Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
101s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
22/07/2024, 19:41
General
-
Target
2024-07-22_97f44c7df82adc19ce025cfc8958245c_snake.exe
-
Size
10.1MB
-
MD5
97f44c7df82adc19ce025cfc8958245c
-
SHA1
699fb553ea85db7c6c5fc5118ab7a1a0c3b19602
-
SHA256
0fc9a98ed6bad1f94e0357b6bb833b4eca20bea119abc0cdfa3bb4caeeddcda1
-
SHA512
e2da423ba4eee8f4e836f5eeed82bfe9cf482a911200f805dcdff20d41901c73b40faf187c66ef2e32f9ec8f6d565c43f38229c026285dd0411d4c1c8c22c27e
-
SSDEEP
196608:QbxNMGrnhzvYf9EfmiAf1qkB8I9r1UhraBMBMBR:kMGr4+BAf1qC1caBMWBR
Score
10/10
Malware Config
Signatures
-
Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
-
Enumerates VirtualBox registry keys 2 TTPs 5 IoCs
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
-
Renames multiple (1989) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory 1 IoCs
-
Looks for VMWare Tools registry key 2 TTPs 1 IoCs
-
Possible privilege escalation attempt 64 IoCs
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 9 IoCs
-
Loads dropped DLL 13 IoCs
-
Modifies file permissions 1 TTPs 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks system information in the registry 2 TTPs 1 IoCs
System information is often read in order to detect sandboxing environments.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-07-22_97f44c7df82adc19ce025cfc8958245c_snake.exe"C:\Users\Admin\AppData\Local\Temp\2024-07-22_97f44c7df82adc19ce025cfc8958245c_snake.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\thirdpartyclamavinstaller.exe"C:\Users\Admin\AppData\Local\Temp\thirdpartyclamavinstaller.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\thirdpartyclamavinstaller.exe" "C:\Users\Admin\thirdpartyclamavinstaller.exe" & pause2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\thirdpartyclamavinstaller.exe"C:\Users\Admin\AppData\Local\Temp\thirdpartyclamavinstaller.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /F "C:\" /R /A /D Y3⤵
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\" /grant %username%:(F)3⤵
-
-
C:\Windows\SysWOW64\cmd.exe"cmd.exe" /C rd /s /q "C:\"3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\thirdpartyclamavinstaller.exe" "C:\Users\Admin\thirdpartyclamavinstaller.exe" & pause2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\thirdpartyclamavinstaller0.exe" "C:\Users\Admin\thirdpartyclamavinstaller0.exe" & pause2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\jigsaw.exe" "C:\Users\Admin\jigsaw_backup.exe" & pause2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe"C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\a.exe" "C:\Users\Admin\a_backup.exe" & pause2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\a.exe"C:\Users\Admin\AppData\Local\Temp\a.exe"2⤵
- Enumerates VirtualBox registry keys
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Looks for VirtualBox Guest Additions in registry
- Looks for VMWare Tools registry key
- Checks BIOS information in registry
- Executes dropped EXE
- Checks system information in the registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2608 -s 163⤵
- Loads dropped DLL
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\b.exe" "C:\Users\Admin\b_backup.exe" & pause2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\c.exe" "C:\Users\Admin\c_backup.exe" & pause2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\c.exe"C:\Users\Admin\AppData\Local\Temp\c.exe"2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\f.exe" "C:\Users\Admin\f_backup.exe" & pause2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\f.exe"C:\Users\Admin\AppData\Local\Temp\f.exe"2⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\l.exe" "C:\Users\Admin\l_backup.exe" & pause2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\l.exe"C:\Users\Admin\AppData\Local\Temp\l.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\m.exe" "C:\Users\Admin\m_backup.exe" & pause2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\z.exe" "C:\Users\Admin\z_backup.exe" & pause2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\z.exe"C:\Users\Admin\AppData\Local\Temp\z.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\of.exe" "C:\Users\Admin\of_backup.exe" & pause2⤵
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "16735385051007087732841232246-250878898-763613591-4423729101946440359-1667615232"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "644755385-1109226277-797560148-922680999157116610471916322-887143720974345163"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "492767819-897972058-1186782466-1050292753-11957917531440626874-129824754477879214"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-5585211203569483601909083767553389832-1958354290-176117167257182786-1988089000"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-122306162-2063084594676678345-10999644011824658600-1699659074948363633-47424905"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "7212850291699254736-149777016-1895536173-9927213651199032588-1488824056-565126292"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1807352755-15316129011003678026-172078554-420581703-1364091557-1578726263791425493"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-10776871681330380151752484889171338303220649215237336949221372377306-897003984"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-848733894-130815721-13081939101976422784-96363177-814697608-1717478858-1214705325"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1861540162-17302467105206174320766835601432200656-2069899451880154708-1203055027"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1623476603-1297791544-3715915851390489817-160949007510347222441172277163-622597057"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "256130468-5368216751858502685-2014917360-1233089645816191749-1685293535393062473"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2069280849-29860883420739273271533439588-1753997529-1174892779-1137800883-1465280756"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1086232159-5863687863857338411798641281392025794-1398882949-5495006091816640701"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "568290953675160053-18269656894955180431748277164222213666917692329418250118"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "692446073-1981349997-213798785319721101271421568600-397043779-5601015852040336271"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "533587292-17998487089780233212128490352-101460161010797462544391724781015862024"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-70180073212383113417526614281936476375-149813125-2034805179-1161628886-597444406"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1282923282-835104976-2060439727392530173-1885525531388198990-499129131-1597942589"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-101596946717376962141248900321-19736292941090374158-1603265110-1677982279-91885754"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "19074621911831839879-20982318811000482630-57619360110710796991907196256-1082433"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-633165038-13426799551306334211553689867-9883316065676910443605449271548181908"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1829830591-1809449359-8008983831063243027704188482-2089788472-1040800452-1586129492"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-12840640632047227327-129488097120132493641766677516296878382120406676169769731"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1353216640-1820126842-1478392637-1841690604915261462-113284448-2122194736-789710798"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1382661826-117749044118153271331034813138-857832345754635550-2144141263312042465"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-8038029391718157687177910991628917088-1308176562-1415700112158581927175953162"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-44268806-172209594130671578-640519033-59133398017009448711398874275-1001789945"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1338617184-1845508411-16284416961626922694157197848810682006831055216847363651622"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1191282202750310512-1243397679-20540570802871543121783004855-951985591-755365197"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1319454438-11729913871800062134-1502144684426831353484666012092407376188256208"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-473289242908002221-1476207351972596508-31248672-960301488-78562865219059942"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "810946529-154531682017228086-524697744-16607965114822001681063971785-764727994"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-5744928341028768651-15474574341054431706949556186794654911-1117482242-1524413524"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2776320471644711578941085998-11219664341028258100227497039760050144-510800699"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1884118031-1301200232-548094891-20880557561155396430-3341315132684935711455730522"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1699520743-584467418-1810088445210323528118197939191488851402841830902749793888"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-296949976-1237663957-1991593678-1119071542-2366414651501376071-571319958-1880030319"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "619861769-1588249786-1108129791765428080-530306594-19131617521444755152-1479092992"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1370653812168974557917091530841214711335-108285162460983638-415412982685259980"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-11861703131846438236-15877220072085026692-1275318932-1609208453499273544-2096271166"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "440444819-1317158941-13406229021496220548-368539120-445623370-1940780224-548474942"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "676245158-11071399171160159153-4429780731491546558293076888890453292253012135"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1693528567940946955774012897-106108822-365704231-95732257-1032066888-569458710"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1035172284550030386-559147911339915983-17185480191039434394-1370533723715726063"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1222703245-1611331178-465889081-8065677791034048664-289363406-692252948-1927477440"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-6799084526681132981262230170-585414603-10353649198856259971788488916738210602"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "545155418-66398943-1965313290-186281981517396987641238233281391806434-984883278"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "408946852-898172548-1367382114-582431705-18168618551030410911-1198103655-551833702"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1771896050-9047636703187719881297410221747006395-2028316996-5524147341729304676"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-17516670-152060040302498721-1299484420-1480258988-150094029817011968321718266144"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1681748394-1509897510-981523551894246244-1688740471-94627531-7212287041406309855"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2073575788-39873356207288818-275912220-2601835899596253671988444461-1468878817"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-238863049-632757051692188078-879077740-152490069220996992551630700829-1971792018"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "116158779729166325-270051380-17135984261255171882440121155-688257315-1386912035"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2248788414364209801177466762-190721819419000066321683379231-164458429-1714756360"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "610611051818893500-19772760011193125610464301183602606275-196055950-923646837"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1657998583-8302218581190456719262069901620284943-42881610310391991741015395179"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-7008244301514420604452679981259948195-2724038181997738995-1279268708-313535427"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1561273616-2501345321083797091566521916-1293672699128227997-11984809372145225410"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1331063814-547709296-1188236477-14842488755443760401902733881-2119222124528774581"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1629306438-7707377507004263398460405521222183593-531073748-1800865727-1621888715"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1282600267-494982054-1229099416-1193396237-786698354-1088196031-18300792161475157825"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1881774724822743315-1361784570-19236518461209917625-1179785137-5554829461356938613"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-185740686-17266820521310099632-152089486-19311058131182302661-406892308-1507518082"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1358750866-1680339440926779747-17102642301974674555-11702660931023528534182890345"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1767330394522894394837162671-203597110720845766001633965804-66789254715573096"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-725694451-517586569-13387507321637622738-1905785311380234460-13978031961277508403"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "581665270879767262-36950197-1718697386-1044115151-173624631-18343702291772525492"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1061160567-118720384596386297-473633499-1227514507-58128578-578547065-277781129"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2118131956-2086461930942759215872963819400077956062082721495721963124738"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-983087396-1460632632-21407477921960200025161055961013650576581878834697-917816286"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1772666972-325939269-654605408-214336852315100951591544125959522630360-1898781235"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-5337765-396622489-910737058066129541065656192889250950-599293464111527443"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2024595613-1567978948-1120955414-19963785461455578504-937297833-1106348113-1969899208"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1153781593281844393-9296117901050302230-12996194901629522478-1957570676-170290038"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "915939531-71940378815555394597613471211654668701-122697480456728685-839352908"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-155176177419253360191825465378-115398667-1677085996-1620989382-214034906-572860915"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1908294429-131691289510963178845782354592094107934-31687534217838994471291810232"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "82689384510499367991960822197-245881712-4886047941385531686-18393084641927564117"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "11175464321448088914-15480426111013215175-21137633171388889364240521453256488083"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1829118479-6337592661745420577-2001410027916312465-2126163078-192346514215014172"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "986848538-268313180-6181742421284764899-1792538791-1859946226-918205203-1313806229"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1279501663-57116618820261865241855122029-1326856561910194932-925656660786112628"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-3512212752138031416164035319-6896331161441316242462148042-1768488571-975507829"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-190298188312634902041289295222124855476714139883132113335932-1613722450-1971946850"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-6676818371138867795-633155965-50332625210375693-2023374522720579230175243"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-10866555851610727504843578912139350495-1860762487-17392606891017261792957919794"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1049725256187558889342121884918897936526987855111949577957-12269874982141756355"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-213374226128597506511907529001511885332-1538940799-176654530-81203786931799623"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1466903261-898126058-264160536-2144160117-1928714142495328024-878679851-44015165"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1173763340-1921619010-1497576259130703526011545071421039220648-311472033-805093119"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "4926048052036977211621817970-399529400163189646-19003782242009900481652003546"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1460005151-1247397-1277325471-399614775-55290622-1736446810-1328455374-732311306"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "590516467-18283943527064418017680517671967937843-124406597244809859-718583836"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "4962966858515341201295197246-1153900967159644086-1028272992-857516568416625894"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "88229893320980114313305194242079233800-1829225040405586313-1161244941-991144408"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-137557694-17245061941673516938-74932220-2066357913540816003-526636691-515152998"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1063134233-2138324130604234652-635005860-1458108271-646622722-13931330841742412532"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-18890141310680774872096823069879934843-13106694845721053218089483111326388056"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-20592463541283932138-13075865024454732958127769351609479670-300352167-1995456049"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-328524876760128268145452285917338017-104744942-684949144-10766894461924376646"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "916608713-1588577528-1987033294-1309092104579695654712283930642816075-1904855294"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-666335586666412603-1185398391-1767166423357343061490692339951158562-2081346822"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "550406205-1538758648-162924134912768169461452726714-19545018661743000681-42032169"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "720990682-316606314-9839251911407660066225087269219617664-7532562131866388743"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "45930006714360395267660830721175175278-18603813991441968214-1967304071-1494747709"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "9231211191521736123-7043906551664080310729890335-1028727062-769240451-1155219922"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-97812741367665502-11257947999974201101691512961-1168337305-1430968084238576757"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-78889240180462906-625085871-1810064434-2053158378845740052-1518861148628419252"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1901145541-1920113112-1928330796-1683448120-6810577162093146801-1761798488-1221822372"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-9062883851911616903287788812-10246506591124614535374898636-460908737-1007622985"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "73150364-3857421931663180719-14860196221144315654-7013901573693582891560054429"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1263306921-1637196776-1588311572-1688950249-1575672764-1879680948542424767273510774"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1615516967140816948157586740-451025722-207336638-9853838511082258435-678620012"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-151494474514920601-6439182541495540267-398370773-783885103-1150588138255968150"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1993098777-1477819165-784391709-1405122-107401210112315394381232159345-1704890164"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "339003750549447170-1117067524-1163552473-439215456-161382995014515902221873543603"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2018238378-579799479-2074410776-18973752697015826251828757259-1051523326-1049628936"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1666215817-1393561218-501751823-1153866947-5759989599034177-1083134002-1821795941"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-755819213-684203581-15143989512106626795-41469596120075240651937860164-1596805035"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1522826531-986346094-14709020131820628059-451284241-838216013-2048856766-754894320"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1238174203-52058845092072112319836352621529159311-868491612514024175-1663974976"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-370027665-705917422-864981791-50145804-119733196-12034240679392463241920780609"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2005300958702096306174086560-882975910-541102405-344277978265643070786907018"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1152522388-176682589516570193832026290838-8106485887356515-1879943946-1675280089"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "973662691-146189599216495718801395491201-66899885916774366851075976371574796539"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1933922849-7764669121575362995-19455813792085335804-863472666-615789152-1786229823"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-700427061-600658507-1431022364-497756740210551808-1008917010-325032968681730538"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "20288559137780550602023984908473758931-2068532910-1738247419-735094455-826913347"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1322266116-1977379754180239136317632113391205884114961977849-935252374-2033954711"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1843359720-240245930-668598661-550289391-3303522691336202795-269239542472040685"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-15513629396806913031549979416-30931768413810736011808015808-665126517-1416545422"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "167050503-1006745965-17886564821730003225-1451072969-402356198-1953304932-159849301"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "19613353421679915299-1774185190-90266837013539817981266079095-3536919841395659029"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-106012849815931283641520918405-15717980731754697342-11079680711790437391-1104007782"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1204634495-7168179591142437680-1650150328985314380-17954175101690673539-1211811368"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "14660981262066889380-792754979-10867389702525052901572418985-1286505106769267755"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1195406311-38414225836739963917156753541290013349-572709816-17929918422120237064"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2989067761387863876-1714515759-662025432-95856502785711788-1564080048-169041875"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2104822201-1253323750-7581243601552711085-1535524134-239812130-2111061261-609254482"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-4349625361378577158-51272271-1352144499-128046868396215570-2740999311687969511"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-7294957584147618178640501-96022279022146287935803951768950970-553372654"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1377800768613498342220839869-11592525811744666625771917881611981019-2087196260"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2072131126307223228-571191717-290442831640749015-12046657241988428250-1790897195"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-747072338-634554629-79609964818992845231319716868-1797134156-1595893612523823904"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-316976950783589777-303198193-1889982986-1055973505139178521-2025597192-541022665"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-4062111181367121085-611416901-948375528-1012483233-1157596792532729557453814716"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1091218618-227439514-48005466993887356119539915161743265331-1451578357-1220104393"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "12377027231700016876-1866178857211938436159149026639512914-1869102781166726464"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-75064858118739454491033145881964361625-1295092694-575058813-1606055315-216881727"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-209358760711355141171408178658-1333369793-139595140-572801060-2145687551994194614"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1437120459-1933380487-11440941503626180201730743640-2009657853889519611-431927420"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1517638005457569820-1045817769-8148855407841268-1619040560-476942081574118627"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1952842760-661464125973789853152471221914609880187934574876917135245616021"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1738227033-1076872061267262394526918131-718519743996149703-38817752831797007"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-592222792-7750222331716439943-2068743817-14081285001140157956-18196592622033367208"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2039510116534733643-1332105535-104917652415187607764517336712299615562075132990"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-755560827177202988913432074415346034481617929106-182988885-423683762-476012299"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "95442282-503387051-3177536331132463157113001612811526137254926087821647623591"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2139302180-924017422936817471989275801-425044507-20682774401069563995451208377"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-265130276-169345076115359451637080188815494732991074857330-899182645548787476"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "747363370-1224108492202974418506816619-946955417-543099413-1187364530474438942"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-13801564521909420850-1620132690263851651-903086574239094875-1232954624383433670"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-2038907191-59991445-7399414451585077969-1371084618483668802-605906921-1629317059"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "6199111853323046961915158696-424928257-1095596989-1663131872202420849-753065376"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-120432408118467703812283982741188050969-1681733848-1710533691-387650932-1351220175"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2028328926-436272318-1307671728-39240947-288667078-347330218-1588400267-2178098"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1816240017-2142967903473751139-316668251-831222000-194266489-1182404301-326565"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "11472970851016319492-483520378-8895243021709308033-699751050-1742548471-1941049577"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2088003024-1224462642808418741-1937019165-198424831714299792562016018886-2016548744"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-426522421-1815803749651035926-799898980872632302-1516463217-1090138026-1728323983"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1389924605-6014212581351885809-114525492-906709727275972779-19125837481964381032"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-16112892041220033275-1999249169-134493574521429442011080573845-178291565504024689"1⤵
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
2Virtualization/Sandbox Evasion
4Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160B
MD5000e8c41d4a15fb34d0be0dbb56e3778
SHA100c4eae64ee6239d7c65d819c6ce1ac329224f8c
SHA2568bdfa6a5b7de345cf0d4fe0e9c17d8b0e9db26d58b05b1b2ebbb3a05a068ff28
SHA512775d832eb8ab73e4a93789917dca69edb6c91fbb426e02acf7c6e213ffb4575776187209d1c471fbf57c4621ea3c23d9850f6dfc2770d62c17de9d66710800af
-
Filesize
96KB
MD5ddfe44f87fac7daeeb1b681dea3300e9
SHA19a7291fc90f56d8c46cc78397a6f36bb23c60f66
SHA256951f74882c1873bfe56e0bff225e3cd5d8964af4f7334182bc1bf0ec9e987a0a
SHA512775a17e879e23262b3102c88218de6c1adde8e3a8c7112937aa63cb159c52e280f30782d5c6925661b0e92c63472345fe1eaa0e354b9a14412fbbd6550b5487f
-
Filesize
44KB
MD56d1a47574ef7598017c13d64769cccfb
SHA11d75bfb18ffc0b820cb36acf8707343fa6679863
SHA256d61417d72a054d45ee33e395079e9d674f891a42ed0ec5357b5a8d91c69858a6
SHA5127e4f90cd9f1c072089d626a51cffb3e89216e2ad5c55ade7b2c2f4f2d8106d5bc2030d2e1f6745cc47bf12180f566c2eb88dc0925f3040eb641e1fb1e6239f13
-
Filesize
60KB
MD514a2065165fca7f48b20123ea1ca8d2d
SHA1f6371909e9b9751d3f7539a75ec0f024cd3094bf
SHA256cb8068f6f5623b19fea0e5e8657ea059283dc7fbb04ac61c204b8fcf9b09cc3c
SHA512eadd1e658b19805cc64a8a9a391f42fcae5c410c89b95a1b2e5d8615aadc1e873fb67e214fff5f96163b8340bc37443cfbb4d50eccd2b8e06b6294f503adf103
-
Filesize
334KB
MD5e00216958f15f1db6371b583a3ea438a
SHA14b9e71615b37aea1eaeb5b1cfa0eee048118ff72
SHA25681e96c07e6c9cb02f72c0943a42ff9f8f09a09c508f8bbaa1142a9ee4f1326cf
SHA5129d46b4fbf26c775929e95e145b390f0d12566e482920f629b342db2aaa37c5a40a789226ecfe51ba0f0b94fce827b9f53180232cda48bae510cce1e3b37bed16
-
Filesize
11KB
MD5c406d8a0b58a59cfacbd41a267cec4bf
SHA184f496a9337aa2f8055fcbf5aa77b67d48bd0e21
SHA2563e3950ea1bd00d98ceb91d7be28beb40772af548d32c9584fa631eda1db01642
SHA51208a6a905f91faa40a116e071fe153bfd75e43dd47b2d21a56ebad8409102b078f79c854f9d72612d5a9bdc5e5ae9f05324d421334c35fc2402bbe9f9fb47bfa2
-
Filesize
85KB
MD50d3da5adb9bb63c7fcb0185756601749
SHA172dbd9bc44173033b504dddc655b2082e99cf2b9
SHA256f31034fffec424d6e4505318400ecc3b00f8c2107c1823510a037b11a49f0741
SHA51212cb90877e442deb37ca64e911a9d699b3d799e89889f023458bf6f032eb2838b344bddb02cfed82aaae5af84b172d0acd95d84b9db469e2d4cb28586cd30e14
-
Filesize
16B
MD5cfdae8214d34112dbee6587664059558
SHA1f649f45d08c46572a9a50476478ddaef7e964353
SHA25633088cb514406f31e3d96a92c03294121ee9f24e176f7062625c2b36bee7a325
SHA512c260f2c223ecbf233051ac1d6a1548ad188a2777085e9d43b02da41b291ff258e4c506f99636150847aa24918c7bbb703652fef2fe55b3f50f85b5bd8dd5f6e3
-
Filesize
1.7MB
MD52d4991c3b6da35745e0d4f76dffbca56
SHA161340c41787d16b753598670de2cb1dcf50718c5
SHA2563dacf5cd40090a6d011f1e522eaed2d29699b9d892ce122ea406e0c9d03d5d2d
SHA51287eb0d4957d81c9ec3be2bf5f032428b4d8e298b8dd70c6a5fc9cd98ad2bb12beb457b32ab698452cb558fdd98e6a78fb081fdf22f63ad0238f0a8ff1092a17f
-
Filesize
2.4MB
MD5d948d4b6db5d6d6e2e1ba6c0fa4bf008
SHA105846d5b1d37ee2d716140de4f4f984cf1e631d1
SHA2561f43703d2171ab90e98357b6dfdf824417baa191a59419c27fce42cbafdb7ecf
SHA512fce681b3721eaf87f27b758782095e34665517ea4e0529cf18b32c4d0d5270ec40c8acf296ad2665e60a6e7e0430807f87e01e3a145902c9fea2a3c83100c15d
-
Filesize
3.0MB
MD54994952020da28bb0aa023d236a6bf3b
SHA1af807380a745a4bcf937b87a081ef895ee7f15ba
SHA256bb8c0e477512adab1db26eb77fe10dadbc5dcbf8e94569061c7199ca4626a420
SHA51288393499d0816c173ea0b983995833e82e1aac1a73554d0b64d959b69dcf943644ab74927ad576bda48bbdace66256900aab33383f5a0546f6dfe21a8dd5662a
-
Filesize
14KB
MD505bd1940ef02d78bc2bd107e81f729f5
SHA1dd5a4c413464dd21143e98f57484ea979e79d057
SHA256576e4c14ef11683d332abc303503e257084cfef8ced3072549bdecd0a44bfbe1
SHA5125967ddaa8eef68883a29de0b470ea101a0c2fb7ba51e7e45ecef1c2f31391993fa9514300c778c1931581b44001f672affb0217333353797742e821e7e885343
-
Filesize
88KB
-
Filesize
152KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
10.1MB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
1.1MB
-
Filesize
1000KB
-
Filesize
1000KB
-
Filesize
1.1MB
-
Filesize
40KB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
6.9MB
-
Filesize
1.7MB
-
Filesize
88KB
