a021d90ce67e2b7377f7cd6bdd4f2bfa24c9df1977e63c17f305855c28643946

Analysis

max time kernel
150s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

script.vbs
Size

784B
MD5

6c620f860d8abeaa47f87a16cf10329d
SHA1

eeb959357c4faac19f13c6fe3b11c80a90a5572a
SHA256

a021d90ce67e2b7377f7cd6bdd4f2bfa24c9df1977e63c17f305855c28643946
SHA512

2007c008c40ec23e21945bcc59d1c5ccd24800eef62e9e5327d324d9554d8478162bb74023d848092b4c6d0533c862d3f9c69f6e77bb1dbb8605e28e3e44c692

Score

8^/10

credential_access discovery exploit spyware stealer

Malware Config

Signatures

Possible privilege escalation attempt 64 IoCs

exploit

pid	Process
2120	takeown.exe
4420	Process not Found
4676	Process not Found
3224	Process not Found
4400	Process not Found
4828	Process not Found
4160	Process not Found
1580	Process not Found
3360	Process not Found
3980	Process not Found
1368	Process not Found
3764	Process not Found
2408	Process not Found
3512	Process not Found
4072	Process not Found
1488	Process not Found
3972	Process not Found
3960	takeown.exe
1280	Process not Found
4880	Process not Found
1676	Process not Found
4864	Process not Found
4528	icacls.exe
4000	Process not Found
3888	Process not Found
1484	Process not Found
3888	Process not Found
3092	Process not Found
3220	Process not Found
404	Process not Found
4556	Process not Found
764	Process not Found
1548	icacls.exe
1416	Process not Found
4468	Process not Found
4256	Process not Found
1516	takeown.exe
876	takeown.exe
3528	takeown.exe
2684	Process not Found
5076	Process not Found
4660	Process not Found
4076	Process not Found
2980	Process not Found
3932	takeown.exe
3664	takeown.exe
748	Process not Found
4104	Process not Found
1708	Process not Found
1064	Process not Found
3140	Process not Found
2668	Process not Found
2652	Process not Found
3236	takeown.exe
4556	takeown.exe
2468	takeown.exe
1392	takeown.exe
2732	icacls.exe
2908	Process not Found
2608	Process not Found
2096	takeown.exe
4248	takeown.exe
2344	Process not Found
4244	Process not Found

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	WScript.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Modifies file permissions 1 TTPs 64 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1524	Process not Found
4340	Process not Found
368	takeown.exe
4828	takeown.exe
4784	icacls.exe
3824	Process not Found
4596	Process not Found
2816	Process not Found
2568	Process not Found
4400	Process not Found
3112	takeown.exe
4608	Process not Found
4840	Process not Found
4328	Process not Found
2064	icacls.exe
3596	Process not Found
4756	Process not Found
4924	takeown.exe
1596	Process not Found
3128	Process not Found
768	Process not Found
3384	Process not Found
4784	Process not Found
4876	takeown.exe
4520	Process not Found
2420	Process not Found
1084	Process not Found
2984	Process not Found
2828	Process not Found
2612	icacls.exe
2836	takeown.exe
224	Process not Found
4696	Process not Found
3756	icacls.exe
1744	Process not Found
4220	Process not Found
748	Process not Found
368	Process not Found
2864	takeown.exe
3168	Process not Found
4424	Process not Found
1636	Process not Found
1756	takeown.exe
4000	icacls.exe
3824	Process not Found
636	Process not Found
3760	Process not Found
1956	Process not Found
3112	Process not Found
4188	Process not Found
4444	Process not Found
764	icacls.exe
4556	Process not Found
3380	Process not Found
4488	Process not Found
5112	Process not Found
4700	Process not Found
4256	Process not Found
3916	Process not Found
4248	Process not Found
2968	icacls.exe
2864	Process not Found
2732	Process not Found
3180	Process not Found

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Password Policy Discovery 1 TTPs
Attempt to access detailed information about the password policy used within an enterprise network.
discovery

Password Policy Discovery
T1201
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
804	cmd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3900	WScript.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3900	WScript.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 5104	3900	WScript.exe	82
PID 3900 wrote to memory of 5104	3900	WScript.exe	82
PID 5104 wrote to memory of 2940	5104	cmd.exe	84
PID 5104 wrote to memory of 2940	5104	cmd.exe	84
PID 5104 wrote to memory of 1632	5104	cmd.exe	85
PID 5104 wrote to memory of 1632	5104	cmd.exe	85
PID 3900 wrote to memory of 1356	3900	WScript.exe	86
PID 3900 wrote to memory of 1356	3900	WScript.exe	86
PID 1356 wrote to memory of 2980	1356	cmd.exe	88
PID 1356 wrote to memory of 2980	1356	cmd.exe	88
PID 1356 wrote to memory of 2432	1356	cmd.exe	89
PID 1356 wrote to memory of 2432	1356	cmd.exe	89
PID 3900 wrote to memory of 3604	3900	WScript.exe	90
PID 3900 wrote to memory of 3604	3900	WScript.exe	90
PID 3604 wrote to memory of 4160	3604	cmd.exe	92
PID 3604 wrote to memory of 4160	3604	cmd.exe	92
PID 3900 wrote to memory of 3624	3900	WScript.exe	93
PID 3900 wrote to memory of 3624	3900	WScript.exe	93
PID 3624 wrote to memory of 432	3624	cmd.exe	95
PID 3624 wrote to memory of 432	3624	cmd.exe	95
PID 3624 wrote to memory of 3832	3624	cmd.exe	96
PID 3624 wrote to memory of 3832	3624	cmd.exe	96
PID 3900 wrote to memory of 3496	3900	WScript.exe	97
PID 3900 wrote to memory of 3496	3900	WScript.exe	97
PID 3496 wrote to memory of 2768	3496	cmd.exe	99
PID 3496 wrote to memory of 2768	3496	cmd.exe	99
PID 3496 wrote to memory of 4764	3496	cmd.exe	100
PID 3496 wrote to memory of 4764	3496	cmd.exe	100
PID 3900 wrote to memory of 4300	3900	WScript.exe	101
PID 3900 wrote to memory of 4300	3900	WScript.exe	101
PID 4300 wrote to memory of 4804	4300	cmd.exe	103
PID 4300 wrote to memory of 4804	4300	cmd.exe	103
PID 4300 wrote to memory of 4184	4300	cmd.exe	104
PID 4300 wrote to memory of 4184	4300	cmd.exe	104
PID 3900 wrote to memory of 1824	3900	WScript.exe	105
PID 3900 wrote to memory of 1824	3900	WScript.exe	105
PID 1824 wrote to memory of 4368	1824	cmd.exe	107
PID 1824 wrote to memory of 4368	1824	cmd.exe	107
PID 1824 wrote to memory of 2612	1824	cmd.exe	108
PID 1824 wrote to memory of 2612	1824	cmd.exe	108
PID 3900 wrote to memory of 340	3900	WScript.exe	109
PID 3900 wrote to memory of 340	3900	WScript.exe	109
PID 340 wrote to memory of 3960	340	cmd.exe	111
PID 340 wrote to memory of 3960	340	cmd.exe	111
PID 340 wrote to memory of 3436	340	cmd.exe	112
PID 340 wrote to memory of 3436	340	cmd.exe	112
PID 3900 wrote to memory of 4568	3900	WScript.exe	113
PID 3900 wrote to memory of 4568	3900	WScript.exe	113
PID 4568 wrote to memory of 2968	4568	cmd.exe	115
PID 4568 wrote to memory of 2968	4568	cmd.exe	115
PID 4568 wrote to memory of 1788	4568	cmd.exe	116
PID 4568 wrote to memory of 1788	4568	cmd.exe	116
PID 3900 wrote to memory of 404	3900	WScript.exe	117
PID 3900 wrote to memory of 404	3900	WScript.exe	117
PID 404 wrote to memory of 796	404	cmd.exe	119
PID 404 wrote to memory of 796	404	cmd.exe	119
PID 404 wrote to memory of 3140	404	cmd.exe	120
PID 404 wrote to memory of 3140	404	cmd.exe	120
PID 3900 wrote to memory of 4632	3900	WScript.exe	121
PID 3900 wrote to memory of 4632	3900	WScript.exe	121
PID 4632 wrote to memory of 5088	4632	cmd.exe	123
PID 4632 wrote to memory of 5088	4632	cmd.exe	123
PID 4632 wrote to memory of 216	4632	cmd.exe	124
PID 4632 wrote to memory of 216	4632	cmd.exe	124

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\script.vbs"
1⤵
- Checks computer location settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\ && icacls C:\Users\ /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5104
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\
    3⤵
    PID:2940
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\ /grant everyone:(f)
    3⤵
    PID:1632
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin && icacls C:\Users\Admin /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin
    3⤵
    PID:2980
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin /grant everyone:(f)
    3⤵
    PID:2432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\3D Objects && icacls C:\Users\Admin\3D Objects /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3604
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\3D Objects
    3⤵
    PID:4160
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData && icacls C:\Users\Admin\AppData /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3624
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData
    3⤵
    PID:432
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData /grant everyone:(f)
    3⤵
    PID:3832
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local && icacls C:\Users\Admin\AppData\Local /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local
    3⤵
    PID:2768
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local /grant everyone:(f)
    3⤵
    PID:4764
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe && icacls C:\Users\Admin\AppData\Local\Adobe /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe
    3⤵
    PID:4804
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe /grant everyone:(f)
    3⤵
    PID:4184
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1824
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat
    3⤵
    PID:4368
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:2612
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:340
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC
    3⤵
    PID:3960
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC /grant everyone:(f)
    3⤵
    PID:3436
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4568
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache
    3⤵
    PID:2968
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache /grant everyone:(f)
    3⤵
    PID:1788
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr
    3⤵
    PID:796
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr /grant everyone:(f)
    3⤵
    PID:3140
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Color && icacls C:\Users\Admin\AppData\Local\Adobe\Color /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4632
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Color
    3⤵
    PID:5088
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Color /grant everyone:(f)
    3⤵
    PID:216
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Color\Profiles && icacls C:\Users\Admin\AppData\Local\Adobe\Color\Profiles /grant everyone:(f)
  2⤵
  PID:2156
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Color\Profiles
    3⤵
    PID:872
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Color\Profiles /grant everyone:(f)
    3⤵
    PID:2456
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Application Data && icacls C:\Users\Admin\AppData\Local\Application Data /grant everyone:(f)
  2⤵
  PID:3852
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Application Data
    3⤵
    PID:2064
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms && icacls C:\Users\Admin\AppData\Local\Comms /grant everyone:(f)
  2⤵
  PID:3112
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms
    3⤵
    PID:4940
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms /grant everyone:(f)
    3⤵
    PID:1836
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore && icacls C:\Users\Admin\AppData\Local\Comms\Unistore /grant everyone:(f)
  2⤵
  PID:1844
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore
    3⤵
    PID:4248
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms\Unistore /grant everyone:(f)
    3⤵
    PID:2572
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore\data && icacls C:\Users\Admin\AppData\Local\Comms\Unistore\data /grant everyone:(f)
  2⤵
  PID:4292
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore\data
    3⤵
    PID:920
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms\Unistore\data /grant everyone:(f)
    3⤵
    PID:2396
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp && icacls C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp /grant everyone:(f)
  2⤵
  PID:2492
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp
    3⤵
    PID:4980
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp /grant everyone:(f)
    3⤵
    PID:1804
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms\UnistoreDB && icacls C:\Users\Admin\AppData\Local\Comms\UnistoreDB /grant everyone:(f)
  2⤵
  PID:4048
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms\UnistoreDB
    3⤵
    - Possible privilege escalation attempt
    PID:2096
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms\UnistoreDB /grant everyone:(f)
    3⤵
    PID:4756
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform && icacls C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform /grant everyone:(f)
  2⤵
  PID:4676
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform
    3⤵
    PID:3780
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform /grant everyone:(f)
    3⤵
    PID:4836
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin && icacls C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin /grant everyone:(f)
  2⤵
  PID:3596
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin
    3⤵
    PID:3536
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin /grant everyone:(f)
    3⤵
    PID:1468
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google && icacls C:\Users\Admin\AppData\Local\Google /grant everyone:(f)
  2⤵
  PID:1584
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google
    3⤵
    - Modifies file permissions
    PID:4924
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Google /grant everyone:(f)
    3⤵
    PID:2788
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome /grant everyone:(f)
  2⤵
  PID:4212
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome
    3⤵
    PID:2032
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Google\Chrome /grant everyone:(f)
    3⤵
    PID:2508
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data /grant everyone:(f)
  2⤵
  PID:4500
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data
    3⤵
    PID:2688
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates /grant everyone:(f)
  2⤵
  PID:2820
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates
    3⤵
    PID:3128
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics /grant everyone:(f)
  2⤵
  PID:208
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics
    3⤵
    PID:2616
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation /grant everyone:(f)
  2⤵
  PID:3952
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation
    3⤵
    PID:4684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad /grant everyone:(f)
  2⤵
  PID:4160
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad
    3⤵
    PID:4760
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments /grant everyone:(f)
  2⤵
  PID:224
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments
    3⤵
    PID:5028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports /grant everyone:(f)
  2⤵
  PID:940
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports
    3⤵
    PID:1300
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny /grant everyone:(f)
  2⤵
  PID:3932
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny
    3⤵
    PID:112
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default /grant everyone:(f)
  2⤵
  PID:2148
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
    3⤵
    PID:4368
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase /grant everyone:(f)
  2⤵
  PID:1956
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
    3⤵
    PID:1948
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage /grant everyone:(f)
  2⤵
  PID:2316
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage
    3⤵
    PID:2336
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\87aac0f0-31b7-42f2-826c-1f0bca1a3b3e && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\87aac0f0-31b7-42f2-826c-1f0bca1a3b3e /grant everyone:(f)
  2⤵
  PID:4996
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\87aac0f0-31b7-42f2-826c-1f0bca1a3b3e
    3⤵
    PID:2780
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase /grant everyone:(f)
  2⤵
  PID:4820
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
    3⤵
    PID:2204
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache /grant everyone:(f)
  2⤵
  PID:3672
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache
    3⤵
    PID:216
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data /grant everyone:(f)
  2⤵
  PID:636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data
    3⤵
    PID:872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db /grant everyone:(f)
  2⤵
  PID:1620
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db
    3⤵
    PID:1120
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache /grant everyone:(f)
  2⤵
  PID:2516
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache
    3⤵
    PID:4136
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js /grant everyone:(f)
  2⤵
  PID:4004
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
    3⤵
    PID:4552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir /grant everyone:(f)
  2⤵
  PID:4448
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
    3⤵
    PID:1596
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm /grant everyone:(f)
  2⤵
  PID:3888
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
    3⤵
    PID:4548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir /grant everyone:(f)
  2⤵
  PID:1860
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
    3⤵
    PID:1976
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db /grant everyone:(f)
  2⤵
  PID:4188
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
    3⤵
    PID:1636
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db /grant everyone:(f)
  2⤵
  PID:3428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db
    3⤵
    PID:3676
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases /grant everyone:(f)
  2⤵
  PID:2560
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases
    3⤵
    PID:4520
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache /grant everyone:(f)
  2⤵
  PID:4676
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache
    3⤵
    PID:3092
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db /grant everyone:(f)
  2⤵
  PID:3052
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db
    3⤵
    PID:804
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service /grant everyone:(f)
  2⤵
  PID:3584
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service
    3⤵
    PID:3440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB /grant everyone:(f)
  2⤵
  PID:3192
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
    3⤵
    PID:4212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files /grant everyone:(f)
  2⤵
  PID:4572
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
    3⤵
    PID:4968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules /grant everyone:(f)
  2⤵
  PID:4328
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
    3⤵
    PID:4920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts /grant everyone:(f)
  2⤵
  PID:4828
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
    3⤵
    PID:208
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State /grant everyone:(f)
  2⤵
  PID:4320
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State
    3⤵
    PID:1356
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions /grant everyone:(f)
  2⤵
  PID:4356
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions
    3⤵
    PID:32
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi /grant everyone:(f)
  2⤵
  PID:4760
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    3⤵
    PID:432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0 /grant everyone:(f)
  2⤵
  PID:3808
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0
    3⤵
    PID:4764
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales /grant everyone:(f)
  2⤵
  PID:4952
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales
    3⤵
    PID:4804
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\af && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\af /grant everyone:(f)
  2⤵
  PID:3060
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\af
    3⤵
    PID:2872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\am && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\am /grant everyone:(f)
  2⤵
  PID:3176
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\am
    3⤵
    PID:2580
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ar && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ar /grant everyone:(f)
  2⤵
  PID:1140
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ar
    3⤵
    PID:3820
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\az && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\az /grant everyone:(f)
  2⤵
  PID:4224
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\az
    3⤵
    PID:1400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\be && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\be /grant everyone:(f)
  2⤵
  PID:4960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\be
    3⤵
    PID:3824
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bg && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bg /grant everyone:(f)
  2⤵
  PID:4660
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bg
    3⤵
    PID:4788
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bn && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bn /grant everyone:(f)
  2⤵
  PID:620
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bn
    3⤵
    PID:1472
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ca && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ca /grant everyone:(f)
  2⤵
  PID:4632
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ca
    3⤵
    PID:4636
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cs && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cs /grant everyone:(f)
  2⤵
  PID:2420
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cs
    3⤵
    PID:3012
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cy && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cy /grant everyone:(f)
  2⤵
  PID:3236
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cy
    3⤵
    PID:2736
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\da && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\da /grant everyone:(f)
  2⤵
  PID:3928
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\da
    3⤵
    - Possible privilege escalation attempt
    PID:4248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\de && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\de /grant everyone:(f)
  2⤵
  PID:2572
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\de
    3⤵
    PID:3888
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\el && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\el /grant everyone:(f)
  2⤵
  PID:2040
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\el
    3⤵
    PID:1368
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en /grant everyone:(f)
  2⤵
  PID:3460
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en
    3⤵
    PID:4188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_CA && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_CA /grant everyone:(f)
  2⤵
  PID:2344
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_CA
    3⤵
    PID:2096
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_GB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_GB /grant everyone:(f)
  2⤵
  PID:2104
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_GB
    3⤵
    PID:2560
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_US && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_US /grant everyone:(f)
  2⤵
  PID:4972
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_US
    3⤵
    PID:1084
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es /grant everyone:(f)
  2⤵
  PID:3092
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es
    3⤵
    - Modifies file permissions
    PID:1756
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es_419 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es_419 /grant everyone:(f)
  2⤵
  PID:3596
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es_419
    3⤵
    PID:1584
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\et && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\et /grant everyone:(f)
  2⤵
  PID:4336
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\et
    3⤵
    PID:4984
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\eu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\eu /grant everyone:(f)
  2⤵
  PID:1992
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\eu
    3⤵
    PID:3380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fa && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fa /grant everyone:(f)
  2⤵
  PID:4920
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fa
    3⤵
    - Possible privilege escalation attempt
    PID:2468
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fi /grant everyone:(f)
  2⤵
  PID:4696
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fi
    3⤵
    PID:2852
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fil && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fil /grant everyone:(f)
  2⤵
  PID:368
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fil
    3⤵
    PID:4432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr /grant everyone:(f)
  2⤵
  PID:2288
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr
    3⤵
    PID:4948
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr_CA && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr_CA /grant everyone:(f)
  2⤵
  PID:5028
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr_CA
    3⤵
    PID:4108
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gl /grant everyone:(f)
  2⤵
  PID:2876
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gl
    3⤵
    PID:3516
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gu /grant everyone:(f)
  2⤵
  PID:4184
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gu
    3⤵
    PID:3976
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hi /grant everyone:(f)
  2⤵
  PID:3060
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hi
    3⤵
    PID:3352
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hr /grant everyone:(f)
  2⤵
  PID:4368
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hr
    3⤵
    PID:2400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hu /grant everyone:(f)
  2⤵
  PID:4608
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hu
    3⤵
    PID:796
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hy && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hy /grant everyone:(f)
  2⤵
  PID:2780
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hy
    3⤵
    PID:3964
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\id && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\id /grant everyone:(f)
  2⤵
  PID:4480
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\id
    3⤵
    PID:3224
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\is && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\is /grant everyone:(f)
  2⤵
  PID:4928
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\is
    3⤵
    PID:3980
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\it && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\it /grant everyone:(f)
  2⤵
  PID:3660
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\it
    3⤵
    PID:3684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\iw && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\iw /grant everyone:(f)
  2⤵
  PID:2180
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\iw
    3⤵
    PID:4004
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ja && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ja /grant everyone:(f)
  2⤵
  PID:3376
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ja
    3⤵
    PID:4552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ka && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ka /grant everyone:(f)
  2⤵
  PID:516
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ka
    3⤵
    PID:5112
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kk /grant everyone:(f)
  2⤵
  PID:4540
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kk
    3⤵
    PID:4548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\km && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\km /grant everyone:(f)
  2⤵
  PID:2332
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\km
    3⤵
    PID:1804
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kn && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kn /grant everyone:(f)
  2⤵
  PID:3180
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kn
    3⤵
    PID:1708
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ko && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ko /grant everyone:(f)
  2⤵
  PID:4944
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ko
    3⤵
    PID:1184
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lo && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lo /grant everyone:(f)
  2⤵
  PID:2320
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lo
    3⤵
    PID:2284
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lt && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lt /grant everyone:(f)
  2⤵
  PID:3620
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lt
    3⤵
    PID:1364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lv && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lv /grant everyone:(f)
  2⤵
  PID:1048
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lv
    3⤵
    PID:1044
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ml && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ml /grant everyone:(f)
  2⤵
  PID:4340
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ml
    3⤵
    PID:2240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mn && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mn /grant everyone:(f)
  2⤵
  PID:2820
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mn
    3⤵
    PID:3384
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mr /grant everyone:(f)
  2⤵
  PID:2544
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mr
    3⤵
    PID:1096
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ms && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ms /grant everyone:(f)
  2⤵
  PID:5084
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ms
    3⤵
    PID:1648
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\my && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\my /grant everyone:(f)
  2⤵
  PID:224
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\my
    3⤵
    PID:2836
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ne && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ne /grant everyone:(f)
  2⤵
  PID:1156
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ne
    3⤵
    PID:4764
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\nl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\nl /grant everyone:(f)
  2⤵
  PID:4072
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\nl
    3⤵
    PID:4952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\no && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\no /grant everyone:(f)
  2⤵
  PID:3976
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\no
    3⤵
    PID:4300
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pa && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pa /grant everyone:(f)
  2⤵
  PID:1888
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pa
    3⤵
    PID:2612
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pl /grant everyone:(f)
  2⤵
  PID:3144
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pl
    3⤵
    PID:1204
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_BR && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_BR /grant everyone:(f)
  2⤵
  PID:3140
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_BR
    3⤵
    PID:4668
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_PT && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_PT /grant everyone:(f)
  2⤵
  PID:4840
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_PT
    3⤵
    PID:2324
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ro && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ro /grant everyone:(f)
  2⤵
  PID:3224
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ro
    3⤵
    PID:216
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ru && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ru /grant everyone:(f)
  2⤵
  PID:4784
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ru
    3⤵
    PID:2456
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\si && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\si /grant everyone:(f)
  2⤵
  PID:3852
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\si
    3⤵
    PID:2848
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sk /grant everyone:(f)
  2⤵
  PID:4080
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sk
    3⤵
    - Modifies file permissions
    PID:4876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sl /grant everyone:(f)
  2⤵
  PID:1016
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sl
    3⤵
    PID:3928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sr /grant everyone:(f)
  2⤵
  PID:1596
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sr
    3⤵
    PID:2576
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sv && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sv /grant everyone:(f)
  2⤵
  PID:3032
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sv
    3⤵
    PID:3452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sw && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sw /grant everyone:(f)
  2⤵
  PID:1368
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sw
    3⤵
    PID:2340
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ta && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ta /grant everyone:(f)
  2⤵
  PID:4640
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ta
    3⤵
    PID:3780
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\te && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\te /grant everyone:(f)
  2⤵
  PID:2344
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\te
    3⤵
    PID:1548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\th && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\th /grant everyone:(f)
  2⤵
  PID:1484
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\th
    3⤵
    PID:1364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\tr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\tr /grant everyone:(f)
  2⤵
  PID:3644
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\tr
    3⤵
    - Possible privilege escalation attempt
    PID:1516
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\uk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\uk /grant everyone:(f)
  2⤵
  PID:2996
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\uk
    3⤵
    PID:3540
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ur && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ur /grant everyone:(f)
  2⤵
  PID:4348
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ur
    3⤵
    PID:2980
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\vi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\vi /grant everyone:(f)
  2⤵
  PID:4328
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\vi
    3⤵
    PID:2544
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_CN && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_CN /grant everyone:(f)
  2⤵
  PID:1944
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_CN
    3⤵
    PID:3080
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_HK && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_HK /grant everyone:(f)
  2⤵
  PID:3624
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_HK
    3⤵
    PID:4684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_TW && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_TW /grant everyone:(f)
  2⤵
  PID:2152
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_TW
    3⤵
    PID:4160
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zu /grant everyone:(f)
  2⤵
  PID:3516
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zu
    3⤵
    PID:3932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_metadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_metadata /grant everyone:(f)
  2⤵
  PID:3172
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_metadata
    3⤵
    - Possible privilege escalation attempt
    PID:3960
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda /grant everyone:(f)
  2⤵
  PID:2612
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    3⤵
    PID:2148
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 /grant everyone:(f)
  2⤵
  PID:3176
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0
    3⤵
    PID:340
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css /grant everyone:(f)
  2⤵
  PID:4668
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css
    3⤵
    PID:3212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html /grant everyone:(f)
  2⤵
  PID:3964
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html
    3⤵
    PID:4976
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images /grant everyone:(f)
  2⤵
  PID:2924
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images
    3⤵
    PID:4812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales /grant everyone:(f)
  2⤵
  PID:692
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales
    3⤵
    PID:2420
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg /grant everyone:(f)
  2⤵
  PID:636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg
    3⤵
    PID:2180
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca /grant everyone:(f)
  2⤵
  PID:3168
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca
    3⤵
    PID:1836
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs /grant everyone:(f)
  2⤵
  PID:2736
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs
    3⤵
    PID:2396
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da /grant everyone:(f)
  2⤵
  PID:1844
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da
    3⤵
    PID:972
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de /grant everyone:(f)
  2⤵
  PID:960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de
    3⤵
    PID:3220
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el /grant everyone:(f)
  2⤵
  PID:4868
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el
    3⤵
    PID:4116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en /grant everyone:(f)
  2⤵
  PID:1376
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en
    3⤵
    PID:4492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB /grant everyone:(f)
  2⤵
  PID:1184
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB
    3⤵
    PID:4856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es /grant everyone:(f)
  2⤵
  PID:4816
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es
    3⤵
    PID:3664
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 /grant everyone:(f)
  2⤵
  PID:3612
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419
    3⤵
    PID:2996
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et /grant everyone:(f)
  2⤵
  PID:3540
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et
    3⤵
    PID:4348
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi /grant everyone:(f)
  2⤵
  PID:2980
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi
    3⤵
    PID:4992
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil /grant everyone:(f)
  2⤵
  PID:3008
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil
    3⤵
    PID:1944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr /grant everyone:(f)
  2⤵
  PID:3080
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr
    3⤵
    PID:4700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi /grant everyone:(f)
  2⤵
  PID:32
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi
    3⤵
    PID:4388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr /grant everyone:(f)
  2⤵
  PID:2524
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr
    3⤵
    PID:2876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu /grant everyone:(f)
  2⤵
  PID:2140
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu
    3⤵
    PID:1388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id /grant everyone:(f)
  2⤵
  PID:468
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id
    3⤵
    PID:1140
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it /grant everyone:(f)
  2⤵
  PID:3832
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it
    3⤵
    PID:4368
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja /grant everyone:(f)
  2⤵
  PID:4064
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja
    3⤵
    PID:1644
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko /grant everyone:(f)
  2⤵
  PID:2316
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko
    3⤵
    PID:1220
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt /grant everyone:(f)
  2⤵
  PID:2780
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt
    3⤵
    PID:872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv /grant everyone:(f)
  2⤵
  PID:4380
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv
    3⤵
    PID:2420
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb /grant everyone:(f)
  2⤵
  PID:2456
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb
    3⤵
    PID:4080
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl /grant everyone:(f)
  2⤵
  PID:1816
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl
    3⤵
    PID:1016
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl /grant everyone:(f)
  2⤵
  PID:3376
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl
    3⤵
    PID:876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR /grant everyone:(f)
  2⤵
  PID:4940
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR
    3⤵
    PID:4548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT /grant everyone:(f)
  2⤵
  PID:1844
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT
    3⤵
    PID:2492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro /grant everyone:(f)
  2⤵
  PID:4980
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro
    3⤵
    PID:4640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru /grant everyone:(f)
  2⤵
  PID:3592
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru
    3⤵
    PID:4400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk /grant everyone:(f)
  2⤵
  PID:544
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk
    3⤵
    PID:3480
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl /grant everyone:(f)
  2⤵
  PID:3052
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl
    3⤵
    PID:3620
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr /grant everyone:(f)
  2⤵
  PID:1044
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr
    3⤵
    PID:4344
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv /grant everyone:(f)
  2⤵
  PID:2608
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv
    3⤵
    PID:3380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th /grant everyone:(f)
  2⤵
  PID:1832
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th
    3⤵
    PID:4696
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr /grant everyone:(f)
  2⤵
  PID:4320
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr
    3⤵
    PID:3692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk /grant everyone:(f)
  2⤵
  PID:4432
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk
    3⤵
    PID:2288
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi /grant everyone:(f)
  2⤵
  PID:4248
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi
    3⤵
    PID:1156
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN /grant everyone:(f)
  2⤵
  PID:5096
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN
    3⤵
    - Possible privilege escalation attempt
    PID:3932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW /grant everyone:(f)
  2⤵
  PID:112
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW
    3⤵
    PID:2380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata /grant everyone:(f)
  2⤵
  PID:2692
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata
    3⤵
    PID:2872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp /grant everyone:(f)
  2⤵
  PID:3272
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp
    3⤵
    PID:3188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker /grant everyone:(f)
  2⤵
  PID:4840
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
    3⤵
    PID:4176
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB /grant everyone:(f)
  2⤵
  PID:2864
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
    3⤵
    PID:4872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB /grant everyone:(f)
  2⤵
  PID:4424
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
    3⤵
    PID:4812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store /grant everyone:(f)
  2⤵
  PID:1472
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store
    3⤵
    PID:4460
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption /grant everyone:(f)
  2⤵
  PID:3580
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
    3⤵
    PID:1016
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache /grant everyone:(f)
  2⤵
  PID:1104
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache
    3⤵
    - Possible privilege escalation attempt
    PID:876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings /grant everyone:(f)
  2⤵
  PID:1676
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
    3⤵
    PID:4548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi /grant everyone:(f)
  2⤵
  PID:1976
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    3⤵
    PID:4188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage /grant everyone:(f)
  2⤵
  PID:3428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage
    3⤵
    PID:4616
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb /grant everyone:(f)
  2⤵
  PID:2096
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
    3⤵
    PID:2984
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network /grant everyone:(f)
  2⤵
  PID:2560
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network
    3⤵
    PID:1184
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store /grant everyone:(f)
  2⤵
  PID:1084
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
    3⤵
    PID:2712
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db /grant everyone:(f)
  2⤵
  PID:5048
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db
    3⤵
    PID:3668
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials /grant everyone:(f)
  2⤵
  PID:1632
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
    3⤵
    PID:4328
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network /grant everyone:(f)
  2⤵
  PID:852
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network
    3⤵
    PID:1356
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform /grant everyone:(f)
  2⤵
  PID:4992
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
    3⤵
    - Possible privilege escalation attempt
    PID:1392
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB /grant everyone:(f)
  2⤵
  PID:5084
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
    3⤵
    PID:2152
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB /grant everyone:(f)
  2⤵
  PID:5028
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
    3⤵
    PID:4256
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB /grant everyone:(f)
  2⤵
  PID:4488
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
    3⤵
    PID:2380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker /grant everyone:(f)
  2⤵
  PID:4300
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker
    3⤵
    PID:4960
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database /grant everyone:(f)
  2⤵
  PID:3832
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database
    3⤵
    PID:1640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache /grant everyone:(f)
  2⤵
  PID:4308
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache
    3⤵
    PID:5088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir /grant everyone:(f)
  2⤵
  PID:2060
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir
    3⤵
    PID:3360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage /grant everyone:(f)
  2⤵
  PID:4000
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage
    3⤵
    PID:4056
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions /grant everyone:(f)
  2⤵
  PID:2924
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions
    3⤵
    - Modifies file permissions
    PID:3112
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary /grant everyone:(f)
  2⤵
  PID:1012
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary
    3⤵
    PID:3088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache /grant everyone:(f)
  2⤵
  PID:1224
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache
    3⤵
    PID:3236
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir /grant everyone:(f)
  2⤵
  PID:3376
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir
    3⤵
    PID:3388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db /grant everyone:(f)
  2⤵
  PID:2496
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
    3⤵
    PID:4048
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata /grant everyone:(f)
  2⤵
  PID:2492
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
    3⤵
    PID:4640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database /grant everyone:(f)
  2⤵
  PID:3460
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
    3⤵
    PID:4868
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage /grant everyone:(f)
  2⤵
  PID:2344
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage
    3⤵
    PID:4836
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext /grant everyone:(f)
  2⤵
  PID:1708
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
    3⤵
    PID:4212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda /grant everyone:(f)
  2⤵
  PID:1992
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
    3⤵
    PID:3596
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def /grant everyone:(f)
  2⤵
  PID:1044
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
    3⤵
    PID:3540
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache /grant everyone:(f)
  2⤵
  PID:3384
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
    3⤵
    PID:3128
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data /grant everyone:(f)
  2⤵
  PID:4356
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
    3⤵
    PID:1356
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache /grant everyone:(f)
  2⤵
  PID:3348
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
    3⤵
    PID:1952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js /grant everyone:(f)
  2⤵
  PID:4432
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
    3⤵
    PID:1648
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir /grant everyone:(f)
  2⤵
  PID:4700
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
    3⤵
    PID:2208
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm /grant everyone:(f)
  2⤵
  PID:4256
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
    3⤵
    PID:4952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir /grant everyone:(f)
  2⤵
  PID:5096
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
    3⤵
    PID:4300
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache /grant everyone:(f)
  2⤵
  PID:4960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
    3⤵
    PID:3832
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache /grant everyone:(f)
  2⤵
  PID:1640
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
    3⤵
    PID:4308
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage /grant everyone:(f)
  2⤵
  PID:5088
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
    3⤵
    PID:2060
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb /grant everyone:(f)
  2⤵
  PID:3360
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
    3⤵
    PID:4820
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network /grant everyone:(f)
  2⤵
  PID:2780
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
    3⤵
    PID:4784
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage /grant everyone:(f)
  2⤵
  PID:4604
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
    3⤵
    PID:3204
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary /grant everyone:(f)
  2⤵
  PID:4468
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary
    3⤵
    PID:1224
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache /grant everyone:(f)
  2⤵
  PID:1104
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache
    3⤵
    PID:2736
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache\index-dir /grant everyone:(f)
  2⤵
  PID:4540
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache\index-dir
    3⤵
    PID:936
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data /grant everyone:(f)
  2⤵
  PID:960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data
    3⤵
    PID:1976
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB /grant everyone:(f)
  2⤵
  PID:3428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
    3⤵
    PID:4132
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications /grant everyone:(f)
  2⤵
  PID:2096
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications
    3⤵
    PID:1468
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources /grant everyone:(f)
  2⤵
  PID:3180
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
    3⤵
    PID:2104
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak /grant everyone:(f)
  2⤵
  PID:3820
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak
    3⤵
    PID:1480
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons /grant everyone:(f)
  2⤵
  PID:3524
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons
    3⤵
    PID:2372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable /grant everyone:(f)
  2⤵
  PID:3540
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable
    3⤵
    PID:2436
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:3128
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome
    3⤵
    PID:4588
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml /grant everyone:(f)
  2⤵
  PID:4472
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml
    3⤵
    PID:368
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons /grant everyone:(f)
  2⤵
  PID:704
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons
    3⤵
    PID:4220
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable /grant everyone:(f)
  2⤵
  PID:2512
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable
    3⤵
    PID:5028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:4700
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome
    3⤵
    PID:1388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf /grant everyone:(f)
  2⤵
  PID:3960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf
    3⤵
    PID:340
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons /grant everyone:(f)
  2⤵
  PID:764
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons
    3⤵
    PID:4960
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable /grant everyone:(f)
  2⤵
  PID:2872
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable
    3⤵
    PID:1640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:1400
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome
    3⤵
    PID:2204
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm /grant everyone:(f)
  2⤵
  PID:4976
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm
    3⤵
    PID:3360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons /grant everyone:(f)
  2⤵
  PID:4820
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons
    3⤵
    PID:2780
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable /grant everyone:(f)
  2⤵
  PID:4484
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable
    3⤵
    PID:4552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:1596
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome
    3⤵
    PID:4412
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag /grant everyone:(f)
  2⤵
  PID:2576
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag
    3⤵
    PID:3032
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons /grant everyone:(f)
  2⤵
  PID:1280
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons
    3⤵
    PID:4188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable /grant everyone:(f)
  2⤵
  PID:1844
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable
    3⤵
    PID:2404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:2408
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome
    3⤵
    PID:452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb /grant everyone:(f)
  2⤵
  PID:2340
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb
    3⤵
    PID:3416
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons /grant everyone:(f)
  2⤵
  PID:2712
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons
    3⤵
    PID:1744
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable /grant everyone:(f)
  2⤵
  PID:1524
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable
    3⤵
    PID:3596
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:1096
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome
    3⤵
    PID:3512
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp /grant everyone:(f)
  2⤵
  PID:2696
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp
    3⤵
    PID:1832
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage /grant everyone:(f)
  2⤵
  PID:2636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage
    3⤵
    PID:1356
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies /grant everyone:(f)
  2⤵
  PID:4880
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies
    3⤵
    PID:2980
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded /grant everyone:(f)
  2⤵
  PID:2732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded
    3⤵
    PID:432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache /grant everyone:(f)
  2⤵
  PID:396
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache
    3⤵
    PID:224
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache /grant everyone:(f)
  2⤵
  PID:4760
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache
    3⤵
    PID:4700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data /grant everyone:(f)
  2⤵
  PID:1388
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data
    3⤵
    PID:4996
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm /grant everyone:(f)
  2⤵
  PID:3960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm
    3⤵
    PID:764
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64 /grant everyone:(f)
  2⤵
  PID:4960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64
    3⤵
    PID:2156
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload /grant everyone:(f)
  2⤵
  PID:2872
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload
    3⤵
    PID:872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel /grant everyone:(f)
  2⤵
  PID:1892
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel
    3⤵
    PID:1620
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints /grant everyone:(f)
  2⤵
  PID:3012
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints
    3⤵
    PID:2180
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials /grant everyone:(f)
  2⤵
  PID:4784
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials
    3⤵
    PID:3432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata /grant everyone:(f)
  2⤵
  PID:1816
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata
    3⤵
    PID:920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PrivacySandboxAttestationsPreloaded && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PrivacySandboxAttestationsPreloaded /grant everyone:(f)
  2⤵
  PID:1224
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PrivacySandboxAttestationsPreloaded
    3⤵
    - Possible privilege escalation attempt
    PID:3236
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved /grant everyone:(f)
  2⤵
  PID:2572
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved
    3⤵
    PID:996
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips /grant everyone:(f)
  2⤵
  PID:2496
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips
    3⤵
    PID:1368
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform /grant everyone:(f)
  2⤵
  PID:4952
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform
    3⤵
    PID:1636
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache /grant everyone:(f)
  2⤵
  PID:3428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache
    3⤵
    - Possible privilege escalation attempt
    PID:3664
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant /grant everyone:(f)
  2⤵
  PID:4856
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant
    3⤵
    PID:1244
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter /grant everyone:(f)
  2⤵
  PID:1048
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter
    3⤵
    PID:1788
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules /grant everyone:(f)
  2⤵
  PID:1540
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules
    3⤵
    PID:3620
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 /grant everyone:(f)
  2⤵
  PID:3524
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64
    3⤵
    PID:5048
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TpcdMetadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TpcdMetadata /grant everyone:(f)
  2⤵
  PID:2820
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TpcdMetadata
    3⤵
    PID:2996
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments /grant everyone:(f)
  2⤵
  PID:2636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments
    3⤵
    PID:3692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm /grant everyone:(f)
  2⤵
  PID:2544
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm
    3⤵
    PID:704
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData /grant everyone:(f)
  2⤵
  PID:1156
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData
    3⤵
    PID:2028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History && icacls C:\Users\Admin\AppData\Local\History /grant everyone:(f)
  2⤵
  PID:4232
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\History
    3⤵
    PID:1824
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\History /grant everyone:(f)
    3⤵
    PID:4184
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\History.IE5 && icacls C:\Users\Admin\AppData\Local\History\History.IE5 /grant everyone:(f)
  2⤵
  PID:4372
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\History\History.IE5
    3⤵
    PID:4224
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\History\History.IE5 /grant everyone:(f)
    3⤵
    PID:3492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024080220240803 && icacls C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024080220240803 /grant everyone:(f)
  2⤵
  PID:1076
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024080220240803
    3⤵
    PID:4824
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024080220240803 /grant everyone:(f)
    3⤵
    PID:2136
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\Low && icacls C:\Users\Admin\AppData\Local\History\Low /grant everyone:(f)
  2⤵
  PID:1712
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\History\Low
    3⤵
    PID:620
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\History\Low /grant everyone:(f)
    3⤵
    PID:3964
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft && icacls C:\Users\Admin\AppData\Local\Microsoft /grant everyone:(f)
  2⤵
  PID:1688
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft
    3⤵
    - Modifies file permissions
    PID:2864
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft /grant everyone:(f)
    3⤵
    PID:3980
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0 && icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0 /grant everyone:(f)
  2⤵
  PID:3224
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0
    3⤵
    PID:3012
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0 /grant everyone:(f)
    3⤵
    PID:4608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs && icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs /grant everyone:(f)
  2⤵
  PID:4632
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs
    3⤵
    PID:4460
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:2064
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32 && icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32 /grant everyone:(f)
  2⤵
  PID:4468
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32
    3⤵
    PID:740
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32 /grant everyone:(f)
    3⤵
    PID:4548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs && icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs /grant everyone:(f)
  2⤵
  PID:2684
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs
    3⤵
    PID:1676
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs /grant everyone:(f)
    3⤵
    PID:4188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Credentials && icacls C:\Users\Admin\AppData\Local\Microsoft\Credentials /grant everyone:(f)
  2⤵
  PID:936
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Credentials
    3⤵
    PID:4640
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\Credentials /grant everyone:(f)
    3⤵
    PID:2492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge /grant everyone:(f)
  2⤵
  PID:4252
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge
    3⤵
    - Possible privilege escalation attempt
    PID:3528
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\Edge /grant everyone:(f)
    3⤵
    PID:3060
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data /grant everyone:(f)
  2⤵
  PID:3920
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data
    3⤵
    PID:4520
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics /grant everyone:(f)
  2⤵
  PID:2104
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics
    3⤵
    PID:4856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation /grant everyone:(f)
  2⤵
  PID:1364
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation
    3⤵
    - Possible privilege escalation attempt
    PID:2120
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad /grant everyone:(f)
  2⤵
  PID:1132
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad
    3⤵
    PID:4816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports /grant everyone:(f)
  2⤵
  PID:3476
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports
    3⤵
    PID:3524
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default /grant everyone:(f)
  2⤵
  PID:1572
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default
    3⤵
    PID:2820
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage /grant everyone:(f)
  2⤵
  PID:2608
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage
    3⤵
    - Modifies file permissions
    PID:368
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\8b3e75f8-06e0-4050-9999-73e880e1a8a3 && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\8b3e75f8-06e0-4050-9999-73e880e1a8a3 /grant everyone:(f)
  2⤵
  PID:4696
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\8b3e75f8-06e0-4050-9999-73e880e1a8a3
    3⤵
    PID:2956
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache /grant everyone:(f)
  2⤵
  PID:3348
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache
    3⤵
    PID:2512
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache /grant everyone:(f)
  2⤵
  PID:4652
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache
    3⤵
    PID:4700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js /grant everyone:(f)
  2⤵
  PID:4752
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js
    3⤵
    PID:2148
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir /grant everyone:(f)
  2⤵
  PID:112
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir
    3⤵
    PID:1488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm /grant everyone:(f)
  2⤵
  PID:2316
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm
    3⤵
    PID:2400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir /grant everyone:(f)
  2⤵
  PID:3824
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir
    3⤵
    PID:1400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb /grant everyone:(f)
  2⤵
  PID:1712
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb
    3⤵
    PID:216
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State /grant everyone:(f)
  2⤵
  PID:2304
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State
    3⤵
    PID:3684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache /grant everyone:(f)
  2⤵
  PID:4608
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache
    3⤵
    PID:3432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage /grant everyone:(f)
  2⤵
  PID:4876
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage
    3⤵
    PID:1596
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb /grant everyone:(f)
  2⤵
  PID:4528
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb
    3⤵
    PID:3088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage /grant everyone:(f)
  2⤵
  PID:3032
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage
    3⤵
    PID:2684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions /grant everyone:(f)
  2⤵
  PID:1224
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions
    3⤵
    PID:3780
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db /grant everyone:(f)
  2⤵
  PID:2332
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db
    3⤵
    PID:4128
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata /grant everyone:(f)
  2⤵
  PID:960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata
    3⤵
    PID:3920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database /grant everyone:(f)
  2⤵
  PID:4400
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database
    3⤵
    PID:4972
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data /grant everyone:(f)
  2⤵
  PID:1524
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data
    3⤵
    PID:4896
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB /grant everyone:(f)
  2⤵
  PID:1084
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB
    3⤵
    PID:1096
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping /grant everyone:(f)
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:804
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping
    3⤵
    PID:4328
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache /grant everyone:(f)
  2⤵
  PID:3384
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache
    3⤵
    - Possible privilege escalation attempt
    PID:4556
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache /grant everyone:(f)
  2⤵
  PID:1564
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache
    3⤵
    PID:2432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials /grant everyone:(f)
  2⤵
  PID:2956
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials
    3⤵
    - Modifies file permissions
    PID:2836
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved /grant everyone:(f)
  2⤵
  PID:876
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved
    3⤵
    PID:2816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing /grant everyone:(f)
  2⤵
  PID:4256
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing
    3⤵
    PID:3212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache /grant everyone:(f)
  2⤵
  PID:4184
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache
    3⤵
    PID:5096
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache /grant everyone:(f)
  2⤵
  PID:1204
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache
    3⤵
    PID:3960
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen /grant everyone:(f)
  2⤵
  PID:1220
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen
    3⤵
    PID:3964
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local /grant everyone:(f)
  2⤵
  PID:2872
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local
    3⤵
    PID:3360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition /grant everyone:(f)
  2⤵
  PID:2060
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition
    3⤵
    PID:1064
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter /grant everyone:(f)
  2⤵
  PID:872
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter
    3⤵
    PID:1012
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules /grant everyone:(f)
  2⤵
  PID:2420
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules
    3⤵
    PID:4844
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists /grant everyone:(f)
  2⤵
  PID:3580
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists
    3⤵
    PID:4004
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WidevineCdm && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WidevineCdm /grant everyone:(f)
  2⤵
  PID:4180
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WidevineCdm
    3⤵
    PID:3928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData /grant everyone:(f)
  2⤵
  PID:3956
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData
    3⤵
    PID:936
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds /grant everyone:(f)
  2⤵
  PID:1880
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds
    3⤵
    PID:756
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds /grant everyone:(f)
    3⤵
    PID:3452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache /grant everyone:(f)
  2⤵
  PID:4132
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache
    3⤵
    PID:4924
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\GameDVR && icacls C:\Users\Admin\AppData\Local\Microsoft\GameDVR /grant everyone:(f)
  2⤵
  PID:3428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\GameDVR
    3⤵
    PID:3416
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\GameDVR /grant everyone:(f)
    3⤵
    PID:4856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input && icacls C:\Users\Admin\AppData\Local\Microsoft\input /grant everyone:(f)
  2⤵
  PID:1788
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input
    3⤵
    PID:1548
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input /grant everyone:(f)
    3⤵
    PID:3092
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA /grant everyone:(f)
  2⤵
  PID:1096
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA
    3⤵
    PID:4324
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA /grant everyone:(f)
    3⤵
    PID:1516
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE /grant everyone:(f)
  2⤵
  PID:1044
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE
    3⤵
    PID:4588
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE /grant everyone:(f)
    3⤵
    PID:3380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH /grant everyone:(f)
  2⤵
  PID:1572
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH
    3⤵
    PID:1648
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH /grant everyone:(f)
    3⤵
    PID:3192
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ /grant everyone:(f)
  2⤵
  PID:4880
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ
    3⤵
    PID:3692
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ /grant everyone:(f)
    3⤵
    - Possible privilege escalation attempt
    PID:2732
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG /grant everyone:(f)
  2⤵
  PID:4684
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG
    3⤵
    PID:2040
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG /grant everyone:(f)
    3⤵
    PID:5028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ /grant everyone:(f)
  2⤵
  PID:340
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ
    3⤵
    PID:404
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ /grant everyone:(f)
    3⤵
    PID:112
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO /grant everyone:(f)
  2⤵
  PID:3876
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO
    3⤵
    PID:1644
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO /grant everyone:(f)
    3⤵
    PID:1076
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW /grant everyone:(f)
  2⤵
  PID:2580
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW
    3⤵
    PID:4840
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW /grant everyone:(f)
    3⤵
    PID:4960
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB /grant everyone:(f)
  2⤵
  PID:5088
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB
    3⤵
    PID:4056
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB /grant everyone:(f)
    3⤵
    PID:3360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY /grant everyone:(f)
  2⤵
  PID:4900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY
    3⤵
    PID:4928
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY /grant everyone:(f)
    3⤵
    PID:4820
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA /grant everyone:(f)
  2⤵
  PID:4460
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA
    3⤵
    PID:4604
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA /grant everyone:(f)
    3⤵
    PID:920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM /grant everyone:(f)
  2⤵
  PID:1472
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM
    3⤵
    PID:2576
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM /grant everyone:(f)
    3⤵
    PID:4552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA /grant everyone:(f)
  2⤵
  PID:516
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA
    3⤵
    PID:4180
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA /grant everyone:(f)
    3⤵
    PID:1104
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA /grant everyone:(f)
  2⤵
  PID:3388
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA
    3⤵
    PID:1680
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA /grant everyone:(f)
    3⤵
    PID:2404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY /grant everyone:(f)
  2⤵
  PID:468
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY
    3⤵
    PID:4868
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY /grant everyone:(f)
    3⤵
    PID:1860
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN /grant everyone:(f)
  2⤵
  PID:1556
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN
    3⤵
    PID:1484
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN /grant everyone:(f)
    3⤵
    PID:812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE /grant everyone:(f)
  2⤵
  PID:2020
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE
    3⤵
    PID:1948
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE /grant everyone:(f)
    3⤵
    - Possible privilege escalation attempt
    PID:1548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ /grant everyone:(f)
  2⤵
  PID:3952
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ
    3⤵
    PID:3612
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ /grant everyone:(f)
    3⤵
    PID:4324
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG && icacls C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG /grant everyone:(f)
  2⤵
  PID:2372
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG
    3⤵
    PID:4992
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG /grant everyone:(f)
    3⤵
    PID:3168
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD && icacls C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD /grant everyone:(f)
  2⤵
  PID:3604
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD
    3⤵
    PID:4472
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD /grant everyone:(f)
    3⤵
    PID:208
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES /grant everyone:(f)
  2⤵
  PID:2608
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES
    3⤵
    - Modifies file permissions
    PID:4828
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES /grant everyone:(f)
    3⤵
    PID:3692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ /grant everyone:(f)
  2⤵
  PID:2432
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ
    3⤵
    PID:2980
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ /grant everyone:(f)
    3⤵
    PID:1140
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\da-DK && icacls C:\Users\Admin\AppData\Local\Microsoft\input\da-DK /grant everyone:(f)
  2⤵
  PID:3348
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\da-DK
    3⤵
    PID:1504
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\da-DK /grant everyone:(f)
    3⤵
    PID:3492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-AT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-AT /grant everyone:(f)
  2⤵
  PID:4996
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-AT
    3⤵
    PID:1644
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-AT /grant everyone:(f)
    3⤵
    PID:1388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-CH && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-CH /grant everyone:(f)
  2⤵
  PID:5096
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-CH
    3⤵
    PID:4308
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-CH /grant everyone:(f)
    3⤵
    PID:620
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-DE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-DE /grant everyone:(f)
  2⤵
  PID:2580
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-DE
    3⤵
    PID:4056
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-DE /grant everyone:(f)
    3⤵
    PID:3360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-LI && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-LI /grant everyone:(f)
  2⤵
  PID:796
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-LI
    3⤵
    PID:3224
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-LI /grant everyone:(f)
    3⤵
    PID:1012
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-LU && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-LU /grant everyone:(f)
  2⤵
  PID:1064
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-LU
    3⤵
    PID:3852
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-LU /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:4784
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\el-GR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\el-GR /grant everyone:(f)
  2⤵
  PID:3432
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\el-GR
    3⤵
    PID:1816
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\el-GR /grant everyone:(f)
    3⤵
    PID:4528
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-029 && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-029 /grant everyone:(f)
  2⤵
  PID:1472
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-029
    3⤵
    PID:3236
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-029 /grant everyone:(f)
    3⤵
    PID:928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-AU && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-AU /grant everyone:(f)
  2⤵
  PID:4548
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-AU
    3⤵
    PID:1680
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-AU /grant everyone:(f)
    3⤵
    PID:1372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ /grant everyone:(f)
  2⤵
  PID:4596
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ
    3⤵
    PID:4640
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ /grant everyone:(f)
    3⤵
    PID:1576
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-CA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-CA /grant everyone:(f)
  2⤵
  PID:468
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-CA
    3⤵
    PID:2408
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-CA /grant everyone:(f)
    3⤵
    PID:4520
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-GB && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-GB /grant everyone:(f)
  2⤵
  PID:4808
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-GB
    3⤵
    PID:3460
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-GB /grant everyone:(f)
    3⤵
    PID:3428
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-HK && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-HK /grant everyone:(f)
  2⤵
  PID:4860
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-HK
    3⤵
    PID:3536
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-HK /grant everyone:(f)
    3⤵
    PID:1524
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ID && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ID /grant everyone:(f)
  2⤵
  PID:3612
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ID
    3⤵
    PID:1048
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ID /grant everyone:(f)
    3⤵
    PID:4944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-IE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-IE /grant everyone:(f)
  2⤵
  PID:4992
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-IE
    3⤵
    PID:3168
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-IE /grant everyone:(f)
    3⤵
    PID:1044
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-IN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-IN /grant everyone:(f)
  2⤵
  PID:4112
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-IN
    3⤵
    PID:4340
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-IN /grant everyone:(f)
    3⤵
    PID:1384
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-JM && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-JM /grant everyone:(f)
  2⤵
  PID:2732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-JM
    3⤵
    PID:2996
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-JM /grant everyone:(f)
    3⤵
    PID:3624
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-MY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-MY /grant everyone:(f)
  2⤵
  PID:5028
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-MY
    3⤵
    PID:32
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-MY /grant everyone:(f)
    3⤵
    PID:2028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ /grant everyone:(f)
  2⤵
  PID:3212
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ
    3⤵
    PID:4232
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:2968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-SG && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-SG /grant everyone:(f)
  2⤵
  PID:1488
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-SG
    3⤵
    PID:4072
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-SG /grant everyone:(f)
    3⤵
    PID:3188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-TT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-TT /grant everyone:(f)
  2⤵
  PID:2508
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-TT
    3⤵
    PID:4404
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-TT /grant everyone:(f)
    3⤵
    PID:1220
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA /grant everyone:(f)
  2⤵
  PID:4056
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA
    3⤵
    PID:4428
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA /grant everyone:(f)
    3⤵
    PID:3232
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW /grant everyone:(f)
  2⤵
  PID:3112
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW
    3⤵
    PID:1540
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW /grant everyone:(f)
    3⤵
    PID:2908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-419 && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-419 /grant everyone:(f)
  2⤵
  PID:4424
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-419
    3⤵
    PID:1688
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-419 /grant everyone:(f)
    3⤵
    PID:3088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-AR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-AR /grant everyone:(f)
  2⤵
  PID:4704
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-AR
    3⤵
    PID:3376
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-AR /grant everyone:(f)
    3⤵
    PID:1684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-BO && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-BO /grant everyone:(f)
  2⤵
  PID:4292
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-BO
    3⤵
    PID:3888
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-BO /grant everyone:(f)
    3⤵
    PID:2404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CL && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CL /grant everyone:(f)
  2⤵
  PID:2832
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CL
    3⤵
    PID:3956
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CL /grant everyone:(f)
    3⤵
    PID:4756
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CO && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CO /grant everyone:(f)
  2⤵
  PID:3060
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CO
    3⤵
    PID:960
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CO /grant everyone:(f)
    3⤵
    PID:4972
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CR /grant everyone:(f)
  2⤵
  PID:2284
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CR
    3⤵
    PID:4752
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CR /grant everyone:(f)
    3⤵
    PID:4856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-DO && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-DO /grant everyone:(f)
  2⤵
  PID:2196
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-DO
    3⤵
    PID:3428
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-DO /grant everyone:(f)
    3⤵
    PID:1548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-EC && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-EC /grant everyone:(f)
  2⤵
  PID:4524
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-EC
    3⤵
    PID:2020
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-EC /grant everyone:(f)
    3⤵
    PID:1132
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-ES && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-ES /grant everyone:(f)
  2⤵
  PID:2240
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-ES
    3⤵
    PID:1992
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-ES /grant everyone:(f)
    3⤵
    PID:3128
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-GT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-GT /grant everyone:(f)
  2⤵
  PID:4532
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-GT
    3⤵
    PID:2372
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-GT /grant everyone:(f)
    3⤵
    PID:2180
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-HN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-HN /grant everyone:(f)
  2⤵
  PID:2636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-HN
    3⤵
    PID:5048
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-HN /grant everyone:(f)
    3⤵
    PID:2956
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-MX && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-MX /grant everyone:(f)
  2⤵
  PID:4220
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-MX
    3⤵
    PID:2608
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-MX /grant everyone:(f)
    3⤵
    PID:3832
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-NI && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-NI /grant everyone:(f)
  2⤵
  PID:1140
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-NI
    3⤵
    PID:2432
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-NI /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:3756
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PA /grant everyone:(f)
  2⤵
  PID:1416
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PA
    3⤵
    PID:1504
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PA /grant everyone:(f)
    3⤵
    PID:4232
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PE /grant everyone:(f)
  2⤵
  PID:1204
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PE
    3⤵
    PID:748
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PE /grant everyone:(f)
    3⤵
    PID:3188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PR /grant everyone:(f)
  2⤵
  PID:3960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PR
    3⤵
    PID:4840
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PR /grant everyone:(f)
    3⤵
    PID:1580
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PY /grant everyone:(f)
  2⤵
  PID:2204
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PY
    3⤵
    PID:2872
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PY /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:4000
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-SV && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-SV /grant everyone:(f)
  2⤵
  PID:3764
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-SV
    3⤵
    PID:796
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-SV /grant everyone:(f)
    3⤵
    PID:3852
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-US && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-US /grant everyone:(f)
  2⤵
  PID:4632
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-US
    3⤵
    PID:816
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-US /grant everyone:(f)
    3⤵
    PID:3088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-UY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-UY /grant everyone:(f)
  2⤵
  PID:3228
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-UY
    3⤵
    PID:2420
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-UY /grant everyone:(f)
    3⤵
    PID:1684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-VE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-VE /grant everyone:(f)
  2⤵
  PID:2684
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-VE
    3⤵
    PID:4988
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-VE /grant everyone:(f)
    3⤵
    PID:4408
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\et-EE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\et-EE /grant everyone:(f)
  2⤵
  PID:4420
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\et-EE
    3⤵
    PID:4484
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\et-EE /grant everyone:(f)
    3⤵
    PID:1988
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES && icacls C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES /grant everyone:(f)
  2⤵
  PID:1368
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES
    3⤵
    PID:3060
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES /grant everyone:(f)
    3⤵
    PID:3388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR /grant everyone:(f)
  2⤵
  PID:992
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR
    3⤵
    PID:1484
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR /grant everyone:(f)
    3⤵
    PID:4856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI /grant everyone:(f)
  2⤵
  PID:1948
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI
    3⤵
    PID:1556
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI /grant everyone:(f)
    3⤵
    PID:1548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-029 && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-029 /grant everyone:(f)
  2⤵
  PID:2020
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-029
    3⤵
    PID:1788
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-029 /grant everyone:(f)
    3⤵
    PID:1832
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE /grant everyone:(f)
  2⤵
  PID:1992
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE
    3⤵
    PID:3612
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE /grant everyone:(f)
    3⤵
    PID:1044
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA /grant everyone:(f)
  2⤵
  PID:3380
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA
    3⤵
    PID:2436
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA /grant everyone:(f)
    3⤵
    PID:8
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD /grant everyone:(f)
  2⤵
  PID:1384
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD
    3⤵
    PID:5048
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD /grant everyone:(f)
    3⤵
    PID:4828
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH /grant everyone:(f)
  2⤵
  PID:2608
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH
    3⤵
    PID:3624
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH /grant everyone:(f)
    3⤵
    PID:2512
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI /grant everyone:(f)
  2⤵
  PID:2028
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI
    3⤵
    PID:4372
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI /grant everyone:(f)
    3⤵
    PID:2692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM /grant everyone:(f)
  2⤵
  PID:4256
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM
    3⤵
    PID:3348
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:764
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR /grant everyone:(f)
  2⤵
  PID:4660
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR
    3⤵
    PID:4824
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR /grant everyone:(f)
    3⤵
    PID:4064
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT /grant everyone:(f)
  2⤵
  PID:1712
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT
    3⤵
    PID:3960
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT /grant everyone:(f)
    3⤵
    PID:4840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU /grant everyone:(f)
  2⤵
  PID:1400
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU
    3⤵
    PID:4928
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU /grant everyone:(f)
    3⤵
    PID:3964
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA /grant everyone:(f)
  2⤵
  PID:216
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA
    3⤵
    PID:3012
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA /grant everyone:(f)
    3⤵
    PID:3764
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC /grant everyone:(f)
  2⤵
  PID:1012
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC
    3⤵
    PID:4424
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC /grant everyone:(f)
    3⤵
    PID:4632
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML /grant everyone:(f)
  2⤵
  PID:3728
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML
    3⤵
    PID:4180
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML /grant everyone:(f)
    3⤵
    - Possible privilege escalation attempt
    PID:4528
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE /grant everyone:(f)
  2⤵
  PID:2420
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE
    3⤵
    PID:1224
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE /grant everyone:(f)
    3⤵
    PID:3148
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN /grant everyone:(f)
  2⤵
  PID:4504
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN
    3⤵
    PID:1988
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN /grant everyone:(f)
    3⤵
    PID:1372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES && icacls C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES /grant everyone:(f)
  2⤵
  PID:1636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES
    3⤵
    PID:3528
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES /grant everyone:(f)
    3⤵
    PID:4252
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG /grant everyone:(f)
  2⤵
  PID:1844
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG
    3⤵
    PID:2344
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG /grant everyone:(f)
    3⤵
    PID:4452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\he-IL && icacls C:\Users\Admin\AppData\Local\Microsoft\input\he-IL /grant everyone:(f)
  2⤵
  PID:4856
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\he-IL
    3⤵
    PID:3600
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\he-IL /grant everyone:(f)
    3⤵
    PID:3920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN /grant everyone:(f)
  2⤵
  PID:4352
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN
    3⤵
    PID:1516
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN /grant everyone:(f)
    3⤵
    PID:1364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA /grant everyone:(f)
  2⤵
  PID:2020
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA
    3⤵
    PID:1096
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA /grant everyone:(f)
    3⤵
    PID:852
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR /grant everyone:(f)
  2⤵
  PID:688
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR
    3⤵
    PID:2288
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR /grant everyone:(f)
    3⤵
    PID:5076
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU /grant everyone:(f)
  2⤵
  PID:3168
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU
    3⤵
    PID:2820
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU /grant everyone:(f)
    3⤵
    PID:4696
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM /grant everyone:(f)
  2⤵
  PID:4340
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM
    3⤵
    PID:3008
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM /grant everyone:(f)
    3⤵
    PID:4248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\id-ID && icacls C:\Users\Admin\AppData\Local\Microsoft\input\id-ID /grant everyone:(f)
  2⤵
  PID:2544
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\id-ID
    3⤵
    PID:560
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\id-ID /grant everyone:(f)
    3⤵
    PID:1576
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\it-CH && icacls C:\Users\Admin\AppData\Local\Microsoft\input\it-CH /grant everyone:(f)
  2⤵
  PID:4432
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\it-CH
    3⤵
    PID:4652
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\it-CH /grant everyone:(f)
    3⤵
    PID:4960
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\it-IT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\it-IT /grant everyone:(f)
  2⤵
  PID:3492
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\it-IT
    3⤵
    PID:1076
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\it-IT /grant everyone:(f)
    3⤵
    PID:1640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE /grant everyone:(f)
  2⤵
  PID:1204
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE
    3⤵
    PID:3960
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE /grant everyone:(f)
    3⤵
    PID:4840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ /grant everyone:(f)
  2⤵
  PID:4404
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ
    3⤵
    PID:2872
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ /grant everyone:(f)
    3⤵
    PID:2864
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT /grant everyone:(f)
  2⤵
  PID:3704
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT
    3⤵
    PID:3852
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT /grant everyone:(f)
    3⤵
    PID:2304