087315508cc43b632dae4750608cf107dfd454e2beacb03eeb4b43d013906d3d

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

target.vbs
Size

828B
MD5

333ac8009978dfe4bc0e7ea72ad31289
SHA1

a8bc098f840e1b0faadb82d1087cf571e979a80d
SHA256

087315508cc43b632dae4750608cf107dfd454e2beacb03eeb4b43d013906d3d
SHA512

9a3886771f4b12576d9e155077b968b63932689a42e31e2d32642d6a9a46030e2157ea4da58bfddae5a6b37200174a990095e6f9776411a59f8b302fb7a42f9d

Score

9^/10

credential_access discovery exploit ransomware spyware stealer

Malware Config

Signatures

Renames multiple (1934) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Possible privilege escalation attempt 64 IoCs

exploit

pid	Process
3732	Process not Found
4000	Process not Found
1164	Process not Found
3712	Process not Found
840	Process not Found
4336	Process not Found
2816	takeown.exe
3932	takeown.exe
4200	Process not Found
5084	Process not Found
4744	takeown.exe
216	takeown.exe
2340	Process not Found
1164	Process not Found
3488	Process not Found
544	takeown.exe
3416	icacls.exe
3108	Process not Found
228	Process not Found
3884	takeown.exe
4628	Process not Found
4024	Process not Found
4836	Process not Found
1540	Process not Found
4356	Process not Found
4932	Process not Found
4880	Process not Found
1380	Process not Found
3640	Process not Found
952	Process not Found
1616	takeown.exe
1100	Process not Found
2964	Process not Found
408	Process not Found
700	Process not Found
2884	Process not Found
4560	takeown.exe
2944	Process not Found
3284	Process not Found
4060	Process not Found
4872	Process not Found
4872	Process not Found
3120	icacls.exe
1912	Process not Found
4604	Process not Found
4200	Process not Found
4780	Process not Found
1392	Process not Found
2376	Process not Found
4180	takeown.exe
4552	icacls.exe
2240	Process not Found
4472	Process not Found
208	Process not Found
744	Process not Found
1212	Process not Found
844	icacls.exe
2120	Process not Found
1932	Process not Found
4144	Process not Found
4980	Process not Found
1400	Process not Found
3668	Process not Found
2964	Process not Found

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	WScript.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Modifies file permissions 1 TTPs 64 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2236	takeown.exe
4060	icacls.exe
1520	Process not Found
3452	Process not Found
4764	Process not Found
1824	Process not Found
1620	takeown.exe
2684	Process not Found
4228	Process not Found
4372	Process not Found
3728	Process not Found
4460	Process not Found
1456	Process not Found
440	Process not Found
232	Process not Found
4268	Process not Found
64	Process not Found
808	Process not Found
1516	Process not Found
1196	takeown.exe
4316	takeown.exe
2264	Process not Found
3380	Process not Found
1396	Process not Found
4888	Process not Found
1924	takeown.exe
2004	Process not Found
232	Process not Found
772	Process not Found
4432	takeown.exe
4984	Process not Found
4692	Process not Found
1684	Process not Found
844	Process not Found
2156	Process not Found
2576	Process not Found
64	Process not Found
3952	Process not Found
1212	Process not Found
4496	takeown.exe
1552	Process not Found
1656	Process not Found
2068	Process not Found
532	Process not Found
428	Process not Found
3440	Process not Found
3608	takeown.exe
3792	icacls.exe
3212	Process not Found
2372	Process not Found
1312	Process not Found
4720	Process not Found
2728	Process not Found
4780	Process not Found
4528	Process not Found
1640	Process not Found
3580	Process not Found
4444	Process not Found
5116	icacls.exe
4356	Process not Found
4532	Process not Found
4632	Process not Found
1028	Process not Found
4244	Process not Found

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Password Policy Discovery 1 TTPs
Attempt to access detailed information about the password policy used within an enterprise network.
discovery

Password Policy Discovery
T1201
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2332	cmd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
388	WScript.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
388	WScript.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 4920	388	WScript.exe	82
PID 388 wrote to memory of 4920	388	WScript.exe	82
PID 4920 wrote to memory of 2928	4920	cmd.exe	84
PID 4920 wrote to memory of 2928	4920	cmd.exe	84
PID 4920 wrote to memory of 404	4920	cmd.exe	85
PID 4920 wrote to memory of 404	4920	cmd.exe	85
PID 388 wrote to memory of 3948	388	WScript.exe	86
PID 388 wrote to memory of 3948	388	WScript.exe	86
PID 3948 wrote to memory of 1572	3948	cmd.exe	88
PID 3948 wrote to memory of 1572	3948	cmd.exe	88
PID 3948 wrote to memory of 1104	3948	cmd.exe	89
PID 3948 wrote to memory of 1104	3948	cmd.exe	89
PID 388 wrote to memory of 2892	388	WScript.exe	90
PID 388 wrote to memory of 2892	388	WScript.exe	90
PID 2892 wrote to memory of 1424	2892	cmd.exe	92
PID 2892 wrote to memory of 1424	2892	cmd.exe	92
PID 388 wrote to memory of 4312	388	WScript.exe	93
PID 388 wrote to memory of 4312	388	WScript.exe	93
PID 4312 wrote to memory of 1932	4312	cmd.exe	95
PID 4312 wrote to memory of 1932	4312	cmd.exe	95
PID 4312 wrote to memory of 2640	4312	cmd.exe	96
PID 4312 wrote to memory of 2640	4312	cmd.exe	96
PID 388 wrote to memory of 4452	388	WScript.exe	97
PID 388 wrote to memory of 4452	388	WScript.exe	97
PID 4452 wrote to memory of 3728	4452	cmd.exe	99
PID 4452 wrote to memory of 3728	4452	cmd.exe	99
PID 4452 wrote to memory of 3284	4452	cmd.exe	100
PID 4452 wrote to memory of 3284	4452	cmd.exe	100
PID 388 wrote to memory of 2004	388	WScript.exe	101
PID 388 wrote to memory of 2004	388	WScript.exe	101
PID 2004 wrote to memory of 452	2004	cmd.exe	103
PID 2004 wrote to memory of 452	2004	cmd.exe	103
PID 2004 wrote to memory of 844	2004	cmd.exe	104
PID 2004 wrote to memory of 844	2004	cmd.exe	104
PID 388 wrote to memory of 4244	388	WScript.exe	105
PID 388 wrote to memory of 4244	388	WScript.exe	105
PID 4244 wrote to memory of 1040	4244	cmd.exe	107
PID 4244 wrote to memory of 1040	4244	cmd.exe	107
PID 4244 wrote to memory of 3048	4244	cmd.exe	108
PID 4244 wrote to memory of 3048	4244	cmd.exe	108
PID 388 wrote to memory of 3732	388	WScript.exe	109
PID 388 wrote to memory of 3732	388	WScript.exe	109
PID 3732 wrote to memory of 2732	3732	cmd.exe	111
PID 3732 wrote to memory of 2732	3732	cmd.exe	111
PID 3732 wrote to memory of 4428	3732	cmd.exe	112
PID 3732 wrote to memory of 4428	3732	cmd.exe	112
PID 388 wrote to memory of 2404	388	WScript.exe	113
PID 388 wrote to memory of 2404	388	WScript.exe	113
PID 2404 wrote to memory of 4440	2404	cmd.exe	115
PID 2404 wrote to memory of 4440	2404	cmd.exe	115
PID 2404 wrote to memory of 1516	2404	cmd.exe	116
PID 2404 wrote to memory of 1516	2404	cmd.exe	116
PID 388 wrote to memory of 4932	388	WScript.exe	117
PID 388 wrote to memory of 4932	388	WScript.exe	117
PID 4932 wrote to memory of 4692	4932	cmd.exe	119
PID 4932 wrote to memory of 4692	4932	cmd.exe	119
PID 4932 wrote to memory of 1968	4932	cmd.exe	120
PID 4932 wrote to memory of 1968	4932	cmd.exe	120
PID 388 wrote to memory of 4988	388	WScript.exe	121
PID 388 wrote to memory of 4988	388	WScript.exe	121
PID 4988 wrote to memory of 4456	4988	cmd.exe	123
PID 4988 wrote to memory of 4456	4988	cmd.exe	123
PID 4988 wrote to memory of 4884	4988	cmd.exe	124
PID 4988 wrote to memory of 4884	4988	cmd.exe	124

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
1⤵
- Checks computer location settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\ && icacls C:\Users\ /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4920
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\
    3⤵
    PID:2928
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\ /grant everyone:(f)
    3⤵
    PID:404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin && icacls C:\Users\Admin /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3948
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin
    3⤵
    PID:1572
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin /grant everyone:(f)
    3⤵
    PID:1104
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\3D Objects && icacls C:\Users\Admin\3D Objects /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2892
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\3D Objects
    3⤵
    PID:1424
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData && icacls C:\Users\Admin\AppData /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4312
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData
    3⤵
    PID:1932
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData /grant everyone:(f)
    3⤵
    PID:2640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local && icacls C:\Users\Admin\AppData\Local /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4452
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local
    3⤵
    PID:3728
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local /grant everyone:(f)
    3⤵
    PID:3284
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe && icacls C:\Users\Admin\AppData\Local\Adobe /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe
    3⤵
    PID:452
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe /grant everyone:(f)
    3⤵
    PID:844
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4244
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat
    3⤵
    PID:1040
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat /grant everyone:(f)
    3⤵
    PID:3048
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC
    3⤵
    PID:2732
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC /grant everyone:(f)
    3⤵
    PID:4428
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2404
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache
    3⤵
    PID:4440
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache /grant everyone:(f)
    3⤵
    PID:1516
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr && icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4932
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr
    3⤵
    PID:4692
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\ToolsSearchCacheRdr /grant everyone:(f)
    3⤵
    PID:1968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Color && icacls C:\Users\Admin\AppData\Local\Adobe\Color /grant everyone:(f)
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4988
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Color
    3⤵
    PID:4456
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Color /grant everyone:(f)
    3⤵
    PID:4884
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Adobe\Color\Profiles && icacls C:\Users\Admin\AppData\Local\Adobe\Color\Profiles /grant everyone:(f)
  2⤵
  PID:1888
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Adobe\Color\Profiles
    3⤵
    PID:4992
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Adobe\Color\Profiles /grant everyone:(f)
    3⤵
    PID:1344
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Application Data && icacls C:\Users\Admin\AppData\Local\Application Data /grant everyone:(f)
  2⤵
  PID:5024
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Application Data
    3⤵
    PID:1812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms && icacls C:\Users\Admin\AppData\Local\Comms /grant everyone:(f)
  2⤵
  PID:4208
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms
    3⤵
    PID:4024
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms /grant everyone:(f)
    3⤵
    PID:3588
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore && icacls C:\Users\Admin\AppData\Local\Comms\Unistore /grant everyone:(f)
  2⤵
  PID:1900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore
    3⤵
    PID:2016
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms\Unistore /grant everyone:(f)
    3⤵
    PID:3552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore\data && icacls C:\Users\Admin\AppData\Local\Comms\Unistore\data /grant everyone:(f)
  2⤵
  PID:1108
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore\data
    3⤵
    PID:4584
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms\Unistore\data /grant everyone:(f)
    3⤵
    PID:8
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp && icacls C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp /grant everyone:(f)
  2⤵
  PID:1432
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp
    3⤵
    PID:936
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms\Unistore\data\temp /grant everyone:(f)
    3⤵
    PID:2984
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Comms\UnistoreDB && icacls C:\Users\Admin\AppData\Local\Comms\UnistoreDB /grant everyone:(f)
  2⤵
  PID:4908
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Comms\UnistoreDB
    3⤵
    PID:4820
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Comms\UnistoreDB /grant everyone:(f)
    3⤵
    PID:2476
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform && icacls C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform /grant everyone:(f)
  2⤵
  PID:4300
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform
    3⤵
    PID:2928
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform /grant everyone:(f)
    3⤵
    PID:404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin && icacls C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin /grant everyone:(f)
  2⤵
  PID:4008
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin
    3⤵
    PID:1572
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin /grant everyone:(f)
    3⤵
    PID:2252
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google && icacls C:\Users\Admin\AppData\Local\Google /grant everyone:(f)
  2⤵
  PID:264
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google
    3⤵
    PID:3708
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Google /grant everyone:(f)
    3⤵
    PID:2576
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome /grant everyone:(f)
  2⤵
  PID:3088
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome
    3⤵
    PID:5056
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Google\Chrome /grant everyone:(f)
    3⤵
    PID:3700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data /grant everyone:(f)
  2⤵
  PID:2240
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data
    3⤵
    PID:408
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates /grant everyone:(f)
  2⤵
  PID:4896
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\AutofillStates
    3⤵
    - Possible privilege escalation attempt
    PID:1616
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics /grant everyone:(f)
  2⤵
  PID:3156
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics
    3⤵
    PID:2528
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation /grant everyone:(f)
  2⤵
  PID:4472
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CertificateRevocation
    3⤵
    PID:840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad /grant everyone:(f)
  2⤵
  PID:5072
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad
    3⤵
    PID:452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments /grant everyone:(f)
  2⤵
  PID:844
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\attachments
    3⤵
    PID:2068
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports /grant everyone:(f)
  2⤵
  PID:432
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports
    3⤵
    PID:412
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny /grant everyone:(f)
  2⤵
  PID:208
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crowd Deny
    3⤵
    PID:440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default /grant everyone:(f)
  2⤵
  PID:3560
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
    3⤵
    PID:4036
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase /grant everyone:(f)
  2⤵
  PID:3596
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
    3⤵
    PID:4936
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage /grant everyone:(f)
  2⤵
  PID:3624
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage
    3⤵
    PID:876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\4d10e948-1e08-40a6-92eb-53a345484c0c && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\4d10e948-1e08-40a6-92eb-53a345484c0c /grant everyone:(f)
  2⤵
  PID:4260
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\4d10e948-1e08-40a6-92eb-53a345484c0c
    3⤵
    PID:3212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase /grant everyone:(f)
  2⤵
  PID:3840
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
    3⤵
    PID:1100
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache /grant everyone:(f)
  2⤵
  PID:4988
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache
    3⤵
    PID:4992
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data /grant everyone:(f)
  2⤵
  PID:1028
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data
    3⤵
    PID:4488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db /grant everyone:(f)
  2⤵
  PID:3836
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db
    3⤵
    PID:4320
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache /grant everyone:(f)
  2⤵
  PID:812
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache
    3⤵
    PID:216
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js /grant everyone:(f)
  2⤵
  PID:4208
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
    3⤵
    PID:760
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir /grant everyone:(f)
  2⤵
  PID:4604
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
    3⤵
    PID:1328
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm /grant everyone:(f)
  2⤵
  PID:4584
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
    3⤵
    PID:5108
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir /grant everyone:(f)
  2⤵
  PID:2704
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
    3⤵
    PID:4840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db /grant everyone:(f)
  2⤵
  PID:1804
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
    3⤵
    PID:2092
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db /grant everyone:(f)
  2⤵
  PID:5092
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db
    3⤵
    PID:224
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases /grant everyone:(f)
  2⤵
  PID:2388
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases
    3⤵
    PID:2028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache /grant everyone:(f)
  2⤵
  PID:2812
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache
    3⤵
    PID:2908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db /grant everyone:(f)
  2⤵
  PID:3248
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db
    3⤵
    PID:3472
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service /grant everyone:(f)
  2⤵
  PID:1352
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service
    3⤵
    PID:4048
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB /grant everyone:(f)
  2⤵
  PID:2892
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
    3⤵
    PID:4068
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files /grant everyone:(f)
  2⤵
  PID:1164
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
    3⤵
    PID:3792
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules /grant everyone:(f)
  2⤵
  PID:2916
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
    3⤵
    PID:2684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts /grant everyone:(f)
  2⤵
  PID:3672
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
    3⤵
    PID:4876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State /grant everyone:(f)
  2⤵
  PID:3512
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State
    3⤵
    PID:4484
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions /grant everyone:(f)
  2⤵
  PID:4000
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions
    3⤵
    PID:452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi /grant everyone:(f)
  2⤵
  PID:1400
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    3⤵
    PID:2168
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0 /grant everyone:(f)
  2⤵
  PID:2552
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0
    3⤵
    PID:3520
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales /grant everyone:(f)
  2⤵
  PID:3108
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales
    3⤵
    PID:4428
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\af && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\af /grant everyone:(f)
  2⤵
  PID:2320
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\af
    3⤵
    PID:3820
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\am && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\am /grant everyone:(f)
  2⤵
  PID:2964
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\am
    3⤵
    PID:4136
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ar && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ar /grant everyone:(f)
  2⤵
  PID:1504
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ar
    3⤵
    PID:4932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\az && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\az /grant everyone:(f)
  2⤵
  PID:4260
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\az
    3⤵
    PID:532
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\be && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\be /grant everyone:(f)
  2⤵
  PID:3840
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\be
    3⤵
    PID:1676
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bg && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bg /grant everyone:(f)
  2⤵
  PID:2352
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bg
    3⤵
    PID:2932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bn && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bn /grant everyone:(f)
  2⤵
  PID:1636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\bn
    3⤵
    PID:4320
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ca && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ca /grant everyone:(f)
  2⤵
  PID:4868
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ca
    3⤵
    PID:4412
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cs && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cs /grant everyone:(f)
  2⤵
  PID:232
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cs
    3⤵
    PID:1904
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cy && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cy /grant everyone:(f)
  2⤵
  PID:3280
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\cy
    3⤵
    PID:3552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\da && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\da /grant everyone:(f)
  2⤵
  PID:3380
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\da
    3⤵
    PID:2608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\de && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\de /grant everyone:(f)
  2⤵
  PID:4644
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\de
    3⤵
    PID:3172
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\el && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\el /grant everyone:(f)
  2⤵
  PID:4212
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\el
    3⤵
    PID:1544
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en /grant everyone:(f)
  2⤵
  PID:2092
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en
    3⤵
    PID:3616
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_CA && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_CA /grant everyone:(f)
  2⤵
  PID:4944
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_CA
    3⤵
    PID:3996
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_GB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_GB /grant everyone:(f)
  2⤵
  PID:2028
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_GB
    3⤵
    PID:1228
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_US && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_US /grant everyone:(f)
  2⤵
  PID:4900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\en_US
    3⤵
    PID:3492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es /grant everyone:(f)
  2⤵
  PID:3472
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es
    3⤵
    PID:4516
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es_419 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es_419 /grant everyone:(f)
  2⤵
  PID:4204
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\es_419
    3⤵
    PID:2360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\et && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\et /grant everyone:(f)
  2⤵
  PID:1032
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\et
    3⤵
    PID:4336
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\eu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\eu /grant everyone:(f)
  2⤵
  PID:3792
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\eu
    3⤵
    PID:2412
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fa && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fa /grant everyone:(f)
  2⤵
  PID:2496
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fa
    3⤵
    PID:2528
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fi /grant everyone:(f)
  2⤵
  PID:1080
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fi
    3⤵
    PID:1768
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fil && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fil /grant everyone:(f)
  2⤵
  PID:4420
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fil
    3⤵
    PID:3968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr /grant everyone:(f)
  2⤵
  PID:4960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr
    3⤵
    PID:2004
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr_CA && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr_CA /grant everyone:(f)
  2⤵
  PID:5084
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\fr_CA
    3⤵
    PID:4244
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gl /grant everyone:(f)
  2⤵
  PID:412
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gl
    3⤵
    PID:3536
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gu /grant everyone:(f)
  2⤵
  PID:3884
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\gu
    3⤵
    PID:3568
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hi /grant everyone:(f)
  2⤵
  PID:2032
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hi
    3⤵
    PID:3820
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hr /grant everyone:(f)
  2⤵
  PID:4324
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hr
    3⤵
    PID:3216
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hu /grant everyone:(f)
  2⤵
  PID:3504
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hu
    3⤵
    PID:4932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hy && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hy /grant everyone:(f)
  2⤵
  PID:4964
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\hy
    3⤵
    PID:1620
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\id && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\id /grant everyone:(f)
  2⤵
  PID:4880
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\id
    3⤵
    PID:4988
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\is && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\is /grant everyone:(f)
  2⤵
  PID:2372
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\is
    3⤵
    PID:4784
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\it && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\it /grant everyone:(f)
  2⤵
  PID:4140
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\it
    3⤵
    PID:920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\iw && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\iw /grant everyone:(f)
  2⤵
  PID:4236
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\iw
    3⤵
    PID:812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ja && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ja /grant everyone:(f)
  2⤵
  PID:4624
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ja
    3⤵
    PID:3460
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ka && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ka /grant everyone:(f)
  2⤵
  PID:3488
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ka
    3⤵
    PID:2540
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kk /grant everyone:(f)
  2⤵
  PID:2608
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kk
    3⤵
    PID:4400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\km && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\km /grant everyone:(f)
  2⤵
  PID:1928
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\km
    3⤵
    PID:1964
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kn && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kn /grant everyone:(f)
  2⤵
  PID:2380
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\kn
    3⤵
    PID:228
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ko && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ko /grant everyone:(f)
  2⤵
  PID:952
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ko
    3⤵
    PID:4300
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lo && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lo /grant everyone:(f)
  2⤵
  PID:1728
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lo
    3⤵
    PID:2592
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lt && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lt /grant everyone:(f)
  2⤵
  PID:404
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lt
    3⤵
    PID:4380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lv && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lv /grant everyone:(f)
  2⤵
  PID:1088
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\lv
    3⤵
    PID:3700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ml && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ml /grant everyone:(f)
  2⤵
  PID:3364
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ml
    3⤵
    PID:4524
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mn && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mn /grant everyone:(f)
  2⤵
  PID:5056
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mn
    3⤵
    PID:3748
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mr /grant everyone:(f)
  2⤵
  PID:1424
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\mr
    3⤵
    PID:4896
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ms && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ms /grant everyone:(f)
  2⤵
  PID:3792
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ms
    3⤵
    PID:2116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\my && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\my /grant everyone:(f)
  2⤵
  PID:2496
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\my
    3⤵
    PID:4452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ne && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ne /grant everyone:(f)
  2⤵
  PID:1996
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ne
    3⤵
    PID:4372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\nl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\nl /grant everyone:(f)
  2⤵
  PID:2152
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\nl
    3⤵
    PID:1864
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\no && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\no /grant everyone:(f)
  2⤵
  PID:452
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\no
    3⤵
    PID:2988
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pa && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pa /grant everyone:(f)
  2⤵
  PID:1400
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pa
    3⤵
    - Possible privilege escalation attempt
    PID:4180
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pl /grant everyone:(f)
  2⤵
  PID:396
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pl
    3⤵
    - Modifies file permissions
    PID:4432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_BR && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_BR /grant everyone:(f)
  2⤵
  PID:2732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_BR
    3⤵
    PID:4744
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_PT && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_PT /grant everyone:(f)
  2⤵
  PID:2816
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\pt_PT
    3⤵
    PID:4136
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ro && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ro /grant everyone:(f)
  2⤵
  PID:2056
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ro
    3⤵
    PID:3308
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ru && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ru /grant everyone:(f)
  2⤵
  PID:4528
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ru
    3⤵
    PID:704
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\si && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\si /grant everyone:(f)
  2⤵
  PID:1100
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\si
    3⤵
    PID:4256
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sk /grant everyone:(f)
  2⤵
  PID:2424
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sk
    3⤵
    PID:3952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sl /grant everyone:(f)
  2⤵
  PID:2416
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sl
    3⤵
    PID:3912
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sr /grant everyone:(f)
  2⤵
  PID:1552
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sr
    3⤵
    PID:3096
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sv && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sv /grant everyone:(f)
  2⤵
  PID:2284
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sv
    3⤵
    PID:772
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sw && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sw /grant everyone:(f)
  2⤵
  PID:1512
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\sw
    3⤵
    PID:1296
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ta && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ta /grant everyone:(f)
  2⤵
  PID:2628
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ta
    3⤵
    - Modifies file permissions
    PID:1196
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\te && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\te /grant everyone:(f)
  2⤵
  PID:1540
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\te
    3⤵
    PID:1784
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\th && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\th /grant everyone:(f)
  2⤵
  PID:1772
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\th
    3⤵
    PID:2872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\tr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\tr /grant everyone:(f)
  2⤵
  PID:1544
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\tr
    3⤵
    PID:2092
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\uk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\uk /grant everyone:(f)
  2⤵
  PID:2248
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\uk
    3⤵
    PID:548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ur && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ur /grant everyone:(f)
  2⤵
  PID:4316
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\ur
    3⤵
    PID:1776
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\vi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\vi /grant everyone:(f)
  2⤵
  PID:3124
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\vi
    3⤵
    PID:2200
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_CN && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_CN /grant everyone:(f)
  2⤵
  PID:2184
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_CN
    3⤵
    PID:2488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_HK && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_HK /grant everyone:(f)
  2⤵
  PID:2960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_HK
    3⤵
    PID:3936
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_TW && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_TW /grant everyone:(f)
  2⤵
  PID:3932
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zh_TW
    3⤵
    PID:1164
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zu /grant everyone:(f)
  2⤵
  PID:2892
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_locales\zu
    3⤵
    PID:4020
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_metadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_metadata /grant everyone:(f)
  2⤵
  PID:408
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.80.1_0\_metadata
    3⤵
    PID:5012
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda /grant everyone:(f)
  2⤵
  PID:4312
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
    3⤵
    PID:840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 /grant everyone:(f)
  2⤵
  PID:1996
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0
    3⤵
    PID:2452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css /grant everyone:(f)
  2⤵
  PID:4420
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css
    3⤵
    PID:3752
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html /grant everyone:(f)
  2⤵
  PID:208
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html
    3⤵
    PID:4180
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images /grant everyone:(f)
  2⤵
  PID:4788
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images
    3⤵
    PID:440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales /grant everyone:(f)
  2⤵
  PID:2320
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales
    3⤵
    PID:3560
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg /grant everyone:(f)
  2⤵
  PID:2724
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg
    3⤵
    PID:1500
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca /grant everyone:(f)
  2⤵
  PID:2696
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ca
    3⤵
    PID:4800
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs /grant everyone:(f)
  2⤵
  PID:1696
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs
    3⤵
    PID:764
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da /grant everyone:(f)
  2⤵
  PID:4012
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da
    3⤵
    PID:3840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de /grant everyone:(f)
  2⤵
  PID:2668
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de
    3⤵
    PID:1812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el /grant everyone:(f)
  2⤵
  PID:2952
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el
    3⤵
    PID:2244
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en /grant everyone:(f)
  2⤵
  PID:1044
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en
    3⤵
    PID:1900
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB /grant everyone:(f)
  2⤵
  PID:3636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB
    3⤵
    PID:3552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es /grant everyone:(f)
  2⤵
  PID:4040
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es
    3⤵
    PID:3488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 /grant everyone:(f)
  2⤵
  PID:2628
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419
    3⤵
    PID:1540
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et /grant everyone:(f)
  2⤵
  PID:936
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et
    3⤵
    PID:1536
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi /grant everyone:(f)
  2⤵
  PID:2388
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fi
    3⤵
    PID:1408
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil /grant everyone:(f)
  2⤵
  PID:1728
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fil
    3⤵
    PID:4380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr /grant everyone:(f)
  2⤵
  PID:1392
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr
    3⤵
    PID:4124
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi /grant everyone:(f)
  2⤵
  PID:3700
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi
    3⤵
    PID:1032
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr /grant everyone:(f)
  2⤵
  PID:1352
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr
    3⤵
    PID:5056
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu /grant everyone:(f)
  2⤵
  PID:2240
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu
    3⤵
    PID:1556
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id /grant everyone:(f)
  2⤵
  PID:4384
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id
    3⤵
    PID:3640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it /grant everyone:(f)
  2⤵
  PID:1660
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it
    3⤵
    PID:3712
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja /grant everyone:(f)
  2⤵
  PID:3220
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja
    3⤵
    PID:4876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko /grant everyone:(f)
  2⤵
  PID:2452
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko
    3⤵
    PID:1680
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt /grant everyone:(f)
  2⤵
  PID:4960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt
    3⤵
    PID:4492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv /grant everyone:(f)
  2⤵
  PID:1516
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv
    3⤵
    PID:3536
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb /grant everyone:(f)
  2⤵
  PID:1220
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb
    3⤵
    PID:440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl /grant everyone:(f)
  2⤵
  PID:4004
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl
    3⤵
    - Possible privilege escalation attempt
    PID:2816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl /grant everyone:(f)
  2⤵
  PID:3624
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl
    3⤵
    PID:4116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR /grant everyone:(f)
  2⤵
  PID:4808
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR
    3⤵
    PID:4260
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT /grant everyone:(f)
  2⤵
  PID:4456
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT
    3⤵
    PID:1676
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro /grant everyone:(f)
  2⤵
  PID:1888
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ro
    3⤵
    PID:1652
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru /grant everyone:(f)
  2⤵
  PID:1624
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru
    3⤵
    PID:4480
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk /grant everyone:(f)
  2⤵
  PID:2920
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk
    3⤵
    PID:2372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl /grant everyone:(f)
  2⤵
  PID:1552
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl
    3⤵
    PID:4140
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr /grant everyone:(f)
  2⤵
  PID:1296
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr
    3⤵
    PID:3240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv /grant everyone:(f)
  2⤵
  PID:1328
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sv
    3⤵
    PID:3488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th /grant everyone:(f)
  2⤵
  PID:1540
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th
    3⤵
    PID:4448
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr /grant everyone:(f)
  2⤵
  PID:3900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr
    3⤵
    PID:3492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk /grant everyone:(f)
  2⤵
  PID:5060
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk
    3⤵
    PID:1104
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi /grant everyone:(f)
  2⤵
  PID:916
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\vi
    3⤵
    PID:1560
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN /grant everyone:(f)
  2⤵
  PID:1392
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN
    3⤵
    PID:3364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW /grant everyone:(f)
  2⤵
  PID:1088
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_TW
    3⤵
    PID:4204
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata /grant everyone:(f)
  2⤵
  PID:3832
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata
    3⤵
    PID:4700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp /grant everyone:(f)
  2⤵
  PID:3932
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp
    3⤵
    PID:4348
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker /grant everyone:(f)
  2⤵
  PID:1424
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
    3⤵
    PID:2116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB /grant everyone:(f)
  2⤵
  PID:3792
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
    3⤵
    PID:3156
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB /grant everyone:(f)
  2⤵
  PID:4452
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
    3⤵
    PID:4372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store /grant everyone:(f)
  2⤵
  PID:4860
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store
    3⤵
    PID:4420
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption /grant everyone:(f)
  2⤵
  PID:536
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
    3⤵
    PID:4240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache /grant everyone:(f)
  2⤵
  PID:208
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache
    3⤵
    - Possible privilege escalation attempt
    PID:3884
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings /grant everyone:(f)
  2⤵
  PID:3596
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
    3⤵
    PID:1504
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi /grant everyone:(f)
  2⤵
  PID:3308
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi
    3⤵
    PID:1500
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage /grant everyone:(f)
  2⤵
  PID:2404
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage
    3⤵
    PID:2056
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb /grant everyone:(f)
  2⤵
  PID:704
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
    3⤵
    PID:4404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network /grant everyone:(f)
  2⤵
  PID:4532
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network
    3⤵
    PID:4256
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store /grant everyone:(f)
  2⤵
  PID:4880
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
    3⤵
    PID:3692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db /grant everyone:(f)
  2⤵
  PID:1072
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db
    3⤵
    PID:760
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials /grant everyone:(f)
  2⤵
  PID:1028
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
    3⤵
    PID:1440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network /grant everyone:(f)
  2⤵
  PID:3460
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network
    3⤵
    PID:1432
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform /grant everyone:(f)
  2⤵
  PID:2024
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
    3⤵
    - Modifies file permissions
    PID:4496
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB /grant everyone:(f)
  2⤵
  PID:3140
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
    3⤵
    PID:632
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB /grant everyone:(f)
  2⤵
  PID:4104
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
    3⤵
    PID:2332
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB /grant everyone:(f)
  2⤵
  PID:3616
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
    3⤵
    PID:952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker /grant everyone:(f)
  2⤵
  PID:2888
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker
    3⤵
    PID:4716
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database /grant everyone:(f)
  2⤵
  PID:4900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database
    3⤵
    PID:2348
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache /grant everyone:(f)
  2⤵
  PID:2960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache
    3⤵
    PID:1088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir /grant everyone:(f)
  2⤵
  PID:3472
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir
    3⤵
    PID:4108
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage /grant everyone:(f)
  2⤵
  PID:1164
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage
    3⤵
    PID:3132
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions /grant everyone:(f)
  2⤵
  PID:4336
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions
    3⤵
    PID:2412
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary /grant everyone:(f)
  2⤵
  PID:4896
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary
    3⤵
    PID:3792
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache /grant everyone:(f)
  2⤵
  PID:3156
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache
    3⤵
    PID:1912
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir /grant everyone:(f)
  2⤵
  PID:1080
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir
    3⤵
    PID:464
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db /grant everyone:(f)
  2⤵
  PID:2660
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
    3⤵
    PID:3608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata /grant everyone:(f)
  2⤵
  PID:3520
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
    3⤵
    PID:3716
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database /grant everyone:(f)
  2⤵
  PID:3560
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
    3⤵
    PID:4872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage /grant everyone:(f)
  2⤵
  PID:4116
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage
    3⤵
    PID:4136
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext /grant everyone:(f)
  2⤵
  PID:2944
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
    3⤵
    PID:2120
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda /grant everyone:(f)
  2⤵
  PID:1696
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
    3⤵
    PID:1676
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def /grant everyone:(f)
  2⤵
  PID:2272
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
    3⤵
    PID:4988
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache /grant everyone:(f)
  2⤵
  PID:2416
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
    3⤵
    PID:4848
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data /grant everyone:(f)
  2⤵
  PID:1636
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
    3⤵
    PID:4412
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache /grant everyone:(f)
  2⤵
  PID:4236
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
    3⤵
    PID:376
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js /grant everyone:(f)
  2⤵
  PID:3488
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
    3⤵
    PID:228
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir /grant everyone:(f)
  2⤵
  PID:5044
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
    3⤵
    PID:2332
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm /grant everyone:(f)
  2⤵
  PID:336
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
    3⤵
    PID:4316
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir /grant everyone:(f)
  2⤵
  PID:3124
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
    3⤵
    PID:4144
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache /grant everyone:(f)
  2⤵
  PID:2456
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
    3⤵
    PID:2576
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache /grant everyone:(f)
  2⤵
  PID:3516
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
    3⤵
    PID:1088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage /grant everyone:(f)
  2⤵
  PID:988
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
    3⤵
    - Possible privilege escalation attempt
    PID:3932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb /grant everyone:(f)
  2⤵
  PID:4384
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
    3⤵
    PID:1424
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network /grant everyone:(f)
  2⤵
  PID:428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
    3⤵
    PID:4908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage /grant everyone:(f)
  2⤵
  PID:840
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
    3⤵
    PID:2008
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary /grant everyone:(f)
  2⤵
  PID:4720
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary
    3⤵
    PID:1864
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache /grant everyone:(f)
  2⤵
  PID:3752
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache
    3⤵
    PID:1400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache\index-dir && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache\index-dir /grant everyone:(f)
  2⤵
  PID:732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Shared Dictionary\cache\index-dir
    3⤵
    PID:4428
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data /grant everyone:(f)
  2⤵
  PID:396
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data
    3⤵
    PID:4936
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB /grant everyone:(f)
  2⤵
  PID:1504
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
    3⤵
    PID:2356
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications /grant everyone:(f)
  2⤵
  PID:3308
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications
    3⤵
    PID:1968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources /grant everyone:(f)
  2⤵
  PID:4800
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
    3⤵
    PID:4200
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak /grant everyone:(f)
  2⤵
  PID:704
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak
    3⤵
    PID:3416
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons /grant everyone:(f)
  2⤵
  PID:1396
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons
    3⤵
    PID:4464
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable /grant everyone:(f)
  2⤵
  PID:4060
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Maskable
    3⤵
    PID:4472
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:1344
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome
    3⤵
    PID:376
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml /grant everyone:(f)
  2⤵
  PID:2284
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml
    3⤵
    PID:1784
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons /grant everyone:(f)
  2⤵
  PID:2268
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons
    3⤵
    PID:2332
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable /grant everyone:(f)
  2⤵
  PID:3992
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable
    3⤵
    - Modifies file permissions
    PID:4316
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:5060
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome
    3⤵
    PID:4616
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf /grant everyone:(f)
  2⤵
  PID:3124
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf
    3⤵
    PID:4360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons /grant everyone:(f)
  2⤵
  PID:2252
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons
    3⤵
    - Modifies file permissions
    PID:2236
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable /grant everyone:(f)
  2⤵
  PID:2960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable
    3⤵
    PID:5004
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:2360
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome
    3⤵
    PID:1488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm /grant everyone:(f)
  2⤵
  PID:3132
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm
    3⤵
    PID:3220
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons /grant everyone:(f)
  2⤵
  PID:428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons
    3⤵
    PID:2116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable /grant everyone:(f)
  2⤵
  PID:2004
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable
    3⤵
    PID:4608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:4420
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Monochrome
    3⤵
    PID:3752
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag /grant everyone:(f)
  2⤵
  PID:2552
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag
    3⤵
    PID:4180
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons /grant everyone:(f)
  2⤵
  PID:5068
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons
    3⤵
    PID:440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable /grant everyone:(f)
  2⤵
  PID:4936
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable
    3⤵
    - Possible privilege escalation attempt
    PID:4560
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:1504
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome
    3⤵
    PID:4136
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb /grant everyone:(f)
  2⤵
  PID:1500
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb
    3⤵
    PID:2944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons /grant everyone:(f)
  2⤵
  PID:4200
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons
    3⤵
    PID:704
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable /grant everyone:(f)
  2⤵
  PID:1696
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable
    3⤵
    PID:4532
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome /grant everyone:(f)
  2⤵
  PID:4256
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome
    3⤵
    PID:4880
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp /grant everyone:(f)
  2⤵
  PID:1072
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp
    3⤵
    PID:3240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage /grant everyone:(f)
  2⤵
  PID:4620
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage
    3⤵
    PID:4236
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies /grant everyone:(f)
  2⤵
  PID:4488
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FileTypePolicies
    3⤵
    PID:1520
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded /grant everyone:(f)
  2⤵
  PID:4040
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded
    3⤵
    PID:2872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache /grant everyone:(f)
  2⤵
  PID:2592
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache
    3⤵
    PID:3248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache /grant everyone:(f)
  2⤵
  PID:4716
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache
    3⤵
    PID:1392
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data /grant everyone:(f)
  2⤵
  PID:4048
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\hyphen-data
    3⤵
    PID:4776
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm /grant everyone:(f)
  2⤵
  PID:3748
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm
    3⤵
    PID:2684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64 /grant everyone:(f)
  2⤵
  PID:3724
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64
    3⤵
    PID:3452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload /grant everyone:(f)
  2⤵
  PID:2892
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\MEIPreload
    3⤵
    PID:4020
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel /grant everyone:(f)
  2⤵
  PID:1424
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel
    3⤵
    PID:428
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints /grant everyone:(f)
  2⤵
  PID:468
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OptimizationHints
    3⤵
    PID:4284
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials /grant everyone:(f)
  2⤵
  PID:4492
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\OriginTrials
    3⤵
    PID:4420
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata /grant everyone:(f)
  2⤵
  PID:1212
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PKIMetadata
    3⤵
    - Modifies file permissions
    PID:3608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PrivacySandboxAttestationsPreloaded && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PrivacySandboxAttestationsPreloaded /grant everyone:(f)
  2⤵
  PID:208
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PrivacySandboxAttestationsPreloaded
    3⤵
    PID:4744
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved /grant everyone:(f)
  2⤵
  PID:448
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved
    3⤵
    PID:2468
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips /grant everyone:(f)
  2⤵
  PID:1528
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips
    3⤵
    PID:2320
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform /grant everyone:(f)
  2⤵
  PID:64
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform
    3⤵
    PID:4044
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache /grant everyone:(f)
  2⤵
  PID:2056
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache
    3⤵
    PID:2964
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant /grant everyone:(f)
  2⤵
  PID:1960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant
    3⤵
    PID:3056
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter /grant everyone:(f)
  2⤵
  PID:4816
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter
    3⤵
    PID:4760
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules /grant everyone:(f)
  2⤵
  PID:2668
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules
    3⤵
    PID:3588
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64 /grant everyone:(f)
  2⤵
  PID:4600
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64
    3⤵
    PID:3460
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TpcdMetadata && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TpcdMetadata /grant everyone:(f)
  2⤵
  PID:4140
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TpcdMetadata
    3⤵
    PID:2388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments /grant everyone:(f)
  2⤵
  PID:4868
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments
    3⤵
    PID:2872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm /grant everyone:(f)
  2⤵
  PID:3488
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\WidevineCdm
    3⤵
    PID:3700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData && icacls C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData /grant everyone:(f)
  2⤵
  PID:2592
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ZxcvbnData
    3⤵
    PID:4068
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History && icacls C:\Users\Admin\AppData\Local\History /grant everyone:(f)
  2⤵
  PID:4716
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\History
    3⤵
    PID:264
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\History /grant everyone:(f)
    3⤵
    PID:4048
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\History.IE5 && icacls C:\Users\Admin\AppData\Local\History\History.IE5 /grant everyone:(f)
  2⤵
  PID:4776
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\History\History.IE5
    3⤵
    PID:4524
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\History\History.IE5 /grant everyone:(f)
    3⤵
    PID:5056
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024080220240803 && icacls C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024080220240803 /grant everyone:(f)
  2⤵
  PID:5004
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024080220240803
    3⤵
    PID:1048
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\History\History.IE5\MSHist012024080220240803 /grant everyone:(f)
    3⤵
    PID:3968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\History\Low && icacls C:\Users\Admin\AppData\Local\History\Low /grant everyone:(f)
  2⤵
  PID:2480
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\History\Low
    3⤵
    PID:4348
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\History\Low /grant everyone:(f)
    3⤵
    PID:1860
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft && icacls C:\Users\Admin\AppData\Local\Microsoft /grant everyone:(f)
  2⤵
  PID:3712
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft
    3⤵
    PID:1768
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft /grant everyone:(f)
    3⤵
    PID:4248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0 && icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0 /grant everyone:(f)
  2⤵
  PID:2168
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0
    3⤵
    PID:4484
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0 /grant everyone:(f)
    3⤵
    PID:4492
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs && icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs /grant everyone:(f)
  2⤵
  PID:4428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs
    3⤵
    PID:1212
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs /grant everyone:(f)
    3⤵
    PID:2068
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32 && icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32 /grant everyone:(f)
  2⤵
  PID:4004
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32
    3⤵
    - Possible privilege escalation attempt
    PID:4744
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32 /grant everyone:(f)
    3⤵
    - Possible privilege escalation attempt
    PID:844
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs && icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs /grant everyone:(f)
  2⤵
  PID:4444
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs
    3⤵
    PID:3108
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs /grant everyone:(f)
    3⤵
    PID:4092
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Credentials && icacls C:\Users\Admin\AppData\Local\Microsoft\Credentials /grant everyone:(f)
  2⤵
  PID:3732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Credentials
    3⤵
    PID:4404
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\Credentials /grant everyone:(f)
    3⤵
    PID:3596
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge /grant everyone:(f)
  2⤵
  PID:2032
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge
    3⤵
    PID:4280
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\Edge /grant everyone:(f)
    3⤵
    PID:2056
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data /grant everyone:(f)
  2⤵
  PID:876
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data
    3⤵
    PID:920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics /grant everyone:(f)
  2⤵
  PID:1888
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics
    3⤵
    PID:4816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation /grant everyone:(f)
  2⤵
  PID:4760
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation
    3⤵
    PID:812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad /grant everyone:(f)
  2⤵
  PID:2932
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad
    3⤵
    PID:452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports /grant everyone:(f)
  2⤵
  PID:216
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports
    3⤵
    PID:1028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default /grant everyone:(f)
  2⤵
  PID:1044
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default
    3⤵
    PID:2928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage /grant everyone:(f)
  2⤵
  PID:4144
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage
    3⤵
    PID:1104
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\da918e8f-3fa5-415a-8b81-97dfedab8f10 && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\da918e8f-3fa5-415a-8b81-97dfedab8f10 /grant everyone:(f)
  2⤵
  PID:3092
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\da918e8f-3fa5-415a-8b81-97dfedab8f10
    3⤵
    PID:1560
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache /grant everyone:(f)
  2⤵
  PID:1392
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache
    3⤵
    PID:264
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache /grant everyone:(f)
  2⤵
  PID:1940
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache
    3⤵
    PID:4524
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js /grant everyone:(f)
  2⤵
  PID:4700
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js
    3⤵
    PID:5012
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir /grant everyone:(f)
  2⤵
  PID:3672
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir
    3⤵
    PID:3640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm /grant everyone:(f)
  2⤵
  PID:4876
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm
    3⤵
    PID:1860
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir /grant everyone:(f)
  2⤵
  PID:4020
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir
    3⤵
    PID:4248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb /grant everyone:(f)
  2⤵
  PID:1912
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb
    3⤵
    PID:1400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State /grant everyone:(f)
  2⤵
  PID:2152
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State
    3⤵
    PID:732
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache /grant everyone:(f)
  2⤵
  PID:3608
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache
    3⤵
    PID:4180
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage /grant everyone:(f)
  2⤵
  PID:4744
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage
    3⤵
    PID:396
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb /grant everyone:(f)
  2⤵
  PID:1924
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb
    3⤵
    PID:2988
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage /grant everyone:(f)
  2⤵
  PID:448
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage
    3⤵
    PID:3596
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions /grant everyone:(f)
  2⤵
  PID:3732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions
    3⤵
    PID:2944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db /grant everyone:(f)
  2⤵
  PID:3504
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db
    3⤵
    PID:1396
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata /grant everyone:(f)
  2⤵
  PID:1960
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata
    3⤵
    PID:3840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database /grant everyone:(f)
  2⤵
  PID:4320
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database
    3⤵
    PID:3552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data /grant everyone:(f)
  2⤵
  PID:2920
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data
    3⤵
    PID:4268
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB /grant everyone:(f)
  2⤵
  PID:1072
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB
    3⤵
    PID:4500
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping /grant everyone:(f)
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2332
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping
    3⤵
    PID:2608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache /grant everyone:(f)
  2⤵
  PID:1520
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache
    3⤵
    PID:1532
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache /grant everyone:(f)
  2⤵
  PID:3488
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache
    3⤵
    PID:3948
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials /grant everyone:(f)
  2⤵
  PID:3124
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials
    3⤵
    PID:4900
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved /grant everyone:(f)
  2⤵
  PID:4204
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved
    3⤵
    PID:5056
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing /grant everyone:(f)
  2⤵
  PID:3088
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing
    3⤵
    PID:5012
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache /grant everyone:(f)
  2⤵
  PID:1556
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache
    3⤵
    PID:3452
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache /grant everyone:(f)
  2⤵
  PID:1660
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache
    3⤵
    PID:4908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen /grant everyone:(f)
  2⤵
  PID:4876
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen
    3⤵
    PID:468
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local /grant everyone:(f)
  2⤵
  PID:4020
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local
    3⤵
    PID:3156
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition /grant everyone:(f)
  2⤵
  PID:4860
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition
    3⤵
    PID:4240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter /grant everyone:(f)
  2⤵
  PID:2152
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter
    3⤵
    PID:4300
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules /grant everyone:(f)
  2⤵
  PID:4592
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules
    3⤵
    PID:440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists /grant everyone:(f)
  2⤵
  PID:4004
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Trust Protection Lists
    3⤵
    PID:3164
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WidevineCdm && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WidevineCdm /grant everyone:(f)
  2⤵
  PID:4092
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WidevineCdm
    3⤵
    PID:4404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData && icacls C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData /grant everyone:(f)
  2⤵
  PID:3696
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData
    3⤵
    PID:2120
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds /grant everyone:(f)
  2⤵
  PID:4044
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds
    3⤵
    PID:4532
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds /grant everyone:(f)
    3⤵
    PID:4800
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache && icacls C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache /grant everyone:(f)
  2⤵
  PID:4780
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache
    3⤵
    - Modifies file permissions
    PID:1620
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\GameDVR && icacls C:\Users\Admin\AppData\Local\Microsoft\GameDVR /grant everyone:(f)
  2⤵
  PID:4692
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\GameDVR
    3⤵
    PID:1624
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\GameDVR /grant everyone:(f)
    3⤵
    PID:1696
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input && icacls C:\Users\Admin\AppData\Local\Microsoft\input /grant everyone:(f)
  2⤵
  PID:1900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input
    3⤵
    PID:4472
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input /grant everyone:(f)
    3⤵
    PID:2920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA /grant everyone:(f)
  2⤵
  PID:4268
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA
    3⤵
    PID:3588
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\af-ZA /grant everyone:(f)
    3⤵
    PID:4620
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE /grant everyone:(f)
  2⤵
  PID:1028
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE
    3⤵
    PID:2092
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-AE /grant everyone:(f)
    3⤵
    PID:4316
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH /grant everyone:(f)
  2⤵
  PID:5044
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH
    3⤵
    PID:2888
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-BH /grant everyone:(f)
    3⤵
    PID:3488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ /grant everyone:(f)
  2⤵
  PID:3948
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ
    3⤵
    PID:2592
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-DZ /grant everyone:(f)
    3⤵
    - Possible privilege escalation attempt
    PID:3120
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG /grant everyone:(f)
  2⤵
  PID:2252
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG
    3⤵
    PID:4360
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-EG /grant everyone:(f)
    3⤵
    PID:3364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ /grant everyone:(f)
  2⤵
  PID:2360
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ
    3⤵
    PID:2456
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-IQ /grant everyone:(f)
    3⤵
    PID:4776
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO /grant everyone:(f)
  2⤵
  PID:2420
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO
    3⤵
    PID:3640
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-JO /grant everyone:(f)
    3⤵
    PID:4908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW /grant everyone:(f)
  2⤵
  PID:840
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW
    3⤵
    PID:1864
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-KW /grant everyone:(f)
    3⤵
    PID:4876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB /grant everyone:(f)
  2⤵
  PID:468
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB
    3⤵
    PID:4020
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-LB /grant everyone:(f)
    3⤵
    PID:1768
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY /grant everyone:(f)
  2⤵
  PID:3752
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY
    3⤵
    PID:1516
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-LY /grant everyone:(f)
    3⤵
    PID:2068
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA /grant everyone:(f)
  2⤵
  PID:8
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA
    3⤵
    PID:3380
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-MA /grant everyone:(f)
    3⤵
    PID:440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM /grant everyone:(f)
  2⤵
  PID:5112
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM
    3⤵
    - Modifies file permissions
    PID:1924
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-OM /grant everyone:(f)
    3⤵
    PID:2472
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA /grant everyone:(f)
  2⤵
  PID:5072
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA
    3⤵
    PID:532
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-QA /grant everyone:(f)
    3⤵
    PID:1656
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA /grant everyone:(f)
  2⤵
  PID:448
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA
    3⤵
    PID:3696
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-SA /grant everyone:(f)
    3⤵
    PID:2732
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY /grant everyone:(f)
  2⤵
  PID:2964
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY
    3⤵
    PID:4016
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-SY /grant everyone:(f)
    3⤵
    PID:1652
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN /grant everyone:(f)
  2⤵
  PID:3056
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN
    3⤵
    PID:324
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-TN /grant everyone:(f)
    3⤵
    PID:4992
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE /grant everyone:(f)
  2⤵
  PID:4456
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE
    3⤵
    PID:4256
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ar-YE /grant everyone:(f)
    3⤵
    PID:2372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ /grant everyone:(f)
  2⤵
  PID:1900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ
    3⤵
    PID:4140
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\az-Latn-AZ /grant everyone:(f)
    3⤵
    PID:4260
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG && icacls C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG /grant everyone:(f)
  2⤵
  PID:3588
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG
    3⤵
    PID:4500
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\bg-BG /grant everyone:(f)
    3⤵
    PID:232
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD && icacls C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD /grant everyone:(f)
  2⤵
  PID:2092
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD
    3⤵
    - Possible privilege escalation attempt
    PID:216
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\bn-BD /grant everyone:(f)
    3⤵
    PID:3444
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES /grant everyone:(f)
  2⤵
  PID:1728
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES
    3⤵
    PID:404
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ca-ES /grant everyone:(f)
    3⤵
    PID:3888
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ /grant everyone:(f)
  2⤵
  PID:4900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ
    3⤵
    PID:4844
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\cs-CZ /grant everyone:(f)
    3⤵
    PID:2916
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\da-DK && icacls C:\Users\Admin\AppData\Local\Microsoft\input\da-DK /grant everyone:(f)
  2⤵
  PID:3832
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\da-DK
    3⤵
    PID:3200
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\da-DK /grant everyone:(f)
    3⤵
    PID:1312
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-AT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-AT /grant everyone:(f)
  2⤵
  PID:3132
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-AT
    3⤵
    PID:3936
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-AT /grant everyone:(f)
    3⤵
    PID:4700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-CH && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-CH /grant everyone:(f)
  2⤵
  PID:3372
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-CH
    3⤵
    PID:3508
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-CH /grant everyone:(f)
    3⤵
    PID:2640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-DE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-DE /grant everyone:(f)
  2⤵
  PID:2452
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-DE
    3⤵
    PID:3680
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-DE /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:3792
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-LI && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-LI /grant everyone:(f)
  2⤵
  PID:4244
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-LI
    3⤵
    PID:4484
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-LI /grant everyone:(f)
    3⤵
    PID:1768
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-LU && icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-LU /grant everyone:(f)
  2⤵
  PID:4284
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\de-LU
    3⤵
    PID:3448
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\de-LU /grant everyone:(f)
    3⤵
    PID:336
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\el-GR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\el-GR /grant everyone:(f)
  2⤵
  PID:3520
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\el-GR
    3⤵
    PID:2152
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\el-GR /grant everyone:(f)
    3⤵
    PID:2196
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-029 && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-029 /grant everyone:(f)
  2⤵
  PID:1924
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-029
    3⤵
    PID:1380
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-029 /grant everyone:(f)
    3⤵
    PID:2816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-AU && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-AU /grant everyone:(f)
  2⤵
  PID:1656
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-AU
    3⤵
    PID:1724
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-AU /grant everyone:(f)
    3⤵
    PID:4808
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ /grant everyone:(f)
  2⤵
  PID:3732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ
    3⤵
    PID:4136
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-BZ /grant everyone:(f)
    3⤵
    PID:2032
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-CA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-CA /grant everyone:(f)
  2⤵
  PID:920
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-CA
    3⤵
    PID:4016
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-CA /grant everyone:(f)
    3⤵
    PID:1036
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-GB && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-GB /grant everyone:(f)
  2⤵
  PID:4464
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-GB
    3⤵
    PID:3840
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-GB /grant everyone:(f)
    3⤵
    PID:4848
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-HK && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-HK /grant everyone:(f)
  2⤵
  PID:2920
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-HK
    3⤵
    PID:4456
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-HK /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:4060
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ID && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ID /grant everyone:(f)
  2⤵
  PID:1164
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ID
    3⤵
    - Possible privilege escalation attempt
    PID:544
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ID /grant everyone:(f)
    3⤵
    PID:4752
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-IE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-IE /grant everyone:(f)
  2⤵
  PID:2932
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-IE
    3⤵
    PID:452
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-IE /grant everyone:(f)
    3⤵
    PID:4356
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-IN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-IN /grant everyone:(f)
  2⤵
  PID:3992
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-IN
    3⤵
    PID:2268
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-IN /grant everyone:(f)
    3⤵
    PID:952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-JM && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-JM /grant everyone:(f)
  2⤵
  PID:4144
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-JM
    3⤵
    PID:2888
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-JM /grant everyone:(f)
    3⤵
    PID:1532
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-MY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-MY /grant everyone:(f)
  2⤵
  PID:1352
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-MY
    3⤵
    PID:4900
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-MY /grant everyone:(f)
    3⤵
    PID:3120
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ /grant everyone:(f)
  2⤵
  PID:1616
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ
    3⤵
    PID:4360
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-NZ /grant everyone:(f)
    3⤵
    PID:3476
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-SG && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-SG /grant everyone:(f)
  2⤵
  PID:3936
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-SG
    3⤵
    PID:4920
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-SG /grant everyone:(f)
    3⤵
    PID:4908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-TT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-TT /grant everyone:(f)
  2⤵
  PID:1936
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-TT
    3⤵
    PID:5116
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-TT /grant everyone:(f)
    3⤵
    PID:4960
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA /grant everyone:(f)
  2⤵
  PID:3680
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA
    3⤵
    PID:4876
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ZA /grant everyone:(f)
    3⤵
    PID:3512
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW && icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW /grant everyone:(f)
  2⤵
  PID:3712
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW
    3⤵
    PID:1912
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\en-ZW /grant everyone:(f)
    3⤵
    PID:732
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-419 && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-419 /grant everyone:(f)
  2⤵
  PID:2412
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-419
    3⤵
    PID:4608
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-419 /grant everyone:(f)
    3⤵
    PID:208
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-AR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-AR /grant everyone:(f)
  2⤵
  PID:4428
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-AR
    3⤵
    PID:2152
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-AR /grant everyone:(f)
    3⤵
    PID:3716
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-BO && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-BO /grant everyone:(f)
  2⤵
  PID:3568
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-BO
    3⤵
    PID:396
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-BO /grant everyone:(f)
    3⤵
    PID:2356
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CL && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CL /grant everyone:(f)
  2⤵
  PID:1724
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CL
    3⤵
    PID:1968
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CL /grant everyone:(f)
    3⤵
    PID:4404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CO && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CO /grant everyone:(f)
  2⤵
  PID:1200
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CO
    3⤵
    PID:4280
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CO /grant everyone:(f)
    3⤵
    PID:2244
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CR /grant everyone:(f)
  2⤵
  PID:1624
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-CR
    3⤵
    PID:1036
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-CR /grant everyone:(f)
    3⤵
    PID:324
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-DO && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-DO /grant everyone:(f)
  2⤵
  PID:4692
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-DO
    3⤵
    PID:4884
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-DO /grant everyone:(f)
    3⤵
    PID:1888
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-EC && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-EC /grant everyone:(f)
  2⤵
  PID:3952
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-EC
    3⤵
    PID:3460
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-EC /grant everyone:(f)
    3⤵
    PID:2540
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-ES && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-ES /grant everyone:(f)
  2⤵
  PID:1900
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-ES
    3⤵
    PID:4604
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-ES /grant everyone:(f)
    3⤵
    PID:4028
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-GT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-GT /grant everyone:(f)
  2⤵
  PID:936
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-GT
    3⤵
    PID:228
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-GT /grant everyone:(f)
    3⤵
    PID:4944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-HN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-HN /grant everyone:(f)
  2⤵
  PID:2268
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-HN
    3⤵
    PID:2592
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-HN /grant everyone:(f)
    3⤵
    PID:5060
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-MX && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-MX /grant everyone:(f)
  2⤵
  PID:916
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-MX
    3⤵
    PID:2348
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-MX /grant everyone:(f)
    3⤵
    PID:2184
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-NI && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-NI /grant everyone:(f)
  2⤵
  PID:3120
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-NI
    3⤵
    PID:5012
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-NI /grant everyone:(f)
    3⤵
    PID:4360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PA /grant everyone:(f)
  2⤵
  PID:1392
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PA
    3⤵
    PID:3088
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PA /grant everyone:(f)
    3⤵
    PID:4700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PE /grant everyone:(f)
  2⤵
  PID:4908
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PE
    3⤵
    PID:2420
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PE /grant everyone:(f)
    3⤵
    PID:3508
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PR /grant everyone:(f)
  2⤵
  PID:3452
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PR
    3⤵
    PID:4452
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PR /grant everyone:(f)
    3⤵
    PID:3156
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PY /grant everyone:(f)
  2⤵
  PID:1424
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-PY
    3⤵
    PID:4020
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-PY /grant everyone:(f)
    3⤵
    PID:2068
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-SV && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-SV /grant everyone:(f)
  2⤵
  PID:4336
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-SV
    3⤵
    PID:4180
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-SV /grant everyone:(f)
    3⤵
    PID:3608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-US && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-US /grant everyone:(f)
  2⤵
  PID:2412
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-US
    3⤵
    PID:2468
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-US /grant everyone:(f)
    3⤵
    PID:2152
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-UY && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-UY /grant everyone:(f)
  2⤵
  PID:3380
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-UY
    3⤵
    PID:532
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-UY /grant everyone:(f)
    3⤵
    PID:2472
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-VE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-VE /grant everyone:(f)
  2⤵
  PID:2356
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\es-VE
    3⤵
    PID:5072
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\es-VE /grant everyone:(f)
    3⤵
    PID:2320
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\et-EE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\et-EE /grant everyone:(f)
  2⤵
  PID:3160
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\et-EE
    3⤵
    PID:1968
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\et-EE /grant everyone:(f)
    3⤵
    PID:3748
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES && icacls C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES /grant everyone:(f)
  2⤵
  PID:540
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES
    3⤵
    PID:2244
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\eu-ES /grant everyone:(f)
    3⤵
    - Possible privilege escalation attempt
    PID:3416
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR /grant everyone:(f)
  2⤵
  PID:760
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR
    3⤵
    PID:1036
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fa-IR /grant everyone:(f)
    3⤵
    PID:704
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI /grant everyone:(f)
  2⤵
  PID:2416
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI
    3⤵
    PID:4200
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fi-FI /grant everyone:(f)
    3⤵
    PID:812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-029 && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-029 /grant everyone:(f)
  2⤵
  PID:4760
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-029
    3⤵
    PID:3460
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-029 /grant everyone:(f)
    3⤵
    PID:3220
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE /grant everyone:(f)
  2⤵
  PID:644
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE
    3⤵
    PID:4140
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-BE /grant everyone:(f)
    3⤵
    PID:4500
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA /grant everyone:(f)
  2⤵
  PID:3444
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA
    3⤵
    PID:4708
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CA /grant everyone:(f)
    3⤵
    PID:2012
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD /grant everyone:(f)
  2⤵
  PID:1728
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD
    3⤵
    PID:1028
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CD /grant everyone:(f)
    3⤵
    PID:4144
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH /grant everyone:(f)
  2⤵
  PID:1940
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH
    3⤵
    PID:404
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CH /grant everyone:(f)
    3⤵
    PID:1932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI /grant everyone:(f)
  2⤵
  PID:3516
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI
    3⤵
    PID:4716
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CI /grant everyone:(f)
    3⤵
    PID:3476
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM /grant everyone:(f)
  2⤵
  PID:556
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM
    3⤵
    PID:3088
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-CM /grant everyone:(f)
    3⤵
    PID:3132
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR /grant everyone:(f)
  2⤵
  PID:1640
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR
    3⤵
    PID:2528
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-FR /grant everyone:(f)
    3⤵
    PID:4524
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT /grant everyone:(f)
  2⤵
  PID:4876
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT
    3⤵
    PID:3728
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-HT /grant everyone:(f)
    3⤵
    PID:3156
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU /grant everyone:(f)
  2⤵
  PID:3932
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU
    3⤵
    PID:5076
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-LU /grant everyone:(f)
    3⤵
    PID:4248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA /grant everyone:(f)
  2⤵
  PID:2004
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA
    3⤵
    PID:2256
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-MA /grant everyone:(f)
    3⤵
    PID:1912
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC /grant everyone:(f)
  2⤵
  PID:8
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC
    3⤵
    PID:3752
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-MC /grant everyone:(f)
    3⤵
    PID:4396
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML /grant everyone:(f)
  2⤵
  PID:2152
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML
    3⤵
    PID:2816
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-ML /grant everyone:(f)
    3⤵
    PID:3380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE /grant everyone:(f)
  2⤵
  PID:396
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE
    3⤵
    PID:3048
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-RE /grant everyone:(f)
    3⤵
    PID:1032
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN /grant everyone:(f)
  2⤵
  PID:4136
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN
    3⤵
    PID:4964
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\fr-SN /grant everyone:(f)
    3⤵
    PID:1676
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES && icacls C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES /grant everyone:(f)
  2⤵
  PID:764
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES
    3⤵
    PID:4932
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\gl-ES /grant everyone:(f)
    3⤵
    PID:3212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG /grant everyone:(f)
  2⤵
  PID:1036
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG
    3⤵
    PID:1624
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ha-Latn-NG /grant everyone:(f)
    3⤵
    PID:4464
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\he-IL && icacls C:\Users\Admin\AppData\Local\Microsoft\input\he-IL /grant everyone:(f)
  2⤵
  PID:376
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\he-IL
    3⤵
    PID:4692
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\he-IL /grant everyone:(f)
    3⤵
    PID:4256
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN /grant everyone:(f)
  2⤵
  PID:4600
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN
    3⤵
    PID:2920
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hi-IN /grant everyone:(f)
    3⤵
    PID:4604
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA /grant everyone:(f)
  2⤵
  PID:4140
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA
    3⤵
    PID:452
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hr-BA /grant everyone:(f)
    3⤵
    PID:4944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR /grant everyone:(f)
  2⤵
  PID:3588
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR
    3⤵
    PID:1044
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hr-HR /grant everyone:(f)
    3⤵
    - Possible privilege escalation attempt
    PID:4552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU /grant everyone:(f)
  2⤵
  PID:1560
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU
    3⤵
    PID:1784
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hu-HU /grant everyone:(f)
    3⤵
    PID:2348
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM && icacls C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM /grant everyone:(f)
  2⤵
  PID:404
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM
    3⤵
    PID:5056
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\hy-AM /grant everyone:(f)
    3⤵
    PID:2140
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\id-ID && icacls C:\Users\Admin\AppData\Local\Microsoft\input\id-ID /grant everyone:(f)
  2⤵
  PID:2684
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\id-ID
    3⤵
    PID:4360
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\id-ID /grant everyone:(f)
    3⤵
    PID:3472
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\it-CH && icacls C:\Users\Admin\AppData\Local\Microsoft\input\it-CH /grant everyone:(f)
  2⤵
  PID:3088
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\it-CH
    3⤵
    PID:2236
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\it-CH /grant everyone:(f)
    3⤵
    PID:2360
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\it-IT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\it-IT /grant everyone:(f)
  2⤵
  PID:3968
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\it-IT
    3⤵
    PID:2892
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\it-IT /grant everyone:(f)
    3⤵
    - Modifies file permissions
    PID:5116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE && icacls C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE /grant everyone:(f)
  2⤵
  PID:3728
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE
    3⤵
    PID:3512
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\ka-GE /grant everyone:(f)
    3⤵
    PID:4372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ && icacls C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ /grant everyone:(f)
  2⤵
  PID:3792
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ
    3⤵
    PID:1768
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\kk-KZ /grant everyone:(f)
    3⤵
    PID:4336
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT && icacls C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT /grant everyone:(f)
  2⤵
  PID:732
- - C:\Windows\system32\takeown.exe
    takeown /f C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT
    3⤵
    PID:1988
- - C:\Windows\system32\icacls.exe
    icacls C:\Users\Admin\AppData\Local\Microsoft\input\lt-LT /grant everyone:(f)
    3⤵
    PID:2168