetrace.sys && icacls C:\Windows\System32\drivers\filetrace.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\exfat.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fastfat.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fdc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fj0msjdauhpv9q.sys && icacls C:\Windows\System32\drivers\fj0msjdauhpv9q.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\flpydisk.sys && icacls C:\Windows\System32\drivers\flpydisk.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fdc.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fltMgr.sys && icacls C:\Windows\System32\drivers\fltMgr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\filetrace.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fileinfo.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fsdepends.sys && icacls C:\Windows\System32\drivers\fsdepends.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\filetrace.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fileinfo.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fj0msjdauhpv9q.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fltMgr.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fs_rec.sys && icacls C:\Windows\System32\drivers\fs_rec.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\flpydisk.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fsdepends.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "743240713-742270048551347731322819110-1644874240-922941343-11103210421032592711"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fj0msjdauhpv9q.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\flpydisk.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fvevol.sys && icacls C:\Windows\System32\drivers\fvevol.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fltMgr.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fsdepends.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fs_rec.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\FWPKCLNT.SYS && icacls C:\Windows\System32\drivers\FWPKCLNT.SYS /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\GAGP30KX.SYS && icacls C:\Windows\System32\drivers\GAGP30KX.SYS /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fvevol.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fs_rec.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\gm.dls && icacls C:\Windows\System32\drivers\gm.dls /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\gmreadme.txt && icacls C:\Windows\System32\drivers\gmreadme.txt /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\FWPKCLNT.SYS
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1087591709-92056672-1253598651-1879131797-1335112715-14662424822112275550858281063"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fvevol.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\GAGP30KX.SYS
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hcw85cir.sys && icacls C:\Windows\System32\drivers\hcw85cir.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\GAGP30KX.SYS /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\FWPKCLNT.SYS /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hdaudbus.sys && icacls C:\Windows\System32\drivers\hdaudbus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\gm.dls
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\gmreadme.txt
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hdaudbus.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\HdAudio.sys && icacls C:\Windows\System32\drivers\HdAudio.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidbatt.sys && icacls C:\Windows\System32\drivers\hidbatt.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\gm.dls /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\gmreadme.txt /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hdaudbus.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hcw85cir.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\HdAudio.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidbth.sys && icacls C:\Windows\System32\drivers\hidbth.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\HdAudio.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidbatt.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidclass.sys && icacls C:\Windows\System32\drivers\hidclass.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidir.sys && icacls C:\Windows\System32\drivers\hidir.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidbatt.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hcw85cir.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidparse.sys && icacls C:\Windows\System32\drivers\hidparse.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidbth.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidusb.sys && icacls C:\Windows\System32\drivers\hidusb.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\HpSAMD.sys && icacls C:\Windows\System32\drivers\HpSAMD.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\http.sys && icacls C:\Windows\System32\drivers\http.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidbth.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hwpolicy.sys && icacls C:\Windows\System32\drivers\hwpolicy.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\i8042prt.sys && icacls C:\Windows\System32\drivers\i8042prt.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaStorV.sys && icacls C:\Windows\System32\drivers\iaStorV.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iirsp.sys && icacls C:\Windows\System32\drivers\iirsp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\intelide.sys && icacls C:\Windows\System32\drivers\intelide.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\intelppm.sys && icacls C:\Windows\System32\drivers\intelppm.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ipfltdrv.sys && icacls C:\Windows\System32\drivers\ipfltdrv.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\IPMIDrv.sys && icacls C:\Windows\System32\drivers\IPMIDrv.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ipnat.sys && icacls C:\Windows\System32\drivers\ipnat.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-418053795-1899157333950960065-7858902882962624187725797781121523780-1272631157"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidclass.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\irda.sys && icacls C:\Windows\System32\drivers\irda.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\irenum.sys && icacls C:\Windows\System32\drivers\irenum.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\HpSAMD.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\isapnp.sys && icacls C:\Windows\System32\drivers\isapnp.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\http.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\intelide.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\kbdclass.sys && icacls C:\Windows\System32\drivers\kbdclass.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\intelppm.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\kbdhid.sys && icacls C:\Windows\System32\drivers\kbdhid.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ks.sys && icacls C:\Windows\System32\drivers\ks.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1553693416-8570420411110430971202968208-17575597105854012291577416768-560925215"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ipfltdrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ksecdd.sys && icacls C:\Windows\System32\drivers\ksecdd.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\IPMIDrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ksecpkg.sys && icacls C:\Windows\System32\drivers\ksecpkg.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1565783127-403396006-422088805-1983253282-1987641688-44602381888583721455664808"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\HpSAMD.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\intelide.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidclass.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\http.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\intelppm.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ipfltdrv.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ksthunk.sys && icacls C:\Windows\System32\drivers\ksthunk.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\IPMIDrv.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ipnat.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ipnat.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lltdio.sys && icacls C:\Windows\System32\drivers\lltdio.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\irenum.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hwpolicy.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidir.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidparse.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\irenum.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hwpolicy.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidir.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaStorV.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lsi_fc.sys && icacls C:\Windows\System32\drivers\lsi_fc.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-16521866641313944452-1678148532-516451731-1791422047-4292602521585656347-436114749"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\irda.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidparse.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ks.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaStorV.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\isapnp.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ksecpkg.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\kbdhid.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidusb.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\i8042prt.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\kbdclass.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ksthunk.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\irda.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ks.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ksecdd.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\isapnp.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iirsp.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lltdio.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iirsp.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lsi_sas.sys && icacls C:\Windows\System32\drivers\lsi_sas.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lsi_fc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lsi_sas2.sys && icacls C:\Windows\System32\drivers\lsi_sas2.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ksecpkg.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\kbdclass.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ksthunk.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidusb.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ksecdd.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\kbdhid.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\i8042prt.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lsi_fc.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lltdio.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lsi_scsi.sys && icacls C:\Windows\System32\drivers\lsi_scsi.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lsi_sas2.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\luafv.sys && icacls C:\Windows\System32\drivers\luafv.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lsi_sas.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mcd.sys && icacls C:\Windows\System32\drivers\mcd.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lsi_sas2.sys /grant "Admin:F"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1875839783-101674710-21206595310683095251553938424-513787364-2020172696529053742"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\megasas.sys && icacls C:\Windows\System32\drivers\megasas.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lsi_sas.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\MegaSR.sys && icacls C:\Windows\System32\drivers\MegaSR.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\luafv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\modem.sys && icacls C:\Windows\System32\drivers\modem.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lsi_scsi.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-421257773-107903637612763017851224111572868958809-4277414401550677392-1237189876"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\luafv.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\monitor.sys && icacls C:\Windows\System32\drivers\monitor.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lsi_scsi.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mcd.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\megasas.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\modem.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mouclass.sys && icacls C:\Windows\System32\drivers\mouclass.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mouhid.sys && icacls C:\Windows\System32\drivers\mouhid.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\modem.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\megasas.sys /grant "Admin:F"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1272926511256057651619662679-15378853531628847387-17186653311449761317-1763510734"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\MegaSR.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\monitor.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mountmgr.sys && icacls C:\Windows\System32\drivers\mountmgr.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mcd.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\MegaSR.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mpio.sys && icacls C:\Windows\System32\drivers\mpio.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mouclass.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\monitor.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mpsdrv.sys && icacls C:\Windows\System32\drivers\mpsdrv.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mountmgr.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mouclass.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mouhid.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mpio.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mrxdav.sys && icacls C:\Windows\System32\drivers\mrxdav.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mountmgr.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mpio.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mouhid.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mrxsmb.sys && icacls C:\Windows\System32\drivers\mrxsmb.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mrxsmb10.sys && icacls C:\Windows\System32\drivers\mrxsmb10.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mpsdrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mrxsmb20.sys && icacls C:\Windows\System32\drivers\mrxsmb20.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msahci.sys && icacls C:\Windows\System32\drivers\msahci.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mrxdav.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mpsdrv.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msdsm.sys && icacls C:\Windows\System32\drivers\msdsm.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-597254599-1014725756473908762229268642-538575378-930973824762501954-911413304"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msfs.sys && icacls C:\Windows\System32\drivers\msfs.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mrxdav.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mrxsmb10.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf && icacls C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mrxsmb20.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mrxsmb.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mshidkmdf.sys && icacls C:\Windows\System32\drivers\mshidkmdf.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msdsm.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msisadrv.sys && icacls C:\Windows\System32\drivers\msisadrv.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mrxsmb10.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msdsm.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msahci.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msfs.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mrxsmb20.sys /grant "Admin:F"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-20621623411721852919122253140020123865251964571712-859231476-890467221-1648627992"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msiscsi.sys && icacls C:\Windows\System32\drivers\msiscsi.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mshidkmdf.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mrxsmb.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msahci.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mshidkmdf.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mskssrv.sys && icacls C:\Windows\System32\drivers\mskssrv.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msfs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mspclock.sys && icacls C:\Windows\System32\drivers\mspclock.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-7019528492008964746-5870177413925332017171212-5727012812004133945-1521351256"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msisadrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mspqm.sys && icacls C:\Windows\System32\drivers\mspqm.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msiscsi.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msrpc.sys && icacls C:\Windows\System32\drivers\msrpc.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msisadrv.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msiscsi.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mskssrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mssmbios.sys && icacls C:\Windows\System32\drivers\mssmbios.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mspclock.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mskssrv.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mspqm.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mstee.sys && icacls C:\Windows\System32\drivers\mstee.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\MTConfig.sys && icacls C:\Windows\System32\drivers\MTConfig.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mspclock.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msrpc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mup.sys && icacls C:\Windows\System32\drivers\mup.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndis.sys && icacls C:\Windows\System32\drivers\ndis.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mspqm.sys /grant "Admin:F"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-10997163601569684253-17467807801771241839-13647391111317801935589771890-112358574"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msrpc.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndiscap.sys && icacls C:\Windows\System32\drivers\ndiscap.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mstee.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\MTConfig.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mssmbios.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndistapi.sys && icacls C:\Windows\System32\drivers\ndistapi.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-213156078-1996365688-10966522071727713418-13636028471254570044111215650-734728131"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndisuio.sys && icacls C:\Windows\System32\drivers\ndisuio.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mup.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\MTConfig.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndis.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mstee.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndiswan.sys && icacls C:\Windows\System32\drivers\ndiswan.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mssmbios.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndproxy.sys && icacls C:\Windows\System32\drivers\ndproxy.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\netbios.sys && icacls C:\Windows\System32\drivers\netbios.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\netbt.sys && icacls C:\Windows\System32\drivers\netbt.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\netio.sys && icacls C:\Windows\System32\drivers\netio.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nfrd960.sys && icacls C:\Windows\System32\drivers\nfrd960.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "165376506217837802421645267530-501660593-1591914369-1214045799-2787664221842437973"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\npfs.sys && icacls C:\Windows\System32\drivers\npfs.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndistapi.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndiscap.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndis.sys /grant "Admin:F"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-309367601-163961517-667651548147849758318464985244645805144489250181574956016"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mup.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndiscap.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndistapi.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\netio.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nfrd960.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nsiproxy.sys && icacls C:\Windows\System32\drivers\nsiproxy.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndisuio.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ntfs.sys && icacls C:\Windows\System32\drivers\ntfs.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\netbt.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndiswan.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\netbios.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndproxy.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\netio.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nfrd960.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\null.sys && icacls C:\Windows\System32\drivers\null.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nvraid.sys && icacls C:\Windows\System32\drivers\nvraid.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nvstor.sys && icacls C:\Windows\System32\drivers\nvstor.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\NV_AGP.SYS && icacls C:\Windows\System32\drivers\NV_AGP.SYS /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1974602893606122958-346756638-1695695580-20321026031509357016-1222065264857229623"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\npfs.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-610781453-1249305474407930359-49520347-15259825201714916674140023396-2074788050"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndproxy.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndisuio.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nwifi.sys && icacls C:\Windows\System32\drivers\nwifi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\netbt.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndiswan.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\netbios.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ohci1394.sys && icacls C:\Windows\System32\drivers\ohci1394.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pacer.sys && icacls C:\Windows\System32\drivers\pacer.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\npfs.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nvraid.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nsiproxy.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nvstor.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nvraid.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ntfs.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nwifi.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nsiproxy.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\parport.sys && icacls C:\Windows\System32\drivers\parport.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nvstor.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\partmgr.sys && icacls C:\Windows\System32\drivers\partmgr.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ntfs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pci.sys && icacls C:\Windows\System32\drivers\pci.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\null.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pacer.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ohci1394.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\NV_AGP.SYS
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pciide.sys && icacls C:\Windows\System32\drivers\pciide.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\parport.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pciidex.sys && icacls C:\Windows\System32\drivers\pciidex.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pcmcia.sys && icacls C:\Windows\System32\drivers\pcmcia.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nwifi.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pcw.sys && icacls C:\Windows\System32\drivers\pcw.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\PEAuth.sys && icacls C:\Windows\System32\drivers\PEAuth.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\portcls.sys && icacls C:\Windows\System32\drivers\portcls.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pacer.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\null.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\processr.sys && icacls C:\Windows\System32\drivers\processr.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ohci1394.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\parport.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\NV_AGP.SYS /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ql2300.sys && icacls C:\Windows\System32\drivers\ql2300.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "4428478501669851411-1365921823-916050662132873005-1926146010-1429192626788847017"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ql40xx.sys && icacls C:\Windows\System32\drivers\ql40xx.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\qwavedrv.sys && icacls C:\Windows\System32\drivers\qwavedrv.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "20264024911477878713648573333-88764455-1635712181-931430753-1965142311503546454"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2103508941-1824432873196082802-375751675-235256267-7534048201212831771333141954"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rasacd.sys && icacls C:\Windows\System32\drivers\rasacd.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-64973338017514169728635020402026387003-508959132-1705140655-2145240462-1447772014"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rasl2tp.sys && icacls C:\Windows\System32\drivers\rasl2tp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\raspppoe.sys && icacls C:\Windows\System32\drivers\raspppoe.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\raspptp.sys && icacls C:\Windows\System32\drivers\raspptp.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\partmgr.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-113759881701528827-771996901-28408127316127370811198585857352781531404517891"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rassstp.sys && icacls C:\Windows\System32\drivers\rassstp.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pciide.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\processr.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pci.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2096386945179440311511064089732492458599533496916920237-7735785512098552780"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rdbss.sys && icacls C:\Windows\System32\drivers\rdbss.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rdpbus.sys && icacls C:\Windows\System32\drivers\rdpbus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ql40xx.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "440838600370986110167620281316525249-1093858355-680032847-21318170591557336318"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\RDPCDD.sys && icacls C:\Windows\System32\drivers\RDPCDD.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rdpdr.sys && icacls C:\Windows\System32\drivers\rdpdr.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1157288444-6379013061381134183451959604141640713-16272647791233587357-2107031312"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-246807676-1195048877-1128864945-15771191028286452131318057056-1974028940-1406164790"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\RDPENCDD.sys && icacls C:\Windows\System32\drivers\RDPENCDD.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pciidex.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rasacd.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15843006-21330954791909491404206882636976015541006900066-99706399939971792"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\RDPREFMP.sys && icacls C:\Windows\System32\drivers\RDPREFMP.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\raspppoe.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1559754747-833770423574312401317226582927888177823489035-1663728426539184575"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rdpvideominiport.sys && icacls C:\Windows\System32\drivers\rdpvideominiport.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rdpbus.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rdpwd.sys && icacls C:\Windows\System32\drivers\rdpwd.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rdbss.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rdyboost.sys && icacls C:\Windows\System32\drivers\rdyboost.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rmcast.sys && icacls C:\Windows\System32\drivers\rmcast.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\RDPCDD.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\RNDISMP.sys && icacls C:\Windows\System32\drivers\RNDISMP.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rootmdm.sys && icacls C:\Windows\System32\drivers\rootmdm.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\rspndr.sys && icacls C:\Windows\System32\drivers\rspndr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pcw.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\PEAuth.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Rtnic64.sys && icacls C:\Windows\System32\drivers\Rtnic64.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1885869250-11350079999067526891005739063-2191499145573128971033198681-1837032362"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\sbp2port.sys && icacls C:\Windows\System32\drivers\sbp2port.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "14860153871179050608362721579-682207943918634686-13004887871439349504-164575850"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rdpdr.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\scfilter.sys && icacls C:\Windows\System32\drivers\scfilter.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\scsiport.sys && icacls C:\Windows\System32\drivers\scsiport.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "76477958784429748011292549551698890239640628754-150092288214763561921819903975"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\secdrv.sys && icacls C:\Windows\System32\drivers\secdrv.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-13000901662045440948725074901-81460588972051308-1660137500-8021081351318290336"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\partmgr.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\serenum.sys && icacls C:\Windows\System32\drivers\serenum.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\serial.sys && icacls C:\Windows\System32\drivers\serial.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8048747329891025241957932811-17732761161837744361-263129450-20369721461764937319"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2050362543930446481-90499988819103806711056078451-349125841343755165767476491"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\sermouse.sys && icacls C:\Windows\System32\drivers\sermouse.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\processr.sys /grant "Admin:F"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "15080302191105843766-14156158581689566719-1883173053-942189494-509957475640920314"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\sffdisk.sys && icacls C:\Windows\System32\drivers\sffdisk.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pciide.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\sffp_mmc.sys && icacls C:\Windows\System32\drivers\sffp_mmc.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\sffp_sd.sys && icacls C:\Windows\System32\drivers\sffp_sd.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\RDPREFMP.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pci.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\sfloppy.sys && icacls C:\Windows\System32\drivers\sfloppy.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "11413734121327494165-2106246565-931779141-2032051465168504841435267144-598385067"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\sisraid2.sys && icacls C:\Windows\System32\drivers\sisraid2.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ql40xx.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rdpvideominiport.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2135208781-1231021867990953-1682927373-313693144-197536956712853279052110043220"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\sisraid4.sys && icacls C:\Windows\System32\drivers\sisraid4.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\smb.sys && icacls C:\Windows\System32\drivers\smb.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\portcls.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\smclib.sys && icacls C:\Windows\System32\drivers\smclib.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\spldr.sys && icacls C:\Windows\System32\drivers\spldr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ql2300.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rmcast.sys
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-8659022792061149527-8534093581890473652668010692-1604136439293236619-584240920"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\spsys.sys && icacls C:\Windows\System32\drivers\spsys.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "147677255376826032-14140050641130379309-2014959439657202959-1072149141-12952212"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\srv.sys && icacls C:\Windows\System32\drivers\srv.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\srv2.sys && icacls C:\Windows\System32\drivers\srv2.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1040971300-1460562060-1128605090115191415615884933568088658041569864315-187875751"
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "8617384521517712910-2140313551-58412650-1121014931-3273395791434929853-127015973"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rdyboost.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\srvnet.sys && icacls C:\Windows\System32\drivers\srvnet.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\RNDISMP.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\stexstor.sys && icacls C:\Windows\System32\drivers\stexstor.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-687184562-205507586216521651201170394098-1333549165-1105316431724233777-790564816"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rootmdm.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\storport.sys && icacls C:\Windows\System32\drivers\storport.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rspndr.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\storvsc.sys && icacls C:\Windows\System32\drivers\storvsc.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\stream.sys && icacls C:\Windows\System32\drivers\stream.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\swenum.sys && icacls C:\Windows\System32\drivers\swenum.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Rtnic64.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Synth3dVsc.sys && icacls C:\Windows\System32\drivers\Synth3dVsc.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tape.sys && icacls C:\Windows\System32\drivers\tape.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tcpip.sys && icacls C:\Windows\System32\drivers\tcpip.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tcpipreg.sys && icacls C:\Windows\System32\drivers\tcpipreg.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tdi.sys && icacls C:\Windows\System32\drivers\tdi.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tdpipe.sys && icacls C:\Windows\System32\drivers\tdpipe.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tdtcp.sys && icacls C:\Windows\System32\drivers\tdtcp.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pciidex.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\scfilter.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\qwavedrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tdx.sys && icacls C:\Windows\System32\drivers\tdx.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\termdd.sys && icacls C:\Windows\System32\drivers\termdd.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\terminpt.sys && icacls C:\Windows\System32\drivers\terminpt.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tssecsrv.sys && icacls C:\Windows\System32\drivers\tssecsrv.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\raspppoe.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\TsUsbFlt.sys && icacls C:\Windows\System32\drivers\TsUsbFlt.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\TsUsbGD.sys && icacls C:\Windows\System32\drivers\TsUsbGD.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tsusbhub.sys && icacls C:\Windows\System32\drivers\tsusbhub.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\secdrv.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\scsiport.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\serial.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\serenum.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\tunnel.sys && icacls C:\Windows\System32\drivers\tunnel.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\rasacd.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\UAGP35.SYS && icacls C:\Windows\System32\drivers\UAGP35.SYS /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\sermouse.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\udfs.sys && icacls C:\Windows\System32\drivers\udfs.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ULIAGPKX.SYS && icacls C:\Windows\System32\drivers\ULIAGPKX.SYS /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\umbus.sys && icacls C:\Windows\System32\drivers\umbus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\sffdisk.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\umpass.sys && icacls C:\Windows\System32\drivers\umpass.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\sffp_mmc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usb8023.sys && icacls C:\Windows\System32\drivers\usb8023.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\USBCAMD2.sys && icacls C:\Windows\System32\drivers\USBCAMD2.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbccgp.sys && icacls C:\Windows\System32\drivers\usbccgp.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\sffp_sd.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\sfloppy.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\rdpbus.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbcir.sys && icacls C:\Windows\System32\drivers\usbcir.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbd.sys && icacls C:\Windows\System32\drivers\usbd.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\sisraid2.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\sisraid4.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbehci.sys && icacls C:\Windows\System32\drivers\usbehci.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\rdbss.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rasl2tp.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbhub.sys && icacls C:\Windows\System32\drivers\usbhub.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbohci.sys && icacls C:\Windows\System32\drivers\usbohci.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\spldr.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\smclib.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbport.sys && icacls C:\Windows\System32\drivers\usbport.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\srv.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\spsys.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbprint.sys && icacls C:\Windows\System32\drivers\usbprint.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbrpm.sys && icacls C:\Windows\System32\drivers\usbrpm.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\USBSTOR.SYS && icacls C:\Windows\System32\drivers\USBSTOR.SYS /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\srvnet.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\RDPCDD.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\usbuhci.sys && icacls C:\Windows\System32\drivers\usbuhci.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\PEAuth.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vdrvroot.sys && icacls C:\Windows\System32\drivers\vdrvroot.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pcw.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vga.sys && icacls C:\Windows\System32\drivers\vga.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\srv2.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vgapnp.sys && icacls C:\Windows\System32\drivers\vgapnp.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\stexstor.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vhdmp.sys && icacls C:\Windows\System32\drivers\vhdmp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\viaide.sys && icacls C:\Windows\System32\drivers\viaide.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\raspptp.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\videoprt.sys && icacls C:\Windows\System32\drivers\videoprt.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\storport.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vmbus.sys && icacls C:\Windows\System32\drivers\vmbus.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\VMBusHID.sys && icacls C:\Windows\System32\drivers\VMBusHID.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vms3cap.sys && icacls C:\Windows\System32\drivers\vms3cap.sys /grant "%username%:F" && exit
C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-980524762-18886927402677450231298303023-450954912-1565687764-16846797891950155024"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vmstorfl.sys && icacls C:\Windows\System32\drivers\vmstorfl.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\stream.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\rdpdr.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\volmgr.sys && icacls C:\Windows\System32\drivers\volmgr.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\volmgrx.sys && icacls C:\Windows\System32\drivers\volmgrx.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\swenum.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pcmcia.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tcpipreg.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\volsnap.sys && icacls C:\Windows\System32\drivers\volsnap.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tdi.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tdtcp.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vsmraid.sys && icacls C:\Windows\System32\drivers\vsmraid.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tdpipe.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\TsUsbFlt.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tdx.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vwifibus.sys && icacls C:\Windows\System32\drivers\vwifibus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\termdd.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vwififlt.sys && icacls C:\Windows\System32\drivers\vwififlt.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\vwifimp.sys && icacls C:\Windows\System32\drivers\vwifimp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\wacompen.sys && icacls C:\Windows\System32\drivers\wacompen.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\rassstp.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tunnel.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\wanarp.sys && icacls C:\Windows\System32\drivers\wanarp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\watchdog.sys && icacls C:\Windows\System32\drivers\watchdog.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ULIAGPKX.SYS
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\UAGP35.SYS
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\rdpvideominiport.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\udfs.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\wd.sys && icacls C:\Windows\System32\drivers\wd.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Wdf01000.sys && icacls C:\Windows\System32\drivers\Wdf01000.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tcpip.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tape.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Synth3dVsc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\WdfLdr.sys && icacls C:\Windows\System32\drivers\WdfLdr.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\wfplwf.sys && icacls C:\Windows\System32\drivers\wfplwf.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\umbus.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\wimmount.sys && icacls C:\Windows\System32\drivers\wimmount.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\winhv.sys && icacls C:\Windows\System32\drivers\winhv.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\rmcast.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\usbccgp.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\wmiacpi.sys && icacls C:\Windows\System32\drivers\wmiacpi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\portcls.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\wmilib.sys && icacls C:\Windows\System32\drivers\wmilib.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ws2ifsl.sys && icacls C:\Windows\System32\drivers\ws2ifsl.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\usbcir.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\WUDFPf.sys && icacls C:\Windows\System32\drivers\WUDFPf.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\terminpt.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\WUDFRd.sys && icacls C:\Windows\System32\drivers\WUDFRd.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\tssecsrv.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\usbehci.sys
Network
Files
memory/2812-0-0x000000013FDE0000-0x000000013FE4C000-memory.dmp
memory/2812-1-0x000007FEF53D0000-0x000007FEF5DBC000-memory.dmp
memory/2812-2-0x000000001BB30000-0x000000001BBB0000-memory.dmp
memory/2812-3-0x000007FEF53D0000-0x000007FEF5DBC000-memory.dmp
C:\Users\Admin\Desktop\9╤☻▀ž¼♀╩æäñ4«µ☼č▌¼ø¥○▬╠▀¥▌«ä1Æ4ń8ö™♠9╥╧√☺♫®☼♣₧5♫╤▐♣™▌õ®■♀▼čš▄®▐☺√♣²╩█ΣÇ■♠φ6♦╩╩ß₧╩¥▄Ÿ54å×½8♥š♠◄∞╠♦¾○™
| MD5 | 9e1e5883c74742a497cf5c272ccd2321 |
| SHA1 | 2cf33e34d08b8e17743a60352baffef4b6f02dee |
| SHA256 | ca687b6a7c3d29b566f3e1988b9f877b51d9a83ee25ffe0755a8dcd3eb5f434a |
| SHA512 | f2284f0c624cc07a65c16f87865bb98aaa176b1d8b45cd4fbcc1143c9c2297fe6b1d4db55ef054be2bc151c8cc25ff4da7c997b7d38dae3dccd2ffe1c3c01a6b |
memory/2812-105-0x000000001BB30000-0x000000001BBB0000-memory.dmp
\Users\Admin\AppData\Local\Temp\Chernobyl.exe
| MD5 | 42d232a366705a95af9babb269a251b1 |
| SHA1 | 015b04d84cf13b8c93d11cc8c80a0f4571fb6847 |
| SHA256 | 97609ae0b6b53252439d92caf6261c32cad76a69c93047c336cc5c42b458af3d |
| SHA512 | cc7a88709390ec82c94c587f2569c22c72a210298e14d77a0ad0ab633013d49af703d1fe77af904c272914885597442474a2c487d5a9bd2553de794a3ee1ce56 |
memory/2812-116-0x000000001BB30000-0x000000001BBB0000-memory.dmp
memory/2812-117-0x000000001BB30000-0x000000001BBB0000-memory.dmp
C:\Windows\System32\kill.ico
| MD5 | 373d53d7c6709d5106b29a26a71b0d31 |
| SHA1 | 1708009c111266ba513503e06b94a5ccd402dee5 |
| SHA256 | de3f42bc53000d3dad58f3182108c414ce8062095ef390314fcc628473490c86 |
| SHA512 | 15b32cd9b87a9852d6ad0f03321edb15468e136a220ff4473bc109355c9b401a4c4f7eeb99ad7097c67f9cfac7c416f84038c0639e4db59561d2dbc74ef5d67d |