Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
01/12/2024, 15:23
General
-
Target
c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe
-
Size
7.7MB
-
MD5
c30a14b595fa334084cd32fa60b3c827
-
SHA1
3cd04b60b329388059cf58ce3ee6996559123cfa
-
SHA256
c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a
-
SHA512
7e244b3d45874d4cbecf53c6c404cd5681879a776b4a5710327c88d7888b61bdfafd17d462244b9ae8235955d8df148da72215ea61514c01585e4d0132ece9a8
-
SSDEEP
98304:YLraiumim2uZeGEWyOdLQvu6zer0NGBJMV1ZAU6tSOsN:2Imim2uZ8pvW6fAJMVd6M/N
Score
9/10
Malware Config
Signatures
-
Renames multiple (1574) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Modifies file permissions 1 TTPs 64 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe"C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Windows\servicing\TrustedInstaller.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Windows\servicing\TrustedInstaller.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpnr.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpnr.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Temp\c9f71fc4f385a4469438ef053e208065431b123e676c17b65d84b6c69ef6748a.exe3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrespsh.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwritash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mraut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mraut.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mraut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mraut.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mraut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mraut.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mraut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mraut.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mraut.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrfrash.dat"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\Accessories\wordpad.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\Accessories\wordpad.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\Accessories\wordpad.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\Accessories\wordpad.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\Accessories\wordpad.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\Accessories\wordpad.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\Accessories\wordpad.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\Accessories\wordpad.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\ImagingEngine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\ImagingEngine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\ImagingEngine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\ImagingEngine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\ImagingEngine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\ImagingEngine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\ImagingEngine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\ImagingEngine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeslm.dat"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\ImagingEngine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Media Player\setup_wm.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Media Player\setup_wm.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Media Player\setup_wm.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Media Player\setup_wm.exe"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Media Player\setup_wm.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Media Player\setup_wm.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Media Player\setup_wm.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Media Player\setup_wm.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Media Player\setup_wm.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\micaut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\micaut.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\micaut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\micaut.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\micaut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\micaut.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\micaut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\micaut.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoAcq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mip.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrdeusymnn.dat"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\micaut.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\ado\msado15.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\ado\msado15.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\ado\msado15.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\ado\msado15.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\ado\msado15.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\ado\msado15.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\ado\msado15.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\ado\msado15.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\imjplm.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\imjplm.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\imjplm.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\imjplm.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\imjplm.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\imjplm.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\imjplm.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\imjplm.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\imjplm.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\ado\msado15.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwLatin.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\TileCache_100_0_Data.bin3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform\L.Admin\ActivitiesCache.db3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\wab32res.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\wab32res.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32res.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32res.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\wab32res.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\wab32res.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32res.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32res.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32res.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32res.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32res.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32res.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\wab32res.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\wab32res.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\wab32res.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\wab32res.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Media Player\wmpnetwk.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Media Player\wmpnetwk.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Media Player\wmpnetwk.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Media Player\wmpnetwk.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Media Player\wmpnetwk.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Media Player\wmpnetwk.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows Media Player\wmpnetwk.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows Media Player\wmpnetwk.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\oledb32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\wab32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\wab32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\wab32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\wab32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\wab32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\wab32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\wab32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\wab32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\sqloledb.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Internet Explorer\iexplore.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Internet Explorer\iexplore.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Internet Explorer\iexplore.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Internet Explorer\iexplore.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Internet Explorer\iexplore.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\wab32.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\Ole DB\msdasql.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\msadc\msadce.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\msadc\msadce.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\msadc\msadce.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\msadc\msadce.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\msadc\msadce.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\msadc\msadce.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\System\msadc\msadce.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\System\msadc\msadce.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextService.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextService.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextService.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextService.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextService.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextService.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextService.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Windows NT\TableTextService\TableTextService.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\ProgramData\Microsoft\Windows\ClipSVC\tokens.dat3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\Ole DB\msdasql.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Windows NT\TableTextService\TableTextService.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao360.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\System\msadc\msadce.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\GameDVR\KnownGameList.bin3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll"3⤵
- Modifies file permissions
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000001.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000001.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000001.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000001.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000001.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000001.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000001.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000001.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000002.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000002.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000002.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000002.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000002.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000002.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000002.regtrans-ms2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F C:\Users\Admin\AppData\Local\Microsoft\Windows\UsrClass.dat{3484f5f4-84c7-11ef-b9a4-46b98598d6ff}.TMContainer00000000000000000002.regtrans-ms3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll"2⤵
-
C:\Windows\system32\takeown.exeTAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /C TAKEOWN /F "C:\Program Files (x86)\Common Files\Microsoft Shared\ink\mshwjpn.dll"2⤵
-