Analysis
-
max time kernel
900s -
max time network
901s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
26/03/2025, 22:27
General
-
Target
http://google,com
Malware Config
Signatures
-
UAC bypass 3 TTPs 3 IoCs
-
Downloads MZ/PE file 11 IoCs
-
Drops file in Drivers directory 64 IoCs
-
Manipulates Digital Signatures 4 IoCs
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Possible privilege escalation attempt 64 IoCs
-
Boot or Logon Autostart Execution: Print Processors 1 TTPs 1 IoCs
Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.
-
Checks BIOS information in registry 2 TTPs 6 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 7 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 33 IoCs
-
Loads dropped DLL 64 IoCs
-
Modifies file permissions 1 TTPs 64 IoCs
-
Obfuscated with Agile.Net obfuscator 3 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Drops desktop.ini file(s) 33 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
-
Power Settings 1 TTPs 6 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops autorun.inf file 1 TTPs 3 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory 64 IoCs
-
Modifies termsrv.dll 1 TTPs 1 IoCs
Commonly used to allow simultaneous RDP sessions.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 24 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 8 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks SCSI registry key(s) 3 TTPs 22 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Kills process with taskkill 6 IoCs
-
Modifies Internet Explorer settings 1 TTPs 7 IoCs
-
Modifies data under HKEY_USERS 8 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: AddClipboardFormatListener 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 34 IoCs
-
Suspicious use of SetWindowsHookEx 43 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 6 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google,com1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x2b8,0x7ff81177f208,0x7ff81177f214,0x7ff81177f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1944,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:32⤵
- Downloads MZ/PE file
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2056,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=2740 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3468,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4968,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4852,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4832,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6068,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5168,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6268,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6076,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=4868,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6760,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=3664,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6940,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7024,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7004 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3648,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5064,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6788,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7220 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6784,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7296,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7536 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7504,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7520,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5580,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5404,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5012,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=788,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7264 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7796,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7528 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7392,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7556 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7792,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7396,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3620,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=6864,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=3740,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6808,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8024 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=6112,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=7080,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=6224,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=7956,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=7508,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7516,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=7220,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=4924 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6896,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8032 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5988,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7084,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=6456,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=8076,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --always-read-main-dll --field-trial-handle=6488,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=8472,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=8128,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=5548,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8624,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8556 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8600,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7804 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\pw-free-online.exe"C:\Users\Admin\Downloads\pw-free-online.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\is-ILU5K.tmp\pw-free-online.tmp"C:\Users\Admin\AppData\Local\Temp\is-ILU5K.tmp\pw-free-online.tmp" /SL5="$103C2,2294223,1148928,C:\Users\Admin\Downloads\pw-free-online.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /f /im "updatechecker.exe"4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\is-2HSP1.tmp\SmDownloader.exe"C:\Users\Admin\AppData\Local\Temp\is-2HSP1.tmp\SmDownloader.exe" /HWND:263138 /PATH:"C:\Program Files\MiniTool Partition Wizard 12" /URL:https://www.partitionwizard.com/download/online-setup-config/pwfree-v12.ini /VERYSILENT /USERMSG:1450 /LANG:english4⤵
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\pwfree-64bit-online.exeC:\Users\Admin\AppData\Local\Temp\pwfree-64bit-online.exe /VERYSILENT /DIR="C:\Program Files\MiniTool Partition Wizard 12" /LANG=english5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\is-7J7KC.tmp\pwfree-64bit-online.tmp"C:\Users\Admin\AppData\Local\Temp\is-7J7KC.tmp\pwfree-64bit-online.tmp" /SL5="$3033C,38756015,1148928,C:\Users\Admin\AppData\Local\Temp\pwfree-64bit-online.exe" /VERYSILENT /DIR="C:\Program Files\MiniTool Partition Wizard 12" /LANG=english6⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe"C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe" /createtask7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\is-2HSP1.tmp\SmDownloader.exe"C:\Users\Admin\AppData\Local\Temp\is-2HSP1.tmp\SmDownloader.exe" /HWND:263138 /PATH:"C:\Program Files\MiniTool Partition Wizard 12\..\MiniTool ShadowMaker" /URL:https://www.partitionwizard.com/download/online-setup-config/pwfree-v12-bundle-sm.ini /VERYSILENT /USERMSG:1439 /LANG:english4⤵
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\pw_sm_setup_x64.exeC:\Users\Admin\AppData\Local\Temp\pw_sm_setup_x64.exe /VERYSILENT /DIR="C:\Program Files\MiniTool Partition Wizard 12\..\MiniTool ShadowMaker" /LANG=english5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\is-AH24J.tmp\pw_sm_setup_x64.tmp"C:\Users\Admin\AppData\Local\Temp\is-AH24J.tmp\pw_sm_setup_x64.tmp" /SL5="$70368,210313111,268800,C:\Users\Admin\AppData\Local\Temp\pw_sm_setup_x64.exe" /VERYSILENT /DIR="C:\Program Files\MiniTool Partition Wizard 12\..\MiniTool ShadowMaker" /LANG=english6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\taskkill.exe"taskkill.exe" /f /im "SchedulerService.exe"7⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exe"taskkill.exe" /f /im "AgentService.exe"7⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\MiniTool ShadowMaker\testOpenGL.exe"C:\Program Files\MiniTool ShadowMaker\testOpenGL.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\MiniTool ShadowMaker\initsrv.exe"C:\Program Files\MiniTool ShadowMaker\initsrv.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\MiniTool ShadowMaker\BootTrigger.exe"C:\Program Files\MiniTool ShadowMaker\BootTrigger.exe" "C:\Program Files\MiniTool ShadowMaker\SMMonitor.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\MiniTool ShadowMaker\experience.exe"C:\Program Files\MiniTool ShadowMaker\experience.exe" http://tracking.minitool.com/backup/installation.html?mt_lang=en&mt_edition=pw-trial&mt_ver=4.6.07⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exeC:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe https://tracking.minitool.com/backup/installation.html?mt_lang=en&mt_edition=pw-trial&mt_ver=4.6.08⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=experience_01.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --mojo-named-platform-channel-pipe=5096.1952.104598478103608312649⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x1a4,0x1a8,0x180,0x1b0,0x7fffe9a5b078,0x7fffe9a5b084,0x7fffe9a5b09010⤵
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView" --webview-exe-name=experience_01.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1848,i,6977792846872512465,14829670612541318790,262144 --variations-seed-version --mojo-platform-channel-handle=1840 /prefetch:210⤵
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView" --webview-exe-name=experience_01.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --always-read-main-dll --field-trial-handle=2084,i,6977792846872512465,14829670612541318790,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:310⤵
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView" --webview-exe-name=experience_01.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --always-read-main-dll --field-trial-handle=2388,i,6977792846872512465,14829670612541318790,262144 --variations-seed-version --mojo-platform-channel-handle=2404 /prefetch:810⤵
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView" --webview-exe-name=experience_01.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3628,i,6977792846872512465,14829670612541318790,262144 --variations-seed-version --mojo-platform-channel-handle=3648 /prefetch:110⤵
-
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView" --webview-exe-name=experience_01.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=4700,i,6977792846872512465,14829670612541318790,262144 --variations-seed-version --mojo-platform-channel-handle=4792 /prefetch:110⤵
-
-
-
-
-
C:\Program Files\MiniTool ShadowMaker\AgentService.exe"C:\Program Files\MiniTool ShadowMaker\AgentService.exe" -i7⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\MiniTool ShadowMaker\AgentService.exe"C:\Program Files\MiniTool ShadowMaker\AgentService.exe" -s7⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe"C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe" -i7⤵
- Executes dropped EXE
-
-
C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe"C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe" -s7⤵
- Executes dropped EXE
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.partitionwizard.com/feedback/install-partition-wizard.html?from-free-v12094⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://www.partitionwizard.com/feedback/install-partition-wizard.html?from-free-v12095⤵
-
-
-
C:\Program Files\MiniTool Partition Wizard 12\experience.exe"C:\Program Files\MiniTool Partition Wizard 12\experience.exe" http://tracking.minitool.com/pw/installation.php?from=pwfree124⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exeC:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe https://tracking.minitool.com/pw/installation.php?from=pwfree125⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=experience_01.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --mojo-named-platform-channel-pipe=6848.6916.114850378825803985136⤵
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\MinitoolLimited\experience_01.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x1a4,0x1a8,0x1ac,0x180,0x1b4,0x7fffe9a5b078,0x7fffe9a5b084,0x7fffe9a5b0907⤵
-
-
-
-
-
C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe"C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe"4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=8636,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6636,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8488 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8460,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8512 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=5016,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=8480,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=8588,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=8896,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=7476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=6140,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=7468,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8992,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9020 /prefetch:82⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\LOVE-LETTER-FOR-YOU.TXT.vbs"2⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=7500,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4952,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=8112 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9252,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9268 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=7068,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9100,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9304 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9400,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9344 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=9036,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9112,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9384 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=9160,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9596,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9380 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7576,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9604 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9668,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9488 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8544,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8724,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9704 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\Bonzify (4).exe"C:\Users\Admin\Downloads\Bonzify (4).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im AgentSvr.exe4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\takeown.exetakeown /r /d y /f C:\Windows\MsAgent4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\MsAgent /c /t /grant "everyone":(f)4⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\f\mmc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\f\mmc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\f\mmc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\mmc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\mmc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\mmc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\r\mmc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\r\mmc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-management-console_31bf3856ad364e35_10.0.19041.746_none_ed6c95dcd471837f\r\mmc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_fa40f4e1dd1492a8\odbcad32.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_fa40f4e1dd1492a8\odbcad32.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..-odbc-administrator_31bf3856ad364e35_10.0.19041.1_none_fa40f4e1dd1492a8\odbcad32.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.19041.1_none_260e545bf60f6b0f\cliconfg.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.19041.1_none_260e545bf60f6b0f\cliconfg.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ac-sql-cliconfg-exe_31bf3856ad364e35_10.0.19041.1_none_260e545bf60f6b0f\cliconfg.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\f\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\f\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\f\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\r\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\r\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\r\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\f\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\f\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\f\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\r\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\r\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\r\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.19041.1_none_80036e190af52e7c\MbaeParserTask.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.19041.1_none_80036e190af52e7c\MbaeParserTask.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.19041.1_none_80036e190af52e7c\MbaeParserTask.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqbkup.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqbkup.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqbkup.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqbkup.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqbkup.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqbkup.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqbkup.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqbkup.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqbkup.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqsvc.exe"4⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqbkup.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqbkup.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqbkup.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.1_none_108b025daaa0a06f\mblctr.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.1_none_108b025daaa0a06f\mblctr.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.1_none_108b025daaa0a06f\mblctr.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\f\mblctr.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\f\mblctr.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\f\mblctr.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\mblctr.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\mblctr.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\mblctr.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\r\mblctr.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\r\mblctr.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\r\mblctr.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\f\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\f\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\f\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\r\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\r\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\r\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\f\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\f\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\f\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q3⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"4⤵
-
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver4⤵
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\r\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\r\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\r\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.19041.1_none_597912734561c5f4\ucsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.19041.1_none_597912734561c5f4\ucsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.19041.1_none_597912734561c5f4\ucsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\doskey.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\doskey.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\doskey.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\find.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\find.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\find.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\replace.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\replace.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\replace.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\subst.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\subst.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\subst.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\doskey.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\doskey.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\doskey.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\doskey.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\doskey.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\doskey.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\find.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\find.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\find.exe" /grant "everyone":(f)4⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\print.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\print.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\print.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\replace.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\replace.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\replace.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\subst.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\subst.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\subst.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\find.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\find.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\find.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\print.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\print.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\print.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\doskey.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\doskey.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\doskey.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\find.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\find.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\find.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\print.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\print.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\print.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\replace.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\replace.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\replace.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\subst.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\subst.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\subst.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\replace.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\replace.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\replace.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\subst.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\subst.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\subst.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\f\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\f\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\f\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\r\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\r\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\r\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\f\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\f\wmprph.exe"4⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\f\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\r\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\r\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\r\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.1_none_2318682da2c7a3ea\PresentationSettings.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.1_none_2318682da2c7a3ea\PresentationSettings.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.1_none_2318682da2c7a3ea\PresentationSettings.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\f\PresentationSettings.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\f\PresentationSettings.exe"4⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\f\PresentationSettings.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\PresentationSettings.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\PresentationSettings.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\PresentationSettings.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\r\PresentationSettings.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\r\PresentationSettings.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\r\PresentationSettings.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.19041.1_none_c367e800917abc7d\odbcconf.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.19041.1_none_c367e800917abc7d\odbcconf.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.19041.1_none_c367e800917abc7d\odbcconf.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\f\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\f\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\f\Magnify.exe" /grant "everyone":(f)4⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\r\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\r\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\r\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\f\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\f\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\f\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\r\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\r\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\r\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.207_none_cef5032ec7ecd573\makecab.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.207_none_cef5032ec7ecd573\makecab.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.207_none_cef5032ec7ecd573\makecab.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\f\makecab.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\f\makecab.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\f\makecab.exe" /grant "everyone":(f)4⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\makecab.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\makecab.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\makecab.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\r\makecab.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\r\makecab.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\r\makecab.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\f\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\f\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\f\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\r\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\r\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\r\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\f\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\f\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\f\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\r\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\r\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\r\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\f\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\f\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\f\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\r\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\r\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\r\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\f\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\f\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\f\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\r\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\r\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\r\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\f\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\f\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\f\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\r\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\r\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\r\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\f\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\f\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\f\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\r\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\r\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\r\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\f\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\f\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\f\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q3⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll4⤵
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\r\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\r\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\r\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\f\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\f\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\f\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\r\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\r\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\r\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.1288_none_1126d5c5c1f1669c\mfpmp.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.1288_none_1126d5c5c1f1669c\mfpmp.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.1288_none_1126d5c5c1f1669c\mfpmp.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.4355_none_11194f05c1fbe11a\mfpmp.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.4355_none_11194f05c1fbe11a\mfpmp.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.4355_none_11194f05c1fbe11a\mfpmp.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\f\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\f\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\f\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\r\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\r\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\r\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\wmlaunch.exe"4⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\f\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\f\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\f\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\r\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\r\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\r\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpshare.exe" /grant "everyone":(f)4⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpshare.exe" /grant "everyone":(f)4⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmplayer.exe" /grant "everyone":(f)4⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\f\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\f\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\f\logagent.exe" /grant "everyone":(f)4⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\r\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\r\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\r\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\f\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\f\logagent.exe"4⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\f\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\logagent.exe"4⤵
-
-
-
-
C:\Users\Admin\Downloads\Bonzify (4).exe"C:\Users\Admin\Downloads\Bonzify (4).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im AgentSvr.exe4⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\takeown.exetakeown /r /d y /f C:\Windows\MsAgent4⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\MsAgent /c /t /grant "everyone":(f)4⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q3⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"4⤵
-
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver4⤵
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\f\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\f\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\f\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\r\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\r\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.4355_none_f388ef5225744e67\r\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q3⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll4⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll4⤵
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\f\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\f\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\f\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\r\EASPolicyManagerBrokerHost.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\r\EASPolicyManagerBrokerHost.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..cymanagerbrokerhost_31bf3856ad364e35_10.0.19041.746_none_5cc81a54cf095c95\r\EASPolicyManagerBrokerHost.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_10.0.19041.1_none_49c7a9c019150ac4\MdSched.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.19041.1_none_80036e190af52e7c\MbaeParserTask.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.19041.1_none_80036e190af52e7c\MbaeParserTask.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..erience-parser-task_31bf3856ad364e35_10.0.19041.1_none_80036e190af52e7c\MbaeParserTask.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqbkup.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqbkup.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqbkup.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.1_none_98fad53f878bc04c\mqsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqbkup.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqbkup.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqbkup.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\f\mqsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqbkup.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqbkup.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqbkup.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\mqsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqbkup.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqbkup.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqbkup.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_10.0.19041.4123_none_57d6b40f9d5ab93f\r\mqsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.1_none_108b025daaa0a06f\mblctr.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.1_none_108b025daaa0a06f\mblctr.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.1_none_108b025daaa0a06f\mblctr.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\f\mblctr.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\f\mblctr.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\f\mblctr.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\mblctr.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\mblctr.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\mblctr.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\r\mblctr.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\r\mblctr.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_10.0.19041.4355_none_cf5414a3c07d508b\r\mblctr.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\f\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\f\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\f\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\r\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\r\FsIso.exe"4⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.1266_none_2a87945d79cbf905\r\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\f\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\f\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\f\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\r\FsIso.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\r\FsIso.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ndation-frameserver_31bf3856ad364e35_10.0.19041.4355_none_2a7be0a179d4d973\r\FsIso.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.19041.1_none_597912734561c5f4\ucsvc.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.19041.1_none_597912734561c5f4\ucsvc.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_10.0.19041.1_none_597912734561c5f4\ucsvc.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\doskey.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\doskey.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\doskey.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\find.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\find.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\find.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\print.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\replace.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\replace.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\replace.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\subst.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\subst.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.1_none_330dfb2b06b21af6\subst.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\doskey.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\doskey.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\doskey.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\doskey.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\doskey.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\doskey.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\find.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\find.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\find.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\print.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\print.exe"4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\replace.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\replace.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\replace.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\subst.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\subst.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\f\subst.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\find.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\find.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\find.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\print.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\print.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\print.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\doskey.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\doskey.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\doskey.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\find.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\find.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\find.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\print.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\print.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\print.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\replace.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\replace.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\replace.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\subst.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\subst.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\r\subst.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\replace.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\replace.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\replace.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\subst.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\subst.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_10.0.19041.3636_none_f1b4846b1ca908b1\subst.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\f\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\f\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\f\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\r\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\r\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\r\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.1266_none_3563a6b72868b6d9\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\f\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\f\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\f\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\r\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\r\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\r\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\wmprph.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\wmprph.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..player-shellpreview_31bf3856ad364e35_10.0.19041.3636_none_353569f5288bd4e6\wmprph.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.1_none_2318682da2c7a3ea\PresentationSettings.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.1_none_2318682da2c7a3ea\PresentationSettings.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.1_none_2318682da2c7a3ea\PresentationSettings.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\f\PresentationSettings.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\f\PresentationSettings.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\f\PresentationSettings.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\PresentationSettings.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\PresentationSettings.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\PresentationSettings.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\r\PresentationSettings.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\r\PresentationSettings.exe"4⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..resentationsettings_31bf3856ad364e35_10.0.19041.4355_none_e1e17a73b8a45406\r\PresentationSettings.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.19041.1_none_c367e800917abc7d\odbcconf.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.19041.1_none_c367e800917abc7d\odbcconf.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-m..s-mdac-odbcconf-exe_31bf3856ad364e35_10.0.19041.1_none_c367e800917abc7d\odbcconf.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\f\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\f\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\f\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\r\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\r\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.1266_none_e2f3aaf24de135ec\r\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\f\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\f\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\f\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\r\Magnify.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\r\Magnify.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-magnify_31bf3856ad364e35_10.0.19041.4355_none_e2e7f7364dea165a\r\Magnify.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.207_none_cef5032ec7ecd573\makecab.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.207_none_cef5032ec7ecd573\makecab.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.207_none_cef5032ec7ecd573\makecab.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\f\makecab.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\f\makecab.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\f\makecab.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\makecab.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\makecab.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\makecab.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\r\makecab.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\r\makecab.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-makecab_31bf3856ad364e35_10.0.19041.3636_none_656718aa1e934d14\r\makecab.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\f\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\f\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\f\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\r\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\r\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.4355_none_4b04e62d87c650f1\r\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\f\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\f\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\f\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\r\mmgaserver.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\r\mmgaserver.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi-mmga_31bf3856ad364e35_10.0.19041.746_none_b4441130315b5f1f\r\mmgaserver.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\f\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\f\fixmapi.exe"4⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\f\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\r\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\r\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.423_none_895925637881788e\r\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\f\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\f\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\f\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\r\fixmapi.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\r\fixmapi.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mapi_31bf3856ad364e35_10.0.19041.4355_none_20076118cef9e5bc\r\fixmapi.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\f\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\f\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\f\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\r\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\r\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.1266_none_b9c280a4d350d170\r\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\f\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\f\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\f\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\r\MDMAgent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\r\MDMAgent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmagent_31bf3856ad364e35_10.0.19041.4355_none_b9b6cce8d359b1de\r\MDMAgent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\f\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\f\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\f\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\r\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\r\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.4355_none_0e68ad565149b5d0\r\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\f\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\f\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\f\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\r\MDMAppInstaller.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\r\MDMAppInstaller.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mdmappinstaller_31bf3856ad364e35_10.0.19041.844_none_77a5d9aafae08e77\r\MDMAppInstaller.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.1288_none_1126d5c5c1f1669c\mfpmp.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.1288_none_1126d5c5c1f1669c\mfpmp.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.1288_none_1126d5c5c1f1669c\mfpmp.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.4355_none_11194f05c1fbe11a\mfpmp.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.4355_none_11194f05c1fbe11a\mfpmp.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediafoundation_31bf3856ad364e35_10.0.19041.4355_none_11194f05c1fbe11a\mfpmp.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\f\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\f\wmlaunch.exe"4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\r\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\r\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\r\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.1266_none_8fc08423f52c1606\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\f\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\f\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\f\wmlaunch.exe" /grant "everyone":(f)4⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\r\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\r\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\r\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\wmlaunch.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\wmlaunch.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-autoplay_31bf3856ad364e35_10.0.19041.3636_none_8f924761f54f3413\wmlaunch.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\f\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\r\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmplayer.exe"3⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.1266_none_802f96a5044b0fbe\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\f\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpconfig.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmplayer.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\r\wmpshare.exe" /grant "everyone":(f)4⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpconfig.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpconfig.exe"4⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpconfig.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmplayer.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmplayer.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmplayer.exe" /grant "everyone":(f)4⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpshare.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpshare.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_10.0.19041.4355_none_8023e2e90453f02c\wmpshare.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\f\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\f\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\f\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\r\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\r\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.3636_none_5fd822fb775d4c55\r\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\f\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\f\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\f\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\r\logagent.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\r\logagent.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-logagent_31bf3856ad364e35_10.0.19041.746_none_c939d70420d81ce4\r\logagent.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\f\setup_wm.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\f\setup_wm.exe"4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\r\setup_wm.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\r\setup_wm.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\r\setup_wm.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\setup_wm.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\setup_wm.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\setup_wm.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\unregmp2.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\unregmp2.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.1266_none_22b99d078bbc3016\unregmp2.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.3636_none_228b60458bdf4e23\f\setup_wm.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.3636_none_228b60458bdf4e23\f\setup_wm.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.3636_none_228b60458bdf4e23\f\setup_wm.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.3636_none_228b60458bdf4e23\r\setup_wm.exe"3⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.3636_none_228b60458bdf4e23\r\setup_wm.exe"4⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.3636_none_228b60458bdf4e23\r\setup_wm.exe" /grant "everyone":(f)4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_10.0.19041.3636_none_228b60458bdf4e23\setup_wm.exe"3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9688,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9712 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9516,i,170648149541824585,15409691592764833804,262144 --variations-seed-version --mojo-platform-channel-handle=9748 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\Windows-Destroyer-1.0\Windows-Destroyer-1.0\destroy.bat"1⤵
- Drops file in Drivers directory
- Manipulates Digital Signatures
- Boot or Logon Autostart Execution: Print Processors
- Drops desktop.ini file(s)
- Drops autorun.inf file
- Drops file in System32 directory
- Modifies termsrv.dll
- Drops file in Windows directory
-
C:\Windows\system32\timeout.exetimeout 52⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Windows-Destroyer-1.0\Windows-Destroyer-1.0\How do I use this.txt1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3ec 0x3041⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
-
C:\Program Files\MiniTool ShadowMaker\AgentService.exe"C:\Program Files\MiniTool ShadowMaker\AgentService.exe"1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe"C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Checks SCSI registry key(s)
-
C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe"C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe"1⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Checks SCSI registry key(s)
-
C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe"C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe"1⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe" C:\Windows\system32\diskmgmt.msc1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\vdsldr.exeC:\Windows\System32\vdsldr.exe -Embedding1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
- Checks SCSI registry key(s)
-
C:\Windows\System32\CScript.exe"C:\Windows\System32\CScript.exe" "C:\Users\Admin\Downloads\LOVE-LETTER-FOR-YOU.TXT.vbs"1⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\LOVE-LETTER-FOR-YOU.TXT.vbs"1⤵
-
C:\Users\Admin\Downloads\MrsMajor3.0.exe"C:\Users\Admin\Downloads\MrsMajor3.0.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\wscript.exe"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\745B.tmp\745C.tmp\745D.vbs //Nologo2⤵
- UAC bypass
- Checks computer location settings
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\745B.tmp\eulascr.exe"C:\Users\Admin\AppData\Local\Temp\745B.tmp\eulascr.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Downloads\MrsMajor3.0.exe"C:\Users\Admin\Downloads\MrsMajor3.0.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\wscript.exe"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\8ED8.tmp\8ED9.tmp\8EDA.vbs //Nologo2⤵
- UAC bypass
- Checks computer location settings
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\8ED8.tmp\eulascr.exe"C:\Users\Admin\AppData\Local\Temp\8ED8.tmp\eulascr.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\Downloads\MrsMajor3.0.exe"C:\Users\Admin\Downloads\MrsMajor3.0.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\wscript.exe"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\986D.tmp\986E.tmp\986F.vbs //Nologo2⤵
- UAC bypass
- Checks computer location settings
- System policy modification
-
C:\Users\Admin\AppData\Local\Temp\986D.tmp\eulascr.exe"C:\Users\Admin\AppData\Local\Temp\986D.tmp\eulascr.exe"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\msagent\AgentSvr.exeC:\Windows\msagent\AgentSvr.exe -Embedding1⤵
-
C:\Users\Admin\Downloads\Bonzify (1).exe"C:\Users\Admin\Downloads\Bonzify (1).exe"1⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"2⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im AgentSvr.exe3⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\takeown.exetakeown /r /d y /f C:\Windows\MsAgent3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\MsAgent /c /t /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\bfsvc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\bfsvc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\bfsvc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Boot\PCAT\memtest.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\Boot\PCAT\memtest.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\Boot\PCAT\memtest.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q2⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"3⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"3⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"3⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"3⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"3⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"3⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"3⤵
-
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver3⤵
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\explorer.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\explorer.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\explorer.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\HelpPane.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\HelpPane.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\HelpPane.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q2⤵
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll3⤵
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll3⤵
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\hh.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\hh.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\hh.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\ImmersiveControlPanel\SystemSettings.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\ImmersiveControlPanel\SystemSettings.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\ImmersiveControlPanel\SystemSettings.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 8402⤵
- Program crash
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\msagent\AgentSvr.exeC:\Windows\msagent\AgentSvr.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 6860 -ip 68601⤵
-
C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe"C:\Users\Admin\Downloads\WinXP.Horror.Destructive (Created By WobbyChip).exe"1⤵
-
C:\Windows\explorer.exeexplorer.exe1⤵
-
C:\Windows\msagent\AgentSvr.exeC:\Windows\msagent\AgentSvr.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Print Processors
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Accessibility Features
1Power Settings
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Print Processors
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Accessibility Features
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Discovery
Browser Information Discovery
1Network Share Discovery
1Peripheral Device Discovery
1Query Registry
7System Information Discovery
7System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
439KB
MD56b1d42ffe257f1612759c94fb4e955ae
SHA148e57d684702644bcc08b5740083bc9db71ef66c
SHA2565f6fec5f428705629fdd5be6061451634b8b4ba1d232b420f153a846ada54897
SHA51223ec082434314a9b9276b5321b5475e2d016cb31933b89b0ad4d2fb76877cba4290d56f04514aed7d2edb7db7e7c6a2a34d9d416b389056a41692be63519d7bf
-
Filesize
3.3MB
MD56ce786000feadb3c9d8553dd4d3898c9
SHA14e67512f449145e04c21b65bd5f1073ff1ae8e9a
SHA2566334f9bca8b2c3b67c4c2941ac31c2eaea0c6c66c1cdf6324a9119320fa6a0c9
SHA512a1b3db1e45ec11f2204ce21059a980f57c2fb99ed3a1cf8039b4a530eff45fd551ba938df219f54365e00c75f3a51d91be2a924c8cead626458d7403d5ac31bd
-
Filesize
4KB
MD5d4befebf3cef129ac087422b9e912788
SHA162313ec73f381c052f2513ca6279cfb5107e98c0
SHA256f425e135aac26b55e2bac655e62e2ce0b16255226c583d9ab43b2e93e8a6d932
SHA5123814e4682cad2ef40061d3d5e8142c964cc73a6c6dfc72ba59cbab0922dd0c7e279703450e3a1f4fcfde3498565bf6ef28a30e7de53a0eda75b3fea76d03929b
-
Filesize
1024B
MD5eb145d5f87ddf43c8bd6f27e97db8bf2
SHA12021c98f81b177d17543ebd34004891183fa3dd4
SHA256a7a0edaf85f70e833fac02d0a416ae56ae2a3593e787f39c25dbb12830ca737c
SHA512b85ff5a038173898b7f96890cb3998034bbcc50301cb31db112eeb04c3a1ed3c6b6d7905e48fc8cfe1fbb058b32e61349653b345bfe25fbfaa2ccffffda031ab
-
Filesize
388KB
MD521bf183c15afe62a8d1137bb9007b2a3
SHA1d656dd1e85d7e8acffdefa9ced5d74bf0b978e39
SHA2562fc3d311969b63a258446488ec75c275d736ded13d74624e1c541f43a72ab483
SHA5128a67833d502edaba077c783dab69a7d8c9155971c409f78cb87948bd4415b7a58410517aced73d6ed7d13a6b975af769aa0623b9dffd9537f5a1ce0248308291
-
Filesize
3.0MB
MD522d9945b4aae36dd59620a918f2e65f4
SHA1bb025cedca07887916c4b7e5fa7a641ed3e30c14
SHA256cd2c00ce027687ce4a8bdc967f26a8ab82f651c9becd703658ba282ec49702bd
SHA512dd2d0ea7d5cf98064838ce0b74711f77534e1a2a14c7f74d44ed4b83acdb6f413d74671d2c6a8574aee88afb456b53a6b8452419a3bdddf2f7e9095c9d1d272e
-
Filesize
334B
MD5882310febbcd112f6416015145fd8c6d
SHA1e142d0ba597a2c773e6354673bbc4a760f8d963f
SHA25603003aa01026e944b75447078f5758d0ffab854d03e9ce80780a174411073f7f
SHA512b21d8a189123c3019b5c99c1927d9eb10293cbe9321cb54d1fe183bf57efd22f778a61e47be27afb8f54d731ce17f96a6c6452dc76c3a8596b1bf1fdd532d4c4
-
Filesize
12KB
MD5524aed2e8bf6db6dafcba00123c5f62b
SHA1749852a2a94d9fbea4f6cfaa269b932d790e4b7c
SHA25691ba645003fe189ca0c2fbd98dfa8ad0ee8fc69140c5a69a52b1a5adf4223200
SHA5122a9196aaa125e7178289647ea7abcbce407965d1e7b109cc25fb2fea9f5076d4fe2c3fb590b7ec7fd4e79a67e872eba4c5f890931880f479fbbe8f1b836364bb
-
Filesize
8KB
MD5729c3403f7fa48350383c17fee0ab05e
SHA14835887831dcb4996297f4276acb376b431b8e85
SHA256171f983572a751a861298aef3ab3b0d82ad0f3cc087a8987c308e008479af7bd
SHA512397a93eb25ab7b66b74bab38773cf1fb030b611b53bc024e9e2778436868bad212f6c8a842a6c54e58d15066730384443e7c1ce059c70051ab47f5c99bdf83e4
-
Filesize
11KB
MD5a7652c278fc0f1d99653bbf1b5ef0796
SHA18bbe33d7f5eb8619fd3dc464ec522a0c97be69b2
SHA256d5a0e0f60d23369f2dbe7929c79db4d2b0c4f76da1f039229918577647e51309
SHA512f18bc23113eb9d208c87f8770ac39bac5329cc251a2b0fa34ba34b3c93f94934e95f5033e4f0c46995eebc3140a1235e7832976de4ddd651a2f958bf65983b5e
-
Filesize
27KB
MD5d5d3a570934ebb25bf6076c4347b6e8e
SHA1e7c4c16670fd26f98c70832936b6279e4c42b170
SHA25612b663de499ac95f43283b93e93d814ff529ea14da3313ab0345685829d01eb2
SHA51242f94cee044eb5a0f5e53c461f411edfc723957cf374ad82cdaefe4bd9e7993db51545e9d21d5169f9862280d2d5b93b420937f8b4b448f777e1120e785852fa
-
Filesize
608KB
MD5b4a4eed72dda932bf19020d1af6ebe16
SHA1f83ae8045654e9fc23909ceab60e6638d43a5d46
SHA256fb0dc7d25e596ee14d0bfef1933e204f07db9bbd2ce284b9df824d4c3aa56818
SHA512ff27c35a7e1626033d8f52ef5514868b548adbef7015df99ebe4b786057345b6e15cbd59aed5bac952415e3a58e58e289551a0110114a27889a137278f648a37
-
Filesize
8KB
MD5e9065bfa9f88f01266914355016d91c3
SHA111e8e296c46037b5dc47e05be04fef703a9664df
SHA2563b2f5365e919d3512106c334e32def5b7984c67f353a51fd8b5f1aa659302129
SHA5128fc6e5de9a90a819336667598106ceb944219d55170db92982aa409193d525787eb2f41234ffab25663beac58254fb13b8fce12d1daf052963ecdd4f4c3b4d4f
-
Filesize
1.4MB
MD58d6bdcc0269dfe01c4c0296dd62b585d
SHA190e9d250461385af451c14bf3fdd2c6bdc288b13
SHA256f083e7d85d1389d0700478a7a109a404bbb1c6a8cea4c7fa49dd6d03f11c35c4
SHA512f9c31f90987010aaabeffc386550bb43eb214f2d8269af3111da61d707a667f6948a98d02f7663c294a2036c0c5c95a3211374b93dd1fce64117710ea2157fae
-
Filesize
256KB
MD54e6397849461b037c91e6914fdc4976f
SHA14bc15aed32c60ab7722abd7ccb7404b15bc8a98f
SHA2563be6f02df7395ee9df212e7b421feb38cf98ff301335df82a0ccab322c51cc05
SHA512d6e3b3c86ff18e35197a812df1005f82c36068c52a2a1a3d8d8e808ea7bd80e21e9f0de19b3b33226d8aff97fcf52a54017be98fd9ab28b1e22f7c49a18e48d1
-
Filesize
1.3MB
MD5ff6d345785671fbcea9561a3cbc47702
SHA10963edbc8d3486017c7a65168ffd515ab5bed968
SHA256bea5931767dca4c46ef7d6ad73e6913a592860138d3fc82056289b8dff337940
SHA51280925852082dc97e8986291374138eef10b1f56dcde7b3a456165226c6e38966d5e0d73b6c7ef6d67419f66637a7e8a1cb2352008be883b0ff862d18c0469b5b
-
Filesize
256KB
MD5a29ba030a801aa62c25fd028166c8ee7
SHA1ab8c61f76874a29095297767d6e49697ef079bc6
SHA256a0ab68982229efade615050c93903e125446d3efe1dc08d26a864dc7431991d1
SHA512606ab1c88ae77db387368340679886659ed22484a47317982ca6e3dce631df8c09ff561db61e77341df0cdb916c5d2580384cfe37890274c8415869011ba92a9
-
Filesize
1.3MB
MD575d0032ae18e04a1254448f3fef14a6a
SHA167bf3587febf3c60fc2db86cfd5cc3abf510b8bd
SHA256708a5e2b9f37c099d223ff297450a697c5e0002c969a6e5ffd92349f28fdf1cc
SHA5125464cd62a08cb9e8f8fe0243416de1926adabbfa695fdfbbbe9c666dfa509d334ab941c5e1ace6feccc266d139fea40b02e8983e34fe49e40403673c4297ff7b
-
Filesize
256KB
MD5d4774c3254be80d729cec1c70d737ff0
SHA16d8ebc1ddd27703689770b68131d5b3ea3f2b717
SHA25618bbceb1150adea8ca3958e409821b3ae155c82fab2098ef79eb3f6bc9ecf3fa
SHA51244000cd6ab7b0fd15e4edf22fa23ce350dfcde382752e8f70052ee78978d8dc9068d5eee784a7e4843fe4b4a03327e0d90f61b7486f83a810c6f83e6f827057d
-
Filesize
1.4MB
MD5247f53d01ca3024505e86e8e266d4e46
SHA1416331400a46addfd7952be6ffc5af391f2921e0
SHA25668050e999473b9587535e3c03cd8ed25e62547b85b088645ec8c59e962a697e9
SHA51203b13889f6f631250e1b8ba1a20d1d8a6b9c3bc115c14855c5a7b5f3b66c29b58dbbc58a616b3b3ee6b70a675345f4aad40c3024cb03936ef29a451b45456891
-
Filesize
256KB
MD510647fde0b2a53d88230682d6b66fc4e
SHA108b5704d282305d50618e0e748ce7ae1d66353a3
SHA256050aff6c0ed8015ec81fbf54ec47625e2d436db7d1495c53ea943f3f11b8e950
SHA512bf59b1f005d075661b33e18a1ec869d8b04975be69aaa7f7a0393615ea5259eac5eec0a20e27605e2d32433d6cd29c9c90df6a354821a8b98a1a36538439c064
-
Filesize
1.1MB
MD532643b08ef8162247c4f02d28b91aea7
SHA1b55f48a499b53a8e5b535505b49be437d4de677f
SHA25691c628e8059b35f450e5ba27a9fe1cee44b52df2a2d10a037fb0a8c04d176028
SHA512925616abbb7526c2dff8ecabd638d298489142b007c9854a4ee31a04c2e1e37e92915dc91e3413f705fcc302ce01adf0cab8202a337ea78fa70719878f90d9b2
-
Filesize
1.1MB
MD5639234efee7d49adb5e9429c3f23dbd8
SHA1f98687c887bb70233e28df4b93cb174514663f90
SHA25630f0570e65a79f60128d99bf7d65ac4be571c77b744358dfd71341eb1b82f98f
SHA5129f2ad6a44eac5bdc786d63291100246f74305a4776c9db25275afd01b66c203c01fd02af0ff31ff0d69274e07fce4196a571e31b1ae559565fb07082b5e1889d
-
Filesize
2KB
MD50a0aa027d5f35d900444d66c5fb5043b
SHA12182e346edc3d894edc912deddd8bbe129c10418
SHA256c3090f85c627aa7849afe5622e8dc211cb873e86cde41d2d2ba7b73a475108e1
SHA512273137ad3be5ecd2a738b6d66576adff4c732bab05461fea6cd954b4b624f85314e508e8f33e7fdd24a82718169c6a49073b5d57fd074ef59bef39b467f312a9
-
Filesize
45KB
MD59291d6a107b7f2cf676ec2394ea5829a
SHA159329d5b141af32f7a7dec2d33547291a728b2e1
SHA2567415e90f75702e79ab64620a5143ca09c47166e9cf9de497bbbb9ca911aea930
SHA5121f51cfdd4c929d1903e5889a82378bb7443a679cbaec94667ba2aa38450a05c3616482a7d4f422e0301287dc1cdc4eb1ef5468ee57cef969d40968758f653b5b
-
Filesize
16KB
MD55efdc1c1b1187efe3021121275d46852
SHA18b83a5d6f8511e759d20a152f720ab5f584945ca
SHA256de26e6f1093ae186615d9dbbe73e872e7bf97981ca216281afff86c77a73cdb7
SHA512d2c356f61fcfb425d3623a94f586419a8d18ffc1196a84a1b612b01804d46d1eac24231a8800ee563dd6c5d629ed582ba26ff85c9a5eb0d3257385b7b1fa89b3
-
Filesize
2KB
MD53a27fe065699a6acf2e42a64411c3a5c
SHA142666174100eb307c5d36a2e612654a798f0eaa9
SHA256943d73cd5983797f8b71a9b05b1a4c71fc6f89a319f619b0e4f5063ea60cb04d
SHA512038a1aa8c8f98fa6853e6d9594bce07fb64cd536421ab1ddfa4fc72603d8df26f3293d61ba33a57d89dd2bc25edd92b24417d73e32b438874560a65d2cb43a1a
-
Filesize
46KB
MD57b771326d0973ff2c92d1375c1e7ba23
SHA123f1072409f29f81b68f44a7a7b00ab6eb78c8c2
SHA25629b09d71d1512aee316e47255ab07c09097e7ea9b9b7418833114555047f20d9
SHA5127078d4d1acb1c6e722c0ead3bee1b3cb5dd0a11afb012e1c31d21b3faf3671952dabbeb92ede587d23e203b446d3017e449f6ce5ea80c4d6ade405699c593e25
-
Filesize
16KB
MD5443d4a687a8fcea51aea02c2bf3e7583
SHA108b6ef2e35608ed571b9c6f44c789e7d21572789
SHA2560882fa66c7a4fd317c2474352adae7f09badacefed38fa1900ecc7fc5e2e4afe
SHA512866175fc28c64f21f90a2672e0b8941f502c8b1473c32dd5ff95445dfb651cad41e75754b406257532af7ad076d362032e65532dcc0d9b021e0feb590b523594
-
Filesize
16KB
MD5f49c0e3cbe4b20fba47bfcf09398a033
SHA1f2a4da1854913f2eac1d1679cc64b13533a361a9
SHA256dc601b9937956c7e47993293bcbf1bac5b2f60654e0b06eb203f389eac168f7a
SHA5126906983db78d14bcd769e5ead47bc60ce6bf913c3ebb207e4a8161cb3fe98ea652cf6f8ebee5f0e125b82b38228d94db25ca00d63f297d5b3210355ecd15e89e
-
Filesize
46KB
MD522d39a881eac214bb7a523bcc627c084
SHA1a8c39858c9e71e89fa40d9b791e7f11a32b610cd
SHA256491b11dbea8d2c2433db01eab51ed4b87c87ff4692f8d1c074c322ccb64274fa
SHA512bf6a91357ec7a27c41575fe6711f6cdb0bbda33ec2b48f9955d93920f1015fda11af28be04c2f2c4673d1d0bd9481f2e8424008b6a29a6195296a3c74cf20d26
-
Filesize
2KB
MD52984c2c7102f412d159f0b9221fd574f
SHA19dc24e331812088cbca5c52f1d31988137115887
SHA2569edbfb670e0fc5e4d23967678a02aa729f78bf0ecf03317f4d497b621eab914c
SHA512c2147f1366379f35f58da3b6f52f7afe09502e5ede78d3c0ba2ed2afbbcb6aa40400f0bf5ea8de53d9fbd17d536d49896924850ca1684ec297a738bfc5bf0dc7
-
Filesize
2KB
MD591ac2fc716e62b20df481ae4703b4c9e
SHA11a2f0b8b42e9d58d7a73043b08b6719dc30a71d7
SHA2567ee191a9594f014847325a1b8614457c6ff071019d1ed5a72d3cc1fb496696e7
SHA5126864b3662bbfe7267f790dc02279969a15d5792850de7ee59fe8902e1959c48618102abe3b14dcce1b66b87150b4be7046518cbe46ca792344e97e25c5e4d6ec
-
Filesize
16KB
MD52d58f98ad022e2afe56c0f3a452610ec
SHA1476533d30698ae918a19933e590a856761f4738c
SHA256d13064abca4361f9ca54a675f361f6c4d1c723beb9eff1301b5061d5abc3ede5
SHA5121e0f785659bf3fbe46c29ebd8679d7fdc4661c81fe966b917db470370cfe2ad207a27ca1a07c5d02d887f2791a1d1d91dc6f83a0f0c9818c39af960530f1d9d1
-
Filesize
46KB
MD5fd88596392f3e4fd8a8965273597accd
SHA1b3e448a40fc0f2b2267f3bdf4046be6dc91a9b96
SHA2563aa7ebdb1134afeb28aedf41b3584808ab81c7ba82ac2f54e198f75b6213384b
SHA512d21761283ea026367c2f8ee65bfdd10882c46f84e0831ca867c59beee047fee016bbcf0ad68fda3cee8a580f8570b3a548dce0ee25fdf38cdcd2253d24406078
-
Filesize
644KB
MD5edef53778eaafe476ee523be5c2ab67f
SHA158c416508913045f99cdf559f31e71f88626f6de
SHA25692faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f
SHA5127fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8
-
Filesize
165B
MD5ff2308e976215e0bb4d82a6a28ccdaad
SHA1d438b2711f4e90d92f9ef183438a20ea87d78c69
SHA256c8ac2d7e987ee422dc2743826882ee52285296681e58a5ae8232acef0866c64a
SHA5127f912293df38067fd06b1ba73698b274a7110a0e20dfb7131d08fd5638f1c7bfce1d7984c4b70a28599b0208a055c53ad63eb4d6628dd7640acaca585bd5a95e
-
Filesize
406B
MD57cb71b006fcdcf8ade80e31fd5ab8060
SHA1655380fb2cca01b0ca707f748fc7dcf006732518
SHA256be8918559280a2e74748bf8f6238b568ed7cbf75183b2180a6a8a979a1ebf243
SHA512ce095bb84dbf2e72304471f97e80799185fab42b843f95bd84df4b97764786687807f057dc4434287c8982937329e664f7de476445ff6e2cbf298d7a44b48d55
-
Filesize
203KB
MD5c1a2bd41b8d539c92b2bc34f1b6bd2a9
SHA19d03499e707a351f5fa8163c7cb00a593d2fa70b
SHA256712fe9cd3cd3abecf2f3ee2dcf848ec06b62bc27c83a993667d095989c9ce873
SHA512dbf772879aee19959f1c72134f7299239e20453368f507dd57a9e97df2c4b959ebdbb24a133d35d486ae2814a69a77c843ce102bebc2693a898b32ec0a919cc5
-
Filesize
497KB
MD56bb403f6c388f87ace8a7450393a2c51
SHA1790f67879ff62932801da287b81078be3ac59076
SHA256e2faaaab8c7254bc281757a19c6c0fed1da171a9f6c8f408cf1687e662a723c6
SHA512ad364c1bc08002c587a20e9373f036665782b01d7fe6126024edfb0f67101526456370a4c76e346e974afb5047338b7f6ed87d508f687873daaecc891ded1ac5
-
Filesize
168KB
MD591899280efb4496c8ac0a004cd1469e2
SHA1aa9a223cedc82f3ce8e9080bd6273062a9b56958
SHA256cd711e09012f37003af75e982e2e40df14445aca2800a3702a18612074ad660b
SHA5125fd1c76157a0abc7e477c26a52d3e6a037a36b31a91e0958163a3b2337214a4d018b8880ea6f763c3812a37bc08917f0d9ea947f988dfec88720146e5783f251
-
Filesize
121KB
MD537f0bc9593d1f3aa4a0f45a841784f8c
SHA1c8bf7ddc8be8b868ac47d91be0ebd10a8f162099
SHA2561ad6f2ad63f3846fb07fb991df21c5e7587b438bfb1e15bc43acfdaa7e6bfc1e
SHA5125c170bb6fe263a819256f0760ec702a5ac50c4ac0790ec1edbebe21b14d9c43a07374384b4c1b2cef482446807bdfbfe51f6abfec6d4951c9966e6d3fca4d254
-
Filesize
100KB
MD57bdff6235a8c7a9e3f9c3915f4d95197
SHA1af38ce3946b37c84eda3d8f9f278f84336004384
SHA256330995487dcac57ea57a53cb0f447e32099e6f63d190effaf6c28dba23c38b7d
SHA512c555a1950a0ef6ef4df852ded8f983dd72d04c927bda770212335d0d7fd9ac668bff05f8e9ed81347e43520a92d764cf55b4c9a5d31ac3851950f1da08ff5318
-
Filesize
126KB
MD51c0ab06b3388e79a2206cbfd28e374a2
SHA1fb94c71ee606c6cf5181840b4a6122eefd93770b
SHA256f0ee03c9936b459cc9bdf184df9b7efad98d40ab7b99e89166a42e019a0ec0ea
SHA5121e90991d22b0c34e7947edbc5864f662ad01b2da7888fbe3a6e814607ea5abb6fc0b34a7ee0accede471d7442755f00fe99c4a8b029244bf034189cd00d74d07
-
Filesize
172B
MD59db4e733cb93ba9ff2e8f72f042fcda8
SHA12810dcdd7e56bf498ae3c1ec5ce8b23838c33413
SHA25655bbd5c1b2a56a2e6ce92d3b59b460c30c56798ccd7804ec2790a5869f2b850b
SHA5127b08f399d342b65ea13d5ebb19de1f4fe1dcdaaec4fdfe29e17cb365c7a9b47718fb5ad189df854397f691a492e451dad4ad7460f69150161b4cb7bd73c6e0e4
-
Filesize
549B
MD5a864f7143f9dd47906454977b9f4edbc
SHA172d4d5359678d9062ca14a0cb85d381cc7cc589c
SHA25664cccb16f7eb203d7d3858e51f62e3beb8c3d7811935cb06a5db53614515d582
SHA512289a8f9ce0eaf3c1626fca16263470e16ede13224d90cf40dd50dc1cc326e5ce2bc7595f37ed772c8b07605652a652ed1e3457b66bacd67c66ffac79d98f78c0
-
Filesize
940KB
MD5aeb29ccc27e16c4fd223a00189b44524
SHA145a6671c64f353c79c0060bdafea0ceb5ad889be
SHA256d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa
SHA5122ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006
-
Filesize
103B
MD5d0e5f187217e796e9d33107e12db9bf8
SHA1b6ff6f997c8221121f8980f894e27167570694ea
SHA256f93c41584626e0c4f4abf54572d25d3e01e96cf99802049b8d9706743e283d61
SHA512d379f6ca31dde8bcfe5894ce689ce16ab5f043cdf00111547c64b276cc4b231c6c6ab9ade3b9359020493008fb847a05a7c509205a4f16d0489cc694199965d0
-
Filesize
256KB
MD53ff0e1c7e264d70358f21db2198cb524
SHA1f9a11da016f506881e2b46151d1842b75433f16c
SHA256caef57205444357498da40ea4cc9efaffc9e4ae8eeb6c070ebf803bf304ba8d6
SHA512fcfe38cffbba8ebffc91af54bf4b04ebf9598fa7e545c5ecd2c082ee26e65dda80803ee6e76a7199faabc1380e62512cf46f8efcf4f48712ab16255894535932
-
Filesize
16B
MD5bcebcf42735c6849bdecbb77451021dd
SHA14884fd9af6890647b7af1aefa57f38cca49ad899
SHA2569959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85
SHA512f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78
-
Filesize
68KB
MD5712c274cdc4e39651e8b518f66dc7dec
SHA17ff61f4b8da29b686e3d3b3274da0a03b8cc95c8
SHA256c847943855a39bb6539c34e4a23ec6a4888c79f687d08020df5b73eec877993a
SHA512dcde669cc4681dfdcd48cf1610e842a0abb879fc40d039478a151985f7413b419ee0c6aa3e31e632971b999f552a2fcf887c6eb34ea34a641d0ab6398f2b5f63
-
Filesize
2KB
MD539b7adfd0f84457da41fe73b807cc780
SHA14984249e447f6cf697be2b980ca9d8f155c4a407
SHA25604f7aaa54815fb794e2cde30e0b63b8da9a984f2ff635fa63c5f693a89f08eb8
SHA512cab93d6c21cc1f8d2f0b2feb395cfa0a2276f3c9f5bb6a913b63bab3fdc33680974a7c1520b38993b4ad992cb8e66c417c56c485f9fba4938b12a9c65a2e4531
-
Filesize
385KB
MD51df46f8791165afd45532727909df670
SHA1cf990652e8ce284d42c5adde5b923cd23309abac
SHA256fe4788440edf6d5c68581488ec2cc1cda24f8f51794cc21d762e01397c1ab1d1
SHA5122c2279be0b16005c5b6c25fae434bc6269dd04082f6c11e3c84384d69e48384a280a862520fb1f4187ca8c93f2a74bd6f395771c658a4854aec05ca3c18642cc
-
Filesize
6.1MB
MD5cbaf08243eb6c7ce4183a1e35afb049d
SHA19e3dacf61ffb9dd7ebf9fca694698baed14f5e9a
SHA256ad1d641b22b8629c4515cbe1eac136040f290631b23fc72627f03002caaa0301
SHA512c7a97e356da16b4a26c33ffea9ff0b0e0f07bea7a4d09a001b5396c4ab8a1b8d144b01ffbcd7d7526adac2ab5086e7c5729aa61fca14593073ffebae86e6cec3
-
Filesize
169KB
MD5dbdbaa2ba083a61d79840461cd267c89
SHA162de8be6046c8ceea52a8be62fbee2d540782dc5
SHA256cea2e299584f3cabd374492b3430d622662e658289fcc25cc0392ef1854cdadd
SHA5128cdaab99640e52506f089d6130d2cf9bd8dabe63d39792e27fad7a51c1e045a4a3e611b447404db7b3a4a73827db7ef303d5aa5271c51b167bf11077fb19a172
-
Filesize
2.3MB
MD5a932841a7be9c114828b26b322979bb8
SHA1e29afb43c3a5e629cf9202a9750b1bb16d1f2d9f
SHA2562a7efe3b2cd9fe6b99d03a98881e702915c0ca5a7be40d0d6239359d50208d08
SHA512eef46e2e2f4caa73fe341f2c6e736f921e7866692368f50d8ce24c9d325f81a781e14156f74903a2b71f3cc790b1dd0071912e8f6254d5f29621d5a459e2a04f
-
Filesize
24B
MD55a84ea18562126a5738abfd2ee4f618f
SHA1e21662bd256fa3b9edd6eef876d3e68bd12a6903
SHA256209c59557c8be210b3c32d283c9df8654dcaa09fb9c5677ba071da1634735643
SHA512eefecf1a91123e231a4e0d82e0a5318c497e809d9767961ed439f86a867a81f3e7d7bca2894eed8f4d05cb112c1835c4f2da4170fc3aea96662dc556a0067824
-
Filesize
3.1MB
MD575e53218a089e75cf43607e6c5d0d1a1
SHA19482d60e6180b5dfe7d6f200af3f05d394e4837d
SHA2568dd836a0af49665fb91c21e7cea9dafd9e0b9e29727ca58b3b4069e17854f8e9
SHA512b09cb24335ee2915386dcceeb12605a16d51d7b9063eb0f6deb3d6046ff49b8da6a11f697bb982b177ec765df6f03341677e167d1ed1670ba64b9973c3712003
-
Filesize
1.3MB
MD5c70ae962de0139da71953755dc0444f3
SHA17e242d0df23dfcf91c689aa6addf1c245f5c674f
SHA25644347d2a80c6d69d03f6efa340a10c868f4c21ee675b7f9910571788c6f40e9f
SHA51200f48e3583991f09bf2332d4c6743d3389c332b77e6f92e234927e391440281ccfbb7f549cd9db74ee97f902853fa0ff97feaa6fbeed02c7129185f339d170ac
-
Filesize
400KB
MD51ed06edc10b4333f66ba61ea97075831
SHA1c0eb3e5204b4ca27fee60ae707151fc1b85baf8f
SHA25689ea54b4f5b6ccb9b0d5083ef8acc6855d1915d41c0d6902834f6970ee2c2736
SHA5127270be77363755e1846c155f6c5c555ad84741e13d917d7090b4dad0cae51ce669bc1a4e5f0b061da7b2b2296f4ca4f2cf0f63159731ec6fc1935dbfae9bb90b
-
Filesize
21KB
MD517291a612431d3e8b731a932dd88e8db
SHA198994cc4da47e298d6d1e2baf2bd702c09242ae2
SHA2564ab325db9871344c23f523c5fe10d351df4cef61e450180c34b95141f038a4a0
SHA512a4b5ed6c53008c3f8a8ec8589588b54214fcc33c6bc825d7dada99899f0d1208510e94bc58dc6a8519d918628559b5a80361d9859868e93998bbfbc5a2e8cfb6
-
Filesize
18KB
MD505fb36a51e04a6c6b3a5f125fa692e6b
SHA11d5c8a6766e54a81b75f1df4a397100c9b42b149
SHA2562ec85cea38c19cb8ff369565074a6a261804aae016337ab193943162ae270d2d
SHA5124ba03b2addb6c870baf4671239461d329e126d829006aa27483dbf91291687c69afb86cad148965b8fa199081fdf65afad14108b4192840c1825d1c604c722a5
-
Filesize
325KB
MD57bc0c0c439b4ffc39e27180dbad146bc
SHA1b6f63718453a325b5563fe83937d0d42b4adefd6
SHA2569b64c14ecc89594cb89c6a76da6fbcc94ee9a52506969b238403bfbf17f49712
SHA51292adb6e8477716c1e792f87a0a3c67db43d62f8a725ac10cd55b0aa989acc07ae0ee5b6ca04a60e4c356c6537055d345b6eb79edc5ea50afe1f4e957a9de68ca
-
Filesize
703B
MD58961fdd3db036dd43002659a4e4a7365
SHA17b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92
-
Filesize
687B
MD50807cf29fc4c5d7d87c1689eb2e0baaa
SHA1d0914fb069469d47a36d339ca70164253fccf022
SHA256f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA5125324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3
-
Filesize
141KB
MD5f2d8fe158d5361fc1d4b794a7255835a
SHA16c8744fa70651f629ed887cb76b6bc1bed304af9
SHA2565bcbb58eaf65f13f6d039244d942f37c127344e3a0a2e6c32d08236945132809
SHA512946f4e41be624458b5e842a6241d43cd40369b2e0abc2cacf67d892b5f3d8a863a0e37e8120e11375b0bacb4651eedb8d324271d9a0c37527d4d54dd4905afab
-
Filesize
1.1MB
MD50e3ea2aa2bc4484c8aebb7e348d8e680
SHA155f802e1a00a6988236882ae02f455648ab54114
SHA25625ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7
SHA51245b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428
-
Filesize
551B
MD57bf61e84e614585030a26b0b148f4d79
SHA1c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA25638ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3
-
Filesize
1KB
MD58595bdd96ab7d24cc60eb749ce1b8b82
SHA13b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5
-
Filesize
2KB
MD5cd247582beb274ca64f720aa588ffbc0
SHA14aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895
-
Filesize
280B
MD5a7537931e1af5340f125d6c9a59b043e
SHA14f331e4af4a74ac232905bce9464665a0976545a
SHA2562b657fd65c9331a37e3b44f1a6ed1259d7a6137586ed1807ec8f748268764e41
SHA5121b06341297d01c8cef10e4a6ec5bf3a859363416625fe4dfcb24bd4e454a2300bbca758489a47ec10f1182154f4f927d67e9347a7b077882508224a7f0d8090e
-
Filesize
334B
MD5eac130c3eb10260a525f2039a0df7482
SHA1a47fd0523ff4b5faa238525375192ab7d5f06baa
SHA2560af4335fc1308d800b0c63abf3dcdcf4cece21663b6135e5d4eec0990635e3d1
SHA512811702fe2f30524800db98dc340ebb3a72a5471fda750260858010fbb6a96de27fb7a9e1d685584794f30e6cb31058bf65a4416543ea2c767a2c6ed8bbfc7dfb
-
Filesize
7KB
MD548c6352adf7500c26c9451a5e9e58ac5
SHA12b346da73048b118acbcc834a8387d809e8281ad
SHA2564957ba022d016bb63c706374847c172bb056ca5df4a084a906f57ccc8163b4c1
SHA5126931a222b41b89756fd3eaa5e0014a9a9e8c6a559da0cd85695e546d251cd1e2c3c842fae5719fd995793e688397c8d03c8eb9c66f6e8733583c702f42ee6362
-
Filesize
151B
MD58f8a08d7b623908ec2b0250c18cbaca6
SHA17cd9ccadaae674db3f7c2bba535585c9473f424f
SHA25629c4b8911259740f299201fe2cf74d856f2c2c3bb6825b62e862060574e23378
SHA512ed9c306883921945bcc046ec9bbc120d2cd4be0859c0be6ad8e385b7b60f1aaf83ed91f92ec6cdff1cf0a4d15415406bf20ec75c56116f348f4caed1bb9c7e14
-
Filesize
48KB
MD5df1d27ed34798e62c1b48fb4d5aa4904
SHA12e1052b9d649a404cbf8152c47b85c6bc5edc0c9
SHA256c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86
SHA512411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94
-
Filesize
70KB
MD5638b28824ff7d2a8b5eca31267ffaf3d
SHA151c91fb5de5248d6dbbe194565231c4bbbc197fb
SHA256a2477313b8f9735a83fff20ff6624d26a13c893601a3cf6148bc997022913011
SHA5120eb506d4d9f7bf3aef60dc2d69135a1eb6c9748eca15f721cf5310a7bfe131e21c3504dd75ad986ddfcde907cedd8522caa64845de1794000c2fe7a477189af5
-
Filesize
63KB
MD5226541550a51911c375216f718493f65
SHA1f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA5122947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516
-
Filesize
366KB
MD5e6940bda64389c1fa2ae8e1727abe131
SHA11568647e5acd7835321d847024df3ffdf629e547
SHA256eef5dd06cf622fb43ea42872bc616d956de98a3335861af84d35dbaf2ab32699
SHA51291c07e84e5188336464ae9939bfc974d26b0c55d19542527bdcd3e9cac56d8c07655dc921acaa487ed993977a22a0f128dc3c6111273273ff1f637b20bb56fb6
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
26KB
MD5759be94e3186a7beb35e0037aa291760
SHA15cec0ad52551ed9bc6abf805f7456965a47b71ea
SHA2569550a8b1721e4f64f9b45d81d95f24fdf7c81a8b0fb8db28ffcf076467d1000f
SHA512bd919c4cc5f8b5ffc4e6c16b576b68f1e296f42e83fe4c865d35968ed115924f20e841b36a09e24ffde248af614b583f8eb66512ccd2718777e4dd512c42e311
-
Filesize
21KB
MD554067bd6fb245223aaaa48e1fc8edcb0
SHA1e563bc020c09e8e79e3694997cf55718193ed827
SHA256fc01ce37eb543e614fb624cccc0a9be36718a4801b3db80fb195c075c24cdc49
SHA512d85ccb286e4f2fed8a3c82c3e5f4297013525c775a4464f3abaa007b3731c023dca46a96b4d9b05e1c23660038975384f7fa5156a32facf2d237841b37af05b7
-
Filesize
21KB
MD5ec0963f084571ccba8609e51d71bf6ec
SHA1b4a93e1b2e235488747b17c212ae14e5551c2db9
SHA25639041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3
SHA51288689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525
-
Filesize
38KB
MD5b8103746b4757c6332fe545f11de8f70
SHA1588965d6333eb015af39c7f44ce71dfac67fb0f7
SHA2564177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd
SHA512c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf
-
Filesize
37KB
MD5bfda78672fa2098a6c4266a33e799f69
SHA17a51f4a9980e6f9d5a484d12fa3e35baddc753e9
SHA256bdfc29cd8b54192ada7194936da17428629bb5925e31a2846682571bebe402b6
SHA5127d01483a7da3941afcd7b1566c868018ac80927209269e98a6dab0078c1a14c0a380402efdd5b257e0a37ca6b45f68817dc774cbb32b5e7ba5f3cdefc2bc72d3
-
Filesize
27KB
MD5fa2d7364a6cdbe8144bfc6add239bfe7
SHA12b37b884e7235429a2b4d675cf1d4975f9081d4c
SHA2563624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5
SHA5125a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92
-
Filesize
59KB
MD54690b3ea55b2fbad2b8f45d320c91e74
SHA1be5961ea90ca80c5c466ba6b385a87045c75330c
SHA25686b362f5b149efa8a722178b483aa9ba34265e51ae9ad23acfa0f319a70b8039
SHA5124e37db0e32852b726825bab1a20c02357398060aed874c732387003a0998b68c342dd839e3a552991f69edbc06d5f1217505de9059987651b16a76ec64d43911
-
Filesize
16KB
MD5db2656b672846f689c00438d029d58b6
SHA143b8d5085f31085a3a1e0c9d703861831dd507ce
SHA256aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763
SHA5124c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab
-
Filesize
18KB
MD589ee4d8818e8a732f16be7086b4bf894
SHA12cc00669ddc0f4e33c95a926089cea5c1f7b9371
SHA256f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82
SHA51289cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e
-
Filesize
45KB
MD55569de99ab1fabb4a341f6491b8ae9cf
SHA101bd34e042fe11149a50d8a5772c7f55bb20d59c
SHA256cdfa951fea7ca30043fb919904f7ba8af0757d017b03ae48ccddae4d1d9e6417
SHA512d16c027aee5e5e0a2009c8e1227bf2a708083217e575cb5ad9b53bb3e1414d95f6ee266294d6bce9ff7b97b84469bfc9b10d7309399fe17d74d56094045efc21
-
Filesize
55KB
MD592e42e747b8ca4fc0482f2d337598e72
SHA1671d883f0ea3ead2f8951dc915dacea6ec7b7feb
SHA25618f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733
SHA512d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627
-
Filesize
16KB
MD5dde035d148d344c412bd7ba8016cf9c6
SHA1fb923138d1cde1f7876d03ca9d30d1accbcf6f34
SHA256bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9
SHA51287843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0
-
Filesize
110KB
MD5df4ef1fa06bc34706b3b8245d4831d54
SHA1ba8f9d4b813ee160a56e162c36d29c1bc2a3bef1
SHA2564a34fd6dd56215d4c81be8f211ba69410018d336605334cb190886e4b6adebcc
SHA512b6b436366a3305228cd3ef912731ee4a6481db7cd43595f5217c2ab91b1a7c19168bf45e8ce8f4943ab3b393240b9c507073d4b7492016689ef0c1735700ea9a
-
Filesize
88KB
MD52dfda5e914fd68531522fb7f4a9332a6
SHA148a850d0e9a3822a980155595e5aa548246d0776
SHA2566abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c
SHA512d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2
-
Filesize
25KB
MD57e9f32172582f9a9f63aefdf213b2ca8
SHA1c6046d34dd37164db45fba949101f1b823b92c78
SHA25660a2a9f78913e6cf901b86cd1ea3da7efcff2b172ba65787b1d8352aebade766
SHA5122247abc46b2f5af16e49e5cdae38ddbf45c3653b362a856ef85110102b284b7887b0435ca935e03a4ad9c786b67dd2ab232784bdc3ec3a301ecf22e5be886e4c
-
Filesize
16KB
MD5dc491f2e34e1eb5974c0781d49b8cbaf
SHA1b73ca9b5f9c627d49da4ecbc3455192e4b305a3f
SHA256f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8
SHA5125c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645
-
Filesize
853KB
MD565f3cb03833d7cb5872491f06435f385
SHA14d0dcab27a49c8e3e5d6f28ca70c96a77b135179
SHA256155b3edc5751852061fb66a5d60e34b1332700ff8dd20dcb9604f08a0003f81b
SHA5126954fdda898149cbec6044d307d251d31f10c68c0c72c5c4249b959d4ea8b8218080ebab173a470ed693856c5a528df643f23975a479e8c3a16803acc9b1d370
-
Filesize
39KB
MD59a01b69183a9604ab3a439e388b30501
SHA18ed1d59003d0dbe6360481017b44665153665fbe
SHA25620b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
SHA5120e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
196KB
MD5607685c69f80758fbeb15decb025754c
SHA1b72b74d60c09d96863a79a5ee1c125fa7f7f2f2a
SHA25613e44f415e142264239b195b03a57751b70aee1c69ecbc6fe6d751f1b003e6f3
SHA5122b19b38c9cf51147b2972a1801a7821ecbce2bdd9b52d833b2c1332e8878ce8fe001acd7bb7e0d80ab65b1e2b662dd0ed84bd928baad1bb955827ce78575a698
-
Filesize
5KB
MD5c16cb6dc48335cbeb438d704a8e1e8b2
SHA19465de7443365121383827078c130364476aa73a
SHA256607c805036f50784c1b9d74a37835471ed0175bfc6b2efb52d4d2c630ab6f7ee
SHA512f8007727e95293df451793688e89715585693c1393d5ccb76de3625aefbd2a1162505bf0a358ebdbd4e4423a8be6a4e62e6db06d0895c52ae1da294fe52c9f56
-
Filesize
9KB
MD54c9fce082fef4f40b1bf28623e9a901d
SHA1bc4231d9373684e649000dcf3c695e6c248e3e70
SHA256a6596ee2ec907c508e621b686f7978cc442da96fafd8421670f7f6ef1f7a05a9
SHA51215dd58ad170748c04420933a31edcad0e7cde8b750db2b3c21c7a2c054b9c3bad10eaa03a469556a66db2062bc9f887135f4c75c6c2e7c071829112ec5008c12
-
Filesize
7KB
MD5f1833a85c22b70a5125b7ba06ef44f1f
SHA151304fbec0ddfcb0f98b6d41ba6a5741d55a9fa6
SHA2562c3d32959594b6895b89cb24ddf7752fbdb269c7a46a0a52e7a00d2394690784
SHA512dd37f4c67c1de3d872c88b91581fa9182f0aabe85664702c32aedb11d7170bb3310edf2863054c9284a242fac85849547dbfdbf9101d6f4adb77f11a0690b34d
-
Filesize
1KB
MD516f35625ef1a05d856405ae3727cda48
SHA11fc42d1ec10fbac66acabc547cc57bc00f1fb76c
SHA2569b18967ecfb3c1a91af59327eb5189b2206015eab1684203577a62ca1718f225
SHA51292484a2cfd178ce0ea9742283d2c6d328cc3f8ef1ba4eb52d793fdfdceda135ef019c39c60176a06760f2bc716db7f9e5235c22e5781cc5d18d0df0256dccae8
-
Filesize
10KB
MD5a49d9e6fa2b619bf9229275ef26acc26
SHA16c8ccfd6291248d0b30295367a5d5558704330a1
SHA256d29840fb5798382780e6b05143c1cc8f3fb53681acd29e92bc22728f2a97b1b3
SHA512c51eaa0e08061b5c98635997ba7dc0b1e874139d8331e033c1d564a3f2078022e6083f04c6c131d8b927bd80a0f24397d53877d09df766c9f758574d422fc38f
-
Filesize
16KB
MD505ac915203d49d85f234ed988cacbaf4
SHA1d126333f05145bf0f18abd487af1901b9699e01b
SHA25697336c453121cb66d02c3901531bf744f0b918824bb45eb21f9ce6322f032ae5
SHA5125c622289e1081bd77f27771cb1cb3176637a8ce5aea8c05def14817c3df2ec27e943f62f234465b624cf8881d1356c11f936a06a491180be3217fdf5970424d4
-
Filesize
262B
MD53d26a1be4c86ad929ce007f7acc45641
SHA1401873c7387519e2b3336345132ac4b1033604be
SHA2568c66c1ecf8cc5bea79fb0e4a2e9dec7ab7536a7bab7a6cda754ba5b249613e95
SHA512f8f617666bc429cdce80bf3ed3b5af249a41660645bd4031d9f5f39b6044efeaa22e024102db48c28fd51c2d5d5c29d1704e269d89297c53e3323a9981e75070
-
Filesize
1KB
MD5ee6eb730e7cc95b54f1d9710b13d0be8
SHA10a21d09fa48a4a4643fd8aa91e4ab54b5782c7e2
SHA256fdf62aadc17b0ba26968c8635d77993ac36b0af8beadc5c21f64b89661125f20
SHA5126bbd46caee5d140f16760fd071acb025b171fb66129b2e903220db469b2b4d1a183d66222849873d5d7da2ce2f06da49b466e6efbbc1eb873df94ac18d964266
-
Filesize
1KB
MD5f1cbf47fc051e9ed84936118be2ccc98
SHA1167b5680e4fe5ab1330d2b605024105fb2143563
SHA2567b199ac873013bc0dde1eb66325d8bf5b398efc630a575b47e982ff6cdf72512
SHA5120a7a7cb1a9f4744d747e1753e4154aa3390e87a02ffe43d0b389b51ae19b496548729375aa4d6b39310dce0ea46555a8151bf1ff74eab1372121d940a0401dfd
-
Filesize
3KB
MD54dee95ad62e7a07a145ffe50744bb923
SHA1658b7f5e13c9e0501840b0881041ecc728612857
SHA256e75e9b0b09ee089b5ca2941816a34e329776ac673aaa1f1884637afc1e776a41
SHA51274bed390c2fa37c03f0926f93fd52127609fe0e5084e0531f7bd8055daf88273402230ab869f29e0034157fd21e2cd7348e3463cf3a1660f9862ad05ae405a34
-
Filesize
2KB
MD51a73c888bd68ced4408c561ae426d60a
SHA192a67b72ea168e2c1b18199d3ca2230feec84b4b
SHA2563010f20bcfd51b7780b98133e8c003bdf0b53d5e5e6f6b10b25a333415110b2b
SHA51210247cc559b5501cd03d4110aa5ddf2e410b134bf7cb66da50a1789c63246383191183bb4b7c7cc7112c3282cacbcd93ed1a867795dda4524fb5034a8eb0b1a2
-
Filesize
262B
MD50a383023dd95070a6d8005ec4a5ebc86
SHA11da774393392527e20ed3b4b2ee75be32569091f
SHA25648ca5cba86dbae813093ada15def35c9ad01943f37e7eeff1634c784af601673
SHA512f42159255c5955b9ed32cfde98f9669d86abde8a08670adcf189c25e57550faaa11ad5c1efffbbc56dbedad08792312ed2dd5a3e7dd6717813d255f6e6215d4d
-
Filesize
6KB
MD5ee3b5841d6bf2e55d3fc244ecf73117f
SHA1c62beb7ba88f60e8331a277874c9f1252d296c34
SHA256de48939a9913debfde2c34bc5de18c927df8ca616f63235eef40cb00078a87fd
SHA5123b67d7d86d06b89e70352b8c3210fe58a4986df9ad6933c237b68638d3e88093ab248171eb5029abe754872fbfd193f94c967322263b8c7a6957f5b57a65998d
-
Filesize
12KB
MD51766ac42133c9741dc5058f8a61401a3
SHA135f3fdcc0762028f6ee91ec080cdc4fb0ade3054
SHA2560fe8470a246461f2acc62db566a6a47c86e32c31cbf2127f8c0da4b9b5f345f1
SHA51282797b5614bd993ce71c26e844c83e08ef1d8eecfdca9996c85795d5a917c5b523461064a2b3a0b26b78ff13ce4f8079d6c45623a9c9771710f32e6ac84e0d3a
-
Filesize
17KB
MD570ada168e8a52ea03880a2939085bed7
SHA14ad94f42b48b759f5f8158da5596c8f2ac81dffa
SHA25631d13acca6a55ea0918df6c0261eb3dfc6537ea2fbe8c0a83f82fc0d25f90a83
SHA512829231ccde334f996dd28c014f749bef558608da5b308063f82e760fc939c3587df4070792118db6afdd7738e3490d9812de74246a788bcf8f058bf80e395f53
-
Filesize
9KB
MD590501a6fd129fd23ed61baa6d0f93227
SHA187fb67ce1dc511ce1e126b1923e0291447b39f48
SHA2564a7520d31bbad02e08026e164e6be5ba1f1a3c9a2ea844d714a679dfa60e49f1
SHA5121943d2b1bd195719ddf1d851507d83f61e2986221bf5ad5ec507694f72865f0bd47a104d238d16210184fefd30b935548b19632746c8f430f32203484df7d7e4
-
Filesize
1KB
MD5d1771669a0631bb3fc5cb13bf86dd9e1
SHA18bcd7d3e5632f915830c73327e026712dfa8bc4a
SHA2563678c756c1c25adc1aeee6d3dfa3e6bc7a0fe25019c9e54a23309816edbd5026
SHA512436f1469efa4185f6ada6585e5fd927b066a7b3679e257adab44eac6555e2f9a72a3b1fb3712c78f7fdba50355d13983a7678a363aa443ccad304c145a4646bc
-
Filesize
262B
MD5dd69ff857aad671ef93cb171358d4dcd
SHA16cec25d91e92163e597aa7b6d16c2aaea5c9148d
SHA256dd5f734e824bd78786777f449ace678598b4a9f9b9e2b6c522b19dfc0d39550c
SHA51272195ff32534e380e592c6f3443b695cf125a9ae9408d456195a93182611b2f307b2286ed25a19a978d16cc8a8fef4b5dcdb8ab508b02b091b44e16a4bef48f0
-
Filesize
3KB
MD54229af5f0e50059f800d1b92b8e96a66
SHA17cf16c9f5633bfe387a372730313ab7b72d040ad
SHA2566e166f03b85f5a303bf94fe775c47ec43dd519e0e7df45eb15438af98b6aaac2
SHA512cac0cf45dbbc38dca922f7438d9cab6b80e61fa5c39657adc373b8248cddb281940022a06c24ec26585960672cd7f930e32381d28ef2e001c5a41cb00be09330
-
Filesize
3KB
MD5a66d4345a8cf450250427355a64a0a7f
SHA166db652f3fe55ac2d86d4fe7d03ebbc942dde9fd
SHA2564302a7890ab19dafaeef15964d3d4cbd12de43f9a2e082e678f84afb99c6e75d
SHA51243af2067b49f4d77f1b001d66f6349e1ae0220df4f4c09b97de6b9b793bb2cfcbf1f95b2b25d43623c58e3b3a9985ffa2af4731cf1ae2307d1ac9da0b25d924d
-
Filesize
2KB
MD5608fcb29be11fe1ddf9ebf83e137b720
SHA1ca3d7316ec28fcf778f8af417b174404eabdc55d
SHA2562c8200325256dcbbad3d18b09f2fc42e7a8fe85538540a725fb02d616c12a8e1
SHA512b4be8f675774666dc30c519e4acb64f189316f268f0d1beb9145e0b5ed765d8772153c381319d5afbaba51f27722e4c39e14703230dd0178923e53a0ecbbd923
-
Filesize
41KB
MD509e3a860b52844fc62812e7308c4a4cc
SHA11e1fb4a439ea1337575a402d3fd8fce572a512bb
SHA256991077b3813665f8531ea9c47cab890b74c20493e7f69739d6566f239e197512
SHA512f163e2ed669543482293f27dee94820a50c1e5776c376c6bf25d4132c4670584e1456527c896e65110a0ef3226e8365b84044b343c0273bffcd3fd28ad12f364
-
Filesize
3KB
MD5cbb23ec75af01e6d7d7e79c1c8b86330
SHA14bcfc97e9e8a3f707f204a8b2642d644d14ba9fb
SHA256c1da33d324afcbddd9cea2deee5af7f5e775026296287c1bcca7ebffb1c39ac6
SHA512c0b686550577898354a36d960ae3a7879969eb493fa302fdd0768d04850c3b46c50c0d69ab59cc7a98db65c3fff8d55d9ac186f26c1295b1b5ee8e447c709408
-
Filesize
262B
MD5d030ffc69231a3895028c01eb40756c7
SHA1ee10904704586e3fb94df0ba874bd6a1cb25c1d8
SHA25678c5cb6627d07c66680019e7306b543e18933eacbdc1e5db4e2d760f7b759b10
SHA512c694f7a5255c9a74802cf5292a5a802f9e57f4bdebe3e32d05993e73f508bbefed46044e4757f6e44ed70fab969455a476a5a5e5d25226d2c1249836851965b5
-
Filesize
2KB
MD5a38cf93f8b930120003e614b7af3c072
SHA18695d2dc9cbb54643e0c1cc79cd159d0618e8368
SHA2569820e058d49f3be4599c87f37bd963face5ad8f115c9a9416c772d9efaff4e9b
SHA512c7ec5e1d2f12f8b2bf2e0afa9d840fc664a284e61c592b8c8a8d1b92cd2afad9d25623e7a51acc8f3a11e0d4d3519aa284d7689c9043b8cd5e417465173c4d74
-
Filesize
3KB
MD539aaa7c29a730e9a02eb3e39d3a77961
SHA175cbe4727792c798d98ff01708c8c7d338bd0eca
SHA256a32777c5412414fdb00c035c0645ce80b0127ba88fdc9e59f00b27c2607d1407
SHA51253c46fb19f6fbe2ec512ae321696d8d27e4faa9a64bed6cbd61e1bf8768bc4127b819c485f6a789e9095052618a58fb634eb0ee5b82cb5d2ec4897c7bc7b430f
-
Filesize
2KB
MD522fdc3d59773c49cfdc3f18a71412876
SHA1f657a904d4418d8acb760c3cb360b3dde3846e69
SHA256b73e1151cf01a0a5dd6a09612f9fe3b150b22b8f259c9e73f05db44ffc19003a
SHA512aba4925197739392673357154e233a4640fee33a39add8b3822c9c95f6227c6b19c996163b227c8dc8bbc04e14a4221cdfd3d19d54a6d29ba485cfe05034523c
-
Filesize
262B
MD5541159b36cc4a89385e7df325cd8a235
SHA12a394a00a8a9a53db6d6bb1ffb8ba736d57c0fcb
SHA2566777ddd2e1107ffc977e52e880982457c2bf3d2ea2ab7285a0115357aa323461
SHA51204681d219a19d4629ae7728c44c55890b9c051b1776afaf2d44a4a7276d7b304aaa19f0ee791ac360988216a2e58088115c8f8854f526de3aec793c0b47449dc
-
Filesize
21KB
MD50f06503bf66171f259bf6183999c965c
SHA1ccf9615e39ec9961d33a3aaa499661fadabeba60
SHA256f56b52903bfee583c78f97168225c1b894d0e26fe928e01c2c85e11385aa3cd4
SHA512fa6bbdae2d34ac69f300ad5fb15d2bfcf4c21b0e00e2fbc168c9e606c3b5d148b392b4588d5122ef1faf4ca4cda660e69fd50f671cf37ac371b0860806de8b24
-
Filesize
330KB
MD5a3e28e492ac7895dc413e422b8ee0f80
SHA1bc772e8c9eccdd331f820b1ce4a45591c6a977fe
SHA25654464f85c16caed6420cc7583ba695f2a7ce0d740d52bb3879bcca0a619cfe48
SHA512358f130fb457e8626303e3c25642af8112c8c05ba96d2443f9a4bae7c8d89e6696795043931cf2a4985a0fdf0146988f57978233c0d276cd98c8b917d3d1bd99
-
Filesize
262B
MD51adcf536db8729b2cc8b73652a0a4897
SHA1029fc30193eacf0e172908217ea8bc2f7b05c6de
SHA2562f2370d7b33f9316d561eb574eb9b0fe2d3f79ba0cd30d06f60ffa349313cd3c
SHA512ae1bc391d5d0a938b84de77b4d4dbdbbc9c8c1398ba9ea3b54165cb8001a5a73b8b7c0b467fa70c30cd6ed2accd49f0ae647ed61a7688f9af2ae43423fded51b
-
Filesize
28KB
MD586a3cf67e12ae1e168798f4cde6fd11c
SHA12ae2c02f222f98ef65d49aca5b93231e2e91c6f1
SHA256fbd31955af3b3fcdfe8f738896b00116a1c18c6aa8c117a2d88ce215ccc7efff
SHA512fd51d84dc65f0dd7519098462ab35e7b9958430046427f209a5fdbe878cd432d868b60804245b9f59be5fbdbf999502454f0845e732bba68069c3e625a281073
-
Filesize
54KB
MD5e59100d545e5e751bdd61acf0445c735
SHA187c0efb21a677f713acfe2e68a47fd46e12a3628
SHA2560ca49ed64734a9868ce673cfebeea2e8e1def6b95257a39be74348e1ef030447
SHA512cf388440730ff84039368e0f2c237f6d493ae054bcadccba05e59428ac43bc833448b603a09817e2ce48eeb058e4914f8a3e3cacddb6102d1f93ba06efba7e4b
-
Filesize
2KB
MD52791009f04909796bf1ea97e91f7d970
SHA1f48bfab66c3a4386ec5dc3a558024d4d054a2c31
SHA256ec53dcf1027ba1705303897f03c5d3a57706624563f7058cd5e317c364300abe
SHA5122b040740ac11d750fab0d1193df71e5908012c6b114da79f2f1ab71580d24a0bd748f3da45a162d1a84574ba331442f0b3207f0a3c61b413a7eafed9529cf5d0
-
Filesize
2KB
MD5a582ca0f756e5fc9cc4bd0ee6f529a12
SHA19e110d6550c976c0c75e3f860961ccf2af76c1fe
SHA2566056de767713a922a4045455537a24efb905c51a6cb578388c5ad6460b4f5af1
SHA5127123cb113641bb0f9fd55fefea603aae65aa69e10c86529a3210c67b019d4634a9c832394e9a3662f9557ad23b47cab6bd4039afb118b867cec1166947774275
-
Filesize
262B
MD5d295ce64d4c94bba075e5c7c96f51d95
SHA1b140236b0106904eef451161d81ed0b8c712effd
SHA25687615d1a5ce68ef606e0a5170a901fc08fcbf844da0c3869c68614fad8115304
SHA5121c67569062fb2cc19f28fadc0ac4873a6931bb0a13c517e3cf3b2309f2140a6a2b3844713026534393b2648bc086a1737f795d89715bf57db921d53a077077b7
-
Filesize
8KB
MD5953b0f4de02b8063bc71a70a6447f3c6
SHA10ebeb8e7edcddfa0bea0f99c336da3aab5633d64
SHA2562cf73321b64627dacc8d46e85d84a67e190e09a7f4df5bc7a3fa8377296bd044
SHA5123eaa6247159564c11e79b55e389f027ddbb433b58d4b062b40f28a4083e0f7b6d7f7340bdd3dd7b88b98a34c2bfdefbc6af1fcb0b773783b7976cb7e7a857518
-
Filesize
10KB
MD5d5049e6a463d9cf83d5c296a4ccea748
SHA1981285013ea36801da98176c90cd15a89da2c24c
SHA2562437a226adc2a9e5dbef4ab67c5ecbcc6c3cdea2b681e3aeb87f7871f41aa4d3
SHA5126653340ada6e9c71ea9ed3d85331c26c8c8f45e380279146c3b8a623f37d1854d7de693b44c4c6b7db6abd4e6c8c2554fd92f306854d204ab359bed485e4fbd7
-
Filesize
10KB
MD56ed0083f16b7048ca2888e9903f9f522
SHA1fb36a4c635b20a6c49302e361b112ed438c2df49
SHA256a298a0458f87eeab5b79bf1f57cd0d7f444b7f77c18aa27daad0d272fb565dca
SHA512f782fa94770388093275ec3cdff5ae43b67c7f0e1600cf8ebbb2ff021b51965e5501519d22eea4ebe255e1dd3057f075e67f5f6dfd008868c0d7d5a442700be9
-
Filesize
10KB
MD5533c2ff7ad9e9e6efeb05fe7175eb998
SHA1cae455f5dc470c48f56d4d08e9566c11fc07fc3c
SHA256f00166b49f85a7158ff9285ce2df02681a16d47370b1603cb18cf837e03d0fb0
SHA5120961b9bbd05d4a666066660aef70ef09ef796154f5905e30f48235ef72690b36e2eda2ddc81bcf958082d58a4c731f84f31de200dbf6a07e6bdf97a69384a035
-
Filesize
6KB
MD534110cdaa1628e890e072ccb5c1239eb
SHA15a62645f14ebac6a658d5a5b8ab933310b74886a
SHA2560aaf6d49684b6d4936328e567f9f736f8f32a8558a7b2cff4166418950c329bf
SHA512aa9af7b4b3b8c429bb4aeeb6c44b70b4acadbb4abb4059dbc5f1cada5eed517d3a4dc613e298d42738afe8c8e0386cf09f7319a417974988d66f0e7c95c97275
-
Filesize
3KB
MD5a6035acb622de3125bea99ef06f03373
SHA1334159be5c88400127dda6604c4e1d1c4aff61c1
SHA2568890601e104f0c44eab594814695bbfab8e36db81e8b2bb6007c80b5f63b2a50
SHA5128afa9ee3d425acd1b3552098529b0b06ba0112238842f0951b047ac6324fdcd42087adaf12de5dfbbfce7b09b662353b782f8e826b4d1a14a383c8efabf4dcf2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
11KB
MD577dd24b022ed95bb4629a4dcfc11ed1e
SHA1e9919c44051c094e8603e8a27101feac535a4b6d
SHA256dac6e7a2c8aa0595bde13278f97a858419adff1693a542220d652deb7966e21c
SHA512db3b212fab5a841e787e7dadb98a5c8f6cc5ccc2c147d84c67ae6f8123ea93da50bcff68d9c796e645d78ab4176c1ae0712559c7edea128dc487abc189a21296
-
Filesize
17KB
MD519e9b30cb6aefdeb7218041990f2f89e
SHA1e7a3daf71a35a64b3a51170154d6f651f75379e7
SHA256bcce011bc5e99218a5c84beb59a92723813a7f8a7fe234856a864fca5b1a90f8
SHA51261c62e202174d16c32c02ef8720f4ed87f9a5ce552e99a59957b9d62099793427e70dd30dc540d24fc48305e6fc2769379d5a03347cc537470508a58bffec47f
-
Filesize
17KB
MD51a148ac0dc453ed249c9fea6f3ba34c8
SHA11e728a13171be334d05759d50eac252e41622a8d
SHA2560971b6c61801ae5470ce51bd9b77937c5bb17d50ad63513ddda3173836d7bcdc
SHA51267594e7d3328db297ebd8f6694afa70d1ee3b20de0d5d8a69b799112edb0ad1df4d0b378d48557820c33082b0ab0099eb3f3788c80162d60c5f578d2fe0db518
-
Filesize
3KB
MD51aa6423fed7ec112ac2c5e009ba080ae
SHA14fe8623a639f7505e7dc37430d431076a020799b
SHA256bfb59ae11abdc586bc4cff379f4a9f30765d15497072c31b468e5c084e26fa7a
SHA512a402f90ebd19b1bb8f58fe783d92231672c84d09d576eb0a371042c1326581e7e43db2bdc51da60e8a49f31b21916d994be8353ee4f982c05ed8f4469cbf9641
-
Filesize
3KB
MD5bd5dfaf498e10219f86c4c902ca5f64f
SHA14dae842861b1689d0763dae137cb6b404f1ffd88
SHA256b0306de87ed687d869834a09a4fce061b43ceef158518975f96e5ae7d5c7fd97
SHA512cf40ed129a52fb1ceeb19d2e82619059332434600417ba54bec5387a0bae23127d12061cae1e5cae49b81f4a2ac768b71e349cd28b15d0a08f33341f900cfb07
-
Filesize
16KB
MD55d8d1721b651cb8dda58460f6c8259ba
SHA1d9a591c8dbcf418e9c5b58a2ecdee4f98dc02c82
SHA25674cd64da3aae000930ac3d3f9d6a5c5120f552fbcbfe5ad7b287ac77bae6cded
SHA512784829c68e0000c82768fbcad1b635258042416f1e732dedb0119bc7ac3c9811cfc29602c145342c99155396544e77732ea567cbc82ccac7d198a4716ea3e583
-
Filesize
3KB
MD57896f20f839a259061ec8c691938b132
SHA1c68ba45d8adbf4844fa4f7cdabd51a4b439c726d
SHA256064d71f1d7cf90bf7b686483dd42c030c2e62f7448c813a915835c0f9af21db4
SHA512b863a8f3b97d8dde502d5792a7117f403e34ef04de16dd1606d23be84e5303d4b5ac279890781390b754b84f2544513f6a91461f5474e850b460bf7fd803c7c1
-
Filesize
3KB
MD536e5148fd278dbbcf509c8b4f1f0a71a
SHA1afbd74c6ef16f8602a2d8264eb294a5e99dfc07d
SHA2561bca0e4e94b1280f3f20db874f2f90dac1bb02a8f6fe2ef69f8de416f12b1709
SHA51207f6ca4eb14f50824c92fd11acf5913c472cf6beb47387190706d1ccffb72c57a94ea41d1d194f4d9f7850ddd45b8c94c4eda497fb6f29ecdff1ccd49f0e2e65
-
Filesize
17KB
MD5c2757c53ec65cb662e8d289496008dba
SHA1660e2765f91a0127ea20c5ad66f3372b4e3eec29
SHA256e80e48d7fe078256e62edc6d0734a91288f222f742df35890e22c8f78b7f3679
SHA5129dbbb9a771530e9aecaf3f498b16e77fd76a14c27d467d446f9061146137a68071a8a0e603d6b1d30e5a136f8b66842259614a48109f2659c2fa0310bbee69a3
-
Filesize
3KB
MD5e1a14f76937314af2942f08e6dfd744d
SHA18ba64e9998e8ce2f3b5360d7af8bf5945ac9821c
SHA256ec9784343762b4244e8a4584e4f9a8357052854865e3bc9843cdf9966af28c54
SHA512abfcf53da3245dcc32bc24a1891781acae7b6bff1ebe71c4465eb2964960af40c43487d5050f334e2adc8735b45c1ec5ad334f34b90b1b0270c99af4b3eae76f
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
211B
MD5a61b1d6bab9061e0f4dd179fc94236ff
SHA17617c0bb7f565d9085ab9efe81752e17499bdc85
SHA256714bbff8c279e577171b7e811840e31b3603c511fcebebe54f9ee472056e6d57
SHA512903f85251908f7e35766c6dbc12a45241b04101c005c20a25ab0db708196276af1fd90f26bce2aa75e6fed9a5966c321f11d4dd81385a6e6d68bd95fc88862f8
-
Filesize
211B
MD5be33b4facad1722026ba117552c93259
SHA16117128d2a99256bec9329135aa8c92b70edd0fa
SHA2567cf048d20f2558f8638482d5c161843411a2704a7d4f2ab9258866d0e45baab1
SHA512b735848ae58649408082ea075a50ae3f6a06097cb4d2479e9cf23a3eb6fd420dd9c93947eadfc0ef930531bed1fbd30941ceb43c44c0dcee758794fe0510ed9b
-
Filesize
211B
MD5b6449d67ef190b16efb2b3829cebd991
SHA1be10c70daa7e6d26f77a6f661f7d5b8c8e83edaa
SHA256c9518d61e0e87f0356366e0669ce3e7d46dfc9cac26df55b27cfe896884ee009
SHA5124e78786c20b32cafff467eb3a74c11686a9484a37c40b56909f1adbf9c9609602c11a604b57e7b90b789d26c6e77379546603931bddabbff85c9a113a0f681de
-
Filesize
211B
MD5f75dc2803feabb4ff8313f37fe806fcc
SHA1e7e77429c8eede08e8428cf7b62ef651b42e62a7
SHA25615db59dd81ff1d9f4757d6f177e50735f6a67420f105b5b885d8d7cc1fd04299
SHA512f22a9d12e6265d4dd09c2d670b1462a0b2f1c60b1ed8d7db9279301132caf4ae8cbf25d5c9a3dd08a3947251ccf9c6a65c9ed53181efcfa9e7f88a27b614dd85
-
Filesize
211B
MD539375780781ac21c430e0ed55a609d89
SHA1904d6fc49af5296acc0f1e0af15a0bb79e04cbf4
SHA2562a26a0474664c785fab6eef61e097adcac9236501e142c5f0fe2f50991b1e22a
SHA512dd9a85e961f94bb141e289cf479ca24f8053850df828d50d56afc7445318182688ab2b0f2e9fa819ac0c3c1faf38a8462df6fc7d65a48cf6fa1dc52d5f5a24bd
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
419KB
MD579a065c31297de90bc2bb815074f31a5
SHA1f7127cb306b8a075702ff1740354db9a0056c1b7
SHA2560176fb741e1249497217a87ef8935fed9dda7f4c1fb209c627fbaa3151c8dd1f
SHA512e35d76109f1feae13f6e1afe333721cabdf7ad5e1d1f8eb7ddc70d44beb22ae5c0a28e898a45079e48ba82e18152e4566ac5fa242bb1a09b6532dc1bfa447dea
-
Filesize
419KB
MD55045763054a9de161dafe4a6e8829bd1
SHA1bc73dada50e9b6732596058decdd528211224df1
SHA256022bca96a3a13de626abe0c1a5fcf164196ece77a91bc74fe03b75cf19106a71
SHA5124bef5c54acfac3abb16660296fb09050ba86be0e88155c3cfb298c39e12ec4f1306ff1bf3d1bf0c8baa3ceb0b4587d36a4decee50c273d4561ff2c7b5592a421
-
Filesize
419KB
MD5b459cc04e1425fcddcfb55df9724c5db
SHA18441139f7a585a5b8a46808ef470eb0d03ea2315
SHA256c3f07888684384416d5bea9dcf76129e8d736d02d0b44b130c7945bb73ee3fab
SHA512723a285352277f9d730d1d29d3c36cd61d992cc424c154095a3d8ed6fb80df5789798b4acf559215e3aa9f8734622e1d64311f2722135c4a22e81db38e845bfc
-
Filesize
17KB
MD50b4713b1d52d35407d2ed9a01a3c14ba
SHA12b1f70c9741b6663d1001952f14808bb76f07a86
SHA256e2fbdb7d158e8c22e157bcadf2923f5b9de00765896eb4a725a512c7c60f7e73
SHA512ba8d2a95ed91e3e5d26008fdf01a382542c23ca125288fd03e346ffceaa81dac616cddacbf2fff1bf4b899b3b0764a77ba486ef8c74f2da075d7cdbb00020170
-
Filesize
18KB
MD5ac6e3028e19a0fb1d3b83265ac1d26fb
SHA177970c3ac440d8093a60cd1e19ef2e73195a7835
SHA256bc4a325806a9e32ad2c0fb6ed9f59c08ce7b39a799ac40efe8ebc19d89620d49
SHA512ee0235158a2485bbe204888989e4a13052cd59cf58def5a850ce17891772e53fc807a0533f96f29654826ad680c9e3c2dfd2c7143cd9518f8310448590668944
-
Filesize
36KB
MD5df4c4baaed93a82707d0704d1dbc7d6b
SHA1586d4275204928330f1f6e0af946e31a083f2c03
SHA256be21ef35fdbc0338e2a2bfa6a225027eaa1b1777df959bbd5ab1bb434a0223ff
SHA512105fcf2b47e5d6e4ed44a94f8566cc2af5b93ef7efb9b4118d61821f9e8f3cceb47e121ff9cc4a91c12fca163922fe006e459b2cd12d564c1ffdee0e46f0b4d4
-
Filesize
22KB
MD55b3601e6c679dbdfe81a5d050657bf0c
SHA1ff1b81ea5e5f3ccc8a1e15491f874eeb37e6731a
SHA2566a9b0998a19c7d03b3e00c745fd20c7734e18b04b474e3925a5842735902cfb3
SHA512dfe9bc048aa50539eb5078cf6fcc03fcaa1663e98307a0d3822a6e43b14df690364ebc14933eb394f2210bc2fccd7e1e8bc3262ea2ec14d475fc6dbd1a7f6e53
-
Filesize
26.8MB
MD50285948af417af0595b9156770a87737
SHA196b4345b39a4f16e468d25468952577f00ce8dcd
SHA2569f5e0500e99caf4fdf9a644b5d88c65ede611ab1d158e1421befe4bd83b0b465
SHA512b14de1701e85394bbdede5b4223f889f83c308df77e593979f5907c32da9553d2ed501359268f85c74675804d98f370b31556d60d000c53fbbbb77bddc0f63b5
-
Filesize
1.4MB
MD5898349c670416e28038f35bd972b39be
SHA152eafadbe3b3193e5586803251488aafb8ec6e83
SHA2568b9049fdf391c527b8598528a7b847adc19194fa6499c9919eab3811165f744c
SHA512028506d38db1eb803f50b621aff0b620388cf6b3a98c477c0cb1828e3f56a7cf0f7d463956dbe370221a9dd59a0e373033386b2c9bec2df520fd36953c1a1976
-
Filesize
19KB
MD507bb6cb0b3b93358037a18956e42c357
SHA198c0aab198a43b0d986bf7b5eb45c06a6937481e
SHA25613456c62a7c5d17eaabb88b994ec7bd31f678366f8c9f2b6a95e2fd37d048659
SHA5125bc55d5d80b0cfa50267e320dcb5e66dfc13f8dfb8de6afa1959e6e46135cfc71bb34542807094d0bc198d981b19f500f8f141c3879085ec9222cff2f843085a
-
Filesize
904B
MD59c0d9c70c44a2eb051a10d41d593a887
SHA100993e7f2e812a2f2c56c9883c80a8f2c416ff9f
SHA25671142407d01592e4f7450cf57675911ce6bef021ec0bd5a225d1d21e15ac42f7
SHA51273ec1a83a779bfc68fa855ca8e2d361e72f09ade56848a5d52ad16e9ca4fc12f981ad242e29b2cd95ed7750359594e868b6ce90cacd3fcea372b57a34c3537af
-
Filesize
469B
MD52ebbb40cc76e3de1643c4667744b6b47
SHA1e88a8cb7a75607286ddb38563f33533232bbfd42
SHA2563c76260db9495501feab06914a92db9403995eaff1424e5b2f82cb2685f0abeb
SHA5128c2288e58a19bb37313eb65cf94eb0b8367677b84123157e64e8165a18a7be7385b588ba7a97e33b736e5e71a2652ea81d5fc1c37b9d3c565d8538dcc6155c5f
-
Filesize
23KB
MD582c2267334ab33e769ca9021d6f9be74
SHA1e92796e67652081f1ec54b7411e99edde6e774ee
SHA256bbe6094dcf7ab03ee9a845dff05d5badd2b353c124e6fed5a9c2d3184718055c
SHA5129a13adf724b701e96aeeaffcbdbd32057e54df396af644db21a561d95a204a273b2f373d341515a762509069a12a60b0fe2543bd4123fc51b155077c9ee2395a
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
55KB
MD56c194c9c34efc24e102f1ab677c18390
SHA195e89078cdd7489fcbd3be450997896e16478d50
SHA25602f61fab03275ce0269facbcd6e052f56eeaff47849676410e6821ea271048a6
SHA512650667b9765aed4caf571991ed16572ff9a3f9de09e8818acd93f0121cfe195556aa53496127773aebba263ce36732eae05e648954273d6a8899d87384ed7af6
-
Filesize
55KB
MD5cb17105f8d9a136d9ba07e35ce24715e
SHA1bd63fef3a9f064a3d3300209cedfb23a19a10cd9
SHA256545b08da1e410aaf62f4a65e1752630ee5b122c52da72cc3b10776b1d5e58e52
SHA5125b279d9a1053bd1bee1d0b30e72c7da3fa73e7579d5300ae558ab059738fab3a6bee426ccf465bd96d7215117a724690c48bf9f95c666a18be39bbc169b54801
-
Filesize
55KB
MD54dfec05fc0161ebee6b53c782ca0befe
SHA1cdc0a0bcf4dafc466e34fdfc935e56346f7cd802
SHA256609ad0d2df64041d784c212d993546db746e6cf7a6d61814f0cf82d199911d5c
SHA512482ca6babb9a6620fd36dfe613be283e588134bba13b6013ad75584af84ae32f4ec7f209b2c26379a351dccc9ec29d973b50d62c7ec041bb7821a5d14fb22297
-
Filesize
55KB
MD546722ee37dad8f19c500fe368f5805cb
SHA15f763e520878e309fb6c10a034e3bbaf1d2a8b1d
SHA2569e801c69a96a98ebd9671ff33e61e0f47734e7fdf196f17d562316dada72206e
SHA512b1a297a64e68a291121280cec7d0fb6c13a8361f79ea5ca1b723767018de6b111d90d8ae60a781abae5ddff287be9635852a829df4288f4742ebf2905842fe32
-
Filesize
55KB
MD5d7dd33813582fb9bea017fa4b8e780fd
SHA1b2d3a61eca668f2d07890bd7d3d1e8c04a6bbfe1
SHA256778c75d27d22961558629ce25da754a68992fb56515fd721f4dc572c2a84b604
SHA5128ba7d36e210bc91639ef19668bb8c2e14512956683758dbfaf69e7690cc9de825e4ab788a9bd8f0a354b9d91e39df02a9b57fdf71c5d4f5f52d490ca41a5d977
-
Filesize
55KB
MD5ce7dd29ae4a1521cd4e7aae77784c25d
SHA1e0478f65d5e628294db045219e00ee4155cbdb02
SHA256c5721a8372a06c730970dd7121f5c2925d0a48ea9914d20a5a721e10df98342c
SHA5127a4e251ee28b1d5a6c048f2e1cd3aaadddcfc834766a2aa64abf519e335ca580bc76f0e0cd376837cc97fed4a30c99131608e7464ca113c6c4998deed0e51a64
-
Filesize
55KB
MD51b324624a26c1488361ce027ad2788d1
SHA1e41264bab92c71c2b95a1211f344485926ddf704
SHA256776aee495cdf9dd6df4149106f2956d9fd7eb8db0db2ea76c39637dc68fe0e9f
SHA512622f054e56ca9a0a71bca95ffe962e50f31c6cdefebd4ecca95584eebfd0d699d22949003ff3338382f4e20683084c3588bd65790602511a7890e972bf6dfefa
-
Filesize
55KB
MD536c75bf547a76e1c855446a22162229f
SHA1827dd1ea36637d65d309e4a04d7e4000a710aef5
SHA256ad6254295e130dd7bbc22f6c7a5d0d1b97bccd757984fba5076190016547258b
SHA5126b8a0bdbba77862575652d09692060ab32e4cd165225c93256f214ede3a747d9c3df1637055e4fc31dacd322624c66b61159bcceb466bee8e13743e46859ff1e
-
Filesize
55KB
MD59020cde32182e0e08381ea163d390a23
SHA1a48fe9fc225000b7492b8c9e786d089bbc261e64
SHA256201bda65aa0bfbd3cb8581a039571452f7320550cc1f50431b1e60114c3089cd
SHA512155d0805b369ba1e27d40ca0de8c78b20037e96b0d89a87315c26fd550b20afaf7e7344b3f6996a82b28c6c3ea10d612a24235fffd383fb8cbbdadce92d2d651
-
Filesize
49KB
MD52de0beff4c75200e8c453266bdbefe02
SHA1cab26ecd091aaeb4990a593c5d984093d4d03a05
SHA256a6d0f198d1c5d4431f820e5b0fc2775c4ec7d7fc9b037d2ff5dbae7d97a85544
SHA512c33fe40c35b9f7170ae45af67928e9ed4204e15d2adcdedada7b9239ee45e17473e2098fa2840473a8cc45e471c4e6e3cf21e2809c9e8d0eaa3884050572d600
-
Filesize
54KB
MD5612dc1d15562002c3b28691399045b60
SHA1047fc090a6ed570c2adbc9e8681e4e3d5486a31c
SHA256008bc412270cbe3fcaf2795856c8506914d16765c0e75d1f863f327b7d8fccee
SHA5127bd219036c796f783da9e3079fc596c32fc64b5eca55a5efcafe0a94144c9bd8affe605d3c9bfa4d040b570656023daf18b19483194b09579f135eed9aaaa4de
-
Filesize
55KB
MD5be83d03619cb5dde0c07788e9b14c451
SHA1d5bff7d20346d716e6c723a133c9f9127f2f8075
SHA25632931805dc35c24410d8be1888de49d08711d026c5e96f34a36d78b2837d4d96
SHA51279392e8b01e5fa69a57d04e9d83c2db1c16a39e35435a587157345080c114b212d1b81e6937e5a5ae24710f78dd66515f2e49b6e40ff747d93e01a2983a22750
-
Filesize
40KB
MD5721e3001b43f5a738a0396061f027d9e
SHA1f2ca39bf84e03965b1b69eee6b54bb29670c6eb3
SHA25671467476f9ff0f2f985af5547c00049a961df708e89cb7a50b670a69e6cfd8d6
SHA512fa3ff7250a9ff30f34d4ad6d060f2516baef14038b90988f581e40efd21603c0b764e79f2b5d4ba60e5cbdb1e692c49fcdd6cd6d13dc03068bc9a0852a3a6123
-
Filesize
55KB
MD585d208831031b9c17e105ad6c8e3c9b9
SHA1fdf4314a7809aab25cd08d24d5e83aaa3507eb0a
SHA2560efe076c62d12cd7168a99dea9117df811f44db109f9f30551bd1a050b7dbb06
SHA512fa85fe8b112f7c880e8ccceb2d41713fabeb15ebf1fb2e5a1f44947fe11d266d174f56323c6c85691014ab3cc9a6ee2c952f88f2fb126b5b25002c100976cb0a
-
Filesize
392B
MD5ae4a39885c736721e9ed752397b2c0b7
SHA1ad51ebc3fe5c08750899354030e7641a882025bf
SHA256d268ae675c5ffe9769c856786b9c6c9dc6a0a2cc8094efd6b3a76992fb8d6753
SHA512d3227033055995afd99d82311162646bd614b7bc2daddc64f3a91c536b1b97363eed687aa16c440c06af8963114b99800d32a8a37769c78874735163fa7c4c34
-
Filesize
392B
MD521a23ea3e83c5848891de9bd0b369a13
SHA13d13e4c25f83d492efcccdbe72805d01292f7a95
SHA25648a827599d98ff1d2203d0618f645c60be832790291ebb4a5cca95aa22710032
SHA51262134fae9e1d25a32517027a6f8fdeab3268372562ce7b6596040f06d4dea81fb228e6f19a4bf378630b057b3d23c1ff0318690500c3090af86501b687f52853
-
Filesize
392B
MD547b6a5c2f6e8cfbe6a6d5c505c02aa3f
SHA1983f4a44b9614bc213f0f82784559293520055d6
SHA25609b4121cdbc3245113b8277108486263cf8415208dd0807e411dce82ec06e39f
SHA5120242de637874e5832dd4a2a3e700c390a08cfca2034b4a3c394f15d788485172cfa2138da37d61cd221cb578357f8705dadf4eaee823aa26dd22159586682a8e
-
Filesize
392B
MD533fe8b0a1daeec48e1319f343b73aa4c
SHA15efb54b744766dd751d93eef569d63df6b3fb239
SHA256422351fcd1b41adde3485cbd2c51efc57227ac73dba9f5c0aa2a97281ae03789
SHA512bfe1ceedbd0560496beebfcb5bff796a53fa494946e32a89430e000b7dd1163e45fa8122b7c91683571b806f94cdd848677486d307a3e9f2c7ad26513aa9f381
-
Filesize
392B
MD53a808f207bfa31a12d565d7e20a6b529
SHA1e991905dea0c1f4991d54285f5436ba987411fa2
SHA256eddb464b271a2869db51b4637e16c870a8cf1d294d0098a5156aa068008807f6
SHA51293516caa367abd9c3a3bb9b119f852891abbb79c42ebec2f01406680b10d6755bef73b5dbf85ca108c70886a32fbf0170a8e63841fd1aa8839130c5a09c4db66
-
Filesize
392B
MD5a34109dade9c9dd17ad39b3d678c9e29
SHA167590ea87086e0e05761bad6297d09bab3a71a35
SHA256525287c845de220cf5f42f7849de0bc2a923285d3a05e782a0d8f71c16889eba
SHA51229e3b2df90d0fef8b21e50e38d3ff3537058ffcb22881e117eeccd054a258437ce39389cbdab3cb2f4d53196340ad2b61b64f972848771299c33c8d1540661e9
-
Filesize
392B
MD57a9813c106ea7adeddeed04f0bec975b
SHA17cecd9deecb78103c2a282ac8a372c5123854500
SHA2562af8dd2ca87ed50fac81c3869a75481d0b04c02c2fe8b570219f270613c3acbd
SHA5128e8857f029f110ac04f5e26bf450219b3fd342147d4415f4af15388fcd91c6fdefc01d4cd72fd127b03c6f7040b1642c38d217ed4b476b9b12c15beae677104d
-
Filesize
392B
MD57478048e59c7f63852edec91435ffe87
SHA1146eabc6474cb413474989af2d260ce753fc38eb
SHA256834f9dd4b48108c868a25ee1b7b43203433095b504e54619998bc49764f305b4
SHA512a2a4ce98b3dde1a061dd6d4ac829ca0571c84a441c6a1018a31132d3788671e5d096df3bfaeaa5ab78235b6c5349ca6571c65c5719509288c904d3dde319cdaa
-
Filesize
392B
MD5a43c225ba543929b40548bf68b96d793
SHA1dae27c6a36a11da1ce88f85a38a6efce553de40f
SHA2566e8a172f93050801f87430668f50d0f8f1aeec7cba7816ebdbc748be5988f875
SHA512169ad00cd2b6bcb4b154f5083a64845b4c568b80b3503d969d7f41c49600b0712fbdbd7e8e5b5565f1f06eea506874ceb5301569ecbec03e035fe054a676a364
-
Filesize
392B
MD5d223b43f1060c8d7c37b9b5b40778353
SHA1d271aaa3408afa3c94d5cae54214258f129809b8
SHA256304f99efc964e9a8751fc05ab3014bfe02840424ac463a7fbe0b7f3f69b48cb3
SHA5120fd160202487fbe4932f0ce49fdb757e46c8ea9c44cf47555051bd69389815ca2ee5f08dcc31b5a59b1f970cd3b34b9b29a1d798a43a6ed69a4f38416585ce37
-
Filesize
392B
MD50895b691bd1083531452acea4268c8e8
SHA1067a329580c38b0ad16b0cf6641bf3d09e6f77ce
SHA256488acfd3a762ceddd11ee8d7cab743f35141f3cc615155bc45d4143b62e6c4c6
SHA51230500d125d20114ccc170600920b0675216efc019ef34ae2682e7e3733cd19066a3419e3a5b95e29bbbfef375ec4968aa7b9820c5fe26df14f0ec2f05f7eee79
-
Filesize
392B
MD5a8f6eb6893124de571bcdff53f8e3bc1
SHA1450f5a7b6286e716270ade570120ebbda558f375
SHA256969e19fd0658ff7289a4b57e71281b4709c2a0ac7574c363f25c50984ef95efd
SHA5126fe5322445894d33d63ef6bd64fdcfdbcfd2c4f17c812ee47065fcb612d027e4d1a1e32850b41b26b0b0087d028995025585790af1bbfd944d546159ad0ced8f
-
Filesize
392B
MD533069164a89726bc30b52fdcffc95b9f
SHA105f9a34b5b08e232434ff6807e9826bb8c9b3f78
SHA256434daf39fca0fd43a7c2daaf64e27fd9018888bcc0c933bd3402eff653d528e5
SHA512e1c0141680e25669ab61ddc6e3f7bd4faf65302135123c6336a0c9e0abfda53f92297326be7686b75a8e9d4be565f3e3392960b58693754127d18971fba57d96
-
Filesize
392B
MD57cf33ab80e96d399216278752a65bbc2
SHA1fe6669bc1fca0af80bc3a32c84c59b2bd6d03ef7
SHA25610113c402fa5794a2ef2e995fd718f2a5a6cfdb1a114a1bcf9e4fd711a41116b
SHA5129836cc202822e3d502532889d020ff1a1dc1cef1367990718fe00bc877b4c5ecae3aaa3ef5e2316b7f50f7fce36aabe7c8a160f4deb6841901b566a403daff42
-
Filesize
392B
MD512990be8398f3b8576e07d06d4755998
SHA11949cf0eb330a4fb42143029570202263d572fe7
SHA25693544a61a9439cca06900773a8c143034368fe385c910043ac1e751c466e86c7
SHA512020c956f3ee393cbe4ba3d65348bec4ce51b4834752c9116e7dfafc5fd15022e4ac9835865a48ca64f7033bf18359976a1e1c144e493d1916395a14525db8773
-
Filesize
392B
MD5b00d42f8234c02a0f368c32d52e6664e
SHA18b1f254c2d9143a04d90edfb07acbd040405679d
SHA25688ec2909f45a05d264af1727d7cf3f6d76792078ffab15f794d5a2c7322eb42a
SHA5120fc4994d233b453421959ac379fb27f40b57658f76e5933184992e4378ffb5b38ebc2981c8a33e2c378a87f001586fc967f973d0102aec1b0bc749285be7b0b9
-
Filesize
392B
MD5c6dcf9bf3ecf24aef3552eda2e2ff792
SHA1b8efb68f5a50808b5f29d3567e35d5a8c046982e
SHA256cc88b29c1d4dfc48e4c2250478ac8fa1949181b06577a914d871c8bc84bfe2e4
SHA5126d78bc8ae6e3ef46837a71eda2c8f4e17e423878c83f5b274c44adb826a2151ca42875fd3c77fc5b5f39eb13ba8e4fa3e65aeb4b125873b530de91a4a3ff721d
-
Filesize
572KB
MD5f5f5b37fd514776f455864502c852773
SHA18d5ed434173fd77feb33cb6cb0fad5e2388d97c6
SHA2562778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e
SHA512b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6
-
Filesize
2KB
MD588062d4cd29e11e73d619463ac22d431
SHA136521934b61c40e4fa4043a47ff41f1e60148b54
SHA256a2614220f1787585201c691ba36c7b3b6fee5bdcde89fd938c1021ea39899af5
SHA5123234e3f00241b6eec9b3a29a06dd7b1a7ba829c9396eba276ba50fa491bc03b93a048c2bb0f9346f21bc6a504557f889a937fa643db980b3822dd9b04db23006
-
Filesize
104KB
MD529938d9e2f27e281dd8545ad364e6fa8
SHA125aa113097aa11e13442b7c8893631d7f5fe2f06
SHA25649c0650616eadfa63394558cd1d3ed9f64918d5ed38ab3ef32ad0249283df0ef
SHA5126dadd004471554a160528b509bc2b3382d535e9b06208de22ad4d1079cece9a3f9948ed005730195f1a40f973017ab0c3312bcb2de16dc7dcc199c741e082672
-
Filesize
157KB
MD583695e8cf6c2c3daf622d1cdcfe3f6f7
SHA126c34a54f6e0fe38d55373dd0b4f328839773a74
SHA256c87e5168bb5a6268c7530bb826b9d88b137516825862e1b24cac1ba31247a91a
SHA51207634692b232ba651680b525b38e8489f0f3307cd67256dbab69fa5f91945728afcec62a47f017a5a2f18e411ab1b7de444c5591df487d00c006f959d7ceb6e1
-
Filesize
280B
MD565e747828aa48932dc14c220c47d4723
SHA10fe27cf0d735e7a285926e11dc4ffca22dde10ae
SHA256226b2929b9f5d0772460c683ddbea58f5a08a954bd9644a02d271474c03e8193
SHA512b642fbe86bbc16df22b2b7fa43f003796f102122a233d02c796c457d0828d01dcea45bbd07ba0f60d73be69cefa3b0c097be189eb6e538a4b507684d0a82c4bb
-
Filesize
48B
MD59a877a36b2dba2279feedfc186e2800d
SHA1b846ea41178e907d73e06c26f50b05d3b878cf24
SHA2562c583dbdff09265722f597614e7cfd40c31beb813a57dc969780340834c1a174
SHA5129c95240757dc59daf770b26cc10bb4e3a587ce5d4869f190d1e15f5ca815fb5df365f1f678bf85ca4cf9607957390a35f2be302eb53eb13de6454599771af44e
-
Filesize
168B
MD5ca10e755cf74277399c33889819560b7
SHA171cfe3cc5be1a686f7ac2a5d8cbd40f9cf6ebe53
SHA25614f7a2af04dae83a09418edeb1a8ad6fcb6c5f12ba1c88ad3ec765de7b84056b
SHA5125017c54e38a4f2b8fb9ba9cffce6ec309329ceae50c98b8613e94a2ce4cdfc884cd32e1f4ffdf719404dc679ccfdc9d76f58fb53a9be43c0fd5462c1eeb6556b
-
Filesize
1KB
MD53ffead95b7c5aebf6131ebacad4e63dc
SHA11decdab54bd85831681d6f7d9d191b319abb65ab
SHA256378d822438b4c798efa6892d0e74c5d4333b22548cf591a07acac553909075fa
SHA5127ab2b0ca244898b7b45bb21eb7109382659257ce950baddbc12076a6b6e751199e5c48a4287ae2103f06b3b4b8fe80ab673811fefd269f2fcddda42d8cf88eca
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
6KB
MD5dedc021cc350af52a9b72ba4bb18af47
SHA10c6b6570a8b75798788890a58e351ad4bb7ba2ad
SHA256d4bc8cc3e334b95086320d0f6e773339d1e61ec89f51678640704f98c3a3e6c7
SHA512b793f2a9d3249157472c80dbbc88d10a9cc1a546efe65aae2c31e0cad5c3102254e744340f13de360f7e38750c167fe89d41a9f1fae3024481d50f303255f894
-
Filesize
6KB
MD5b765739a32befa678f7eb3202a7dd9d1
SHA17b69ea82909a8fdf3820a93ec80c8f69d490741c
SHA2569f5f2191003c5732936ad6d4040a6eafc9f66c6c230f6b7e0e1ef44ba3188e3b
SHA51262c3dbfac1c3c4f3ebff7f436f43b303eb6c4945a234df4d85c2ececc8e7106f87da0e3ed18f3257124d8f6c0e08dad8c86a82d81563e286c1e57ca0e4ca9133
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
44KB
MD547bd4c3fa09a0e4ed9f4bcce7e6401e3
SHA106a22de951ac44f328da24ca3a74e6675591abb9
SHA256766eb65a78ddbd916f3830d34bfffe430b3d08f5cc52455a6f9b23fdb523ba0c
SHA5129db9841bc4c5764014343b1b32f1e7fa31aa699f719a72743ad76943221bce32d58e89e9860a6e698f65a250d5af73b239e32518909453ae80cf838014548328
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
4.0MB
MD52e16e398458d2492a87472fcf9482ff1
SHA1f310d35a78b2c3e6d4ebd4dd5c94ea31494e1d34
SHA256ee3662f838618255daff99e25edfb4ac1458e2d50ca9eff19df2d41f0ebe282f
SHA51292c06585771aa189c877d6f20e32efefed23ecfcbf4f4148f23f963c1baba6a5af29333e120e1ce8d34f6466f7f578e3152ec63415f09c4124aed60d95e9498f
-
Filesize
2KB
MD591827171c8f4a76877c7bf5dd50c1de8
SHA1be6d5495f7e0135bbcb675c0627d8b3369ef2a27
SHA2566fb569297501e75b8b4e700c412249420ffbb32d97d2b87b2ab22782ad97d154
SHA512a343b25bb0f181d6270147280b66c203d40fb59f7d867b8693cd0fa62fbaf77a2f2858d45afb7b623732d4d6a4ef9f47ac04be4c1f7553b28a87b125c132941b
-
Filesize
16KB
MD55731bab52e77a779bd208f74729b31ea
SHA169dfee862f5566773c15dac001d9b3530f813fa1
SHA2568e4cd0e66ae4de017dce0498eb6afd54db644ee27fa4e5281ecf90993b0160d3
SHA512b141523143c0fe9cfefa39b0d8e4d2e2b3284a5bef855f2e1fa94178f60268e292cb51342e884bb70c474dc523a31c9e80323319dc830d321095d59af4bee4fd
-
Filesize
3KB
MD5f5f0b35f47d4adfb54a5f586bd13d53d
SHA188bed3cdcc1a6d5b63fbefc6a09acb757d2e7291
SHA256be3a37e6f1ce8617203ef3f2f8c2ad41ad0e1eb797dde85f1389323e4d4d4517
SHA5124e3e64c0f8b2b32eca4616c8e01ddd269ed9dd4172d5eeaa8ecf08d03d2c6dc49c453f0daab4b5674f3f99fd0e95386f22d0831966e14605be10dd34b16f272a
-
Filesize
1KB
MD5d2800d7df14092621cd5adff354b2fce
SHA197237507698073352307b7879daf52830e4b7620
SHA2566650570b95407f8ada1c043a0757f874b782668fb2ad7d895082a20f0d0a75eb
SHA5127b2dc0f381509c8bdea0771d80dfc483e7b7adc7a996bc26b459dec5eaa699d18f21046a1eeb28809c31f253a55734b0059d0ce46330c81be245fcbac9415848
-
Filesize
1KB
MD539b1f54f99127cc09857956f8741f14d
SHA11cfc2e31a887626a0d2c0a068c136739fe3ccc5a
SHA256214c6f5ddb14a37739b0812b99018d0f5acfd9aa46c0852543e2de7e9e87ba63
SHA512a8178b84f31a3fd4948791c4e78dc2bc0a629994b7171068475cd1d4fa87c0b61ec27b4e1066420e5740db26cda55d9ac2f49e34127844044ecbd0bb6e638e45
-
Filesize
49KB
MD5266373fadd81120baeae3504e1654a5a
SHA11a66e205c7b0ba5cd235f35c0f2ea5f52fdea249
SHA2560798779dc944ba73c5a9ce4b8781d79f5dd7b5f49e4e8ef75020de665bad8ccb
SHA51212da48e8770dc511685fb5d843f73ef6b7e6747af021f4ba87494bba0ec341a6d7d3704f2501e2ad26822675e83fd2877467342aacdb2fd718e526dafd10506b
-
Filesize
143KB
MD58b1c352450e480d9320fce5e6f2c8713
SHA1d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a
SHA2562c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e
SHA5122d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc
-
Filesize
997KB
MD53f8f18c9c732151dcdd8e1d8fe655896
SHA1222cc49201aa06313d4d35a62c5d494af49d1a56
SHA256709936902951fb684d0a03a561fb7fd41c5e6f81ecd60d326809db66eb659331
SHA512398a83f030824011f102dbcf9b25d3ff7527c489df149e9acdb492602941409cf551d16f6f03c01bc6f63a2e94645ed1f36610bdaffc7891299a8d9f89c511f7
-
Filesize
391KB
MD566996a076065ebdcdac85ff9637ceae0
SHA14a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA25616ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c
-
Filesize
73KB
MD581e5c8596a7e4e98117f5c5143293020
SHA145b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA2567d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA51205b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6
-
Filesize
40KB
MD548c00a7493b28139cbf197ccc8d1f9ed
SHA1a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830
-
Filesize
160KB
MD5237e13b95ab37d0141cf0bc585b8db94
SHA1102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA5129d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb
-
Filesize
60KB
MD5a334bbf5f5a19b3bdb5b7f1703363981
SHA16cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA5121fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46
-
Filesize
64KB
MD57c5aefb11e797129c9e90f279fbdf71b
SHA1cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a
-
Filesize
60KB
MD54fbbaac42cf2ecb83543f262973d07c0
SHA1ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA2566550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA5124146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e
-
Filesize
36KB
MD5b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA2568414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA5122c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4
-
Filesize
60KB
MD59fafb9d0591f2be4c2a846f63d82d301
SHA11df97aa4f3722b6695eac457e207a76a6b7457be
SHA256e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a
-
Filesize
268KB
MD55c91bf20fe3594b81052d131db798575
SHA1eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6
-
Filesize
28KB
MD50cbf0f4c9e54d12d34cd1a772ba799e1
SHA140e55eb54394d17d2d11ca0089b84e97c19634a7
SHA2566b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5
-
Filesize
8KB
MD5466d35e6a22924dd846a043bc7dd94b8
SHA135e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA51223b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247
-
Filesize
2KB
MD5e4a499b9e1fe33991dbcfb4e926c8821
SHA1951d4750b05ea6a63951a7667566467d01cb2d42
SHA25649e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a
-
Filesize
28KB
MD5f1656b80eaae5e5201dcbfbcd3523691
SHA16f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA2563f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003
-
Filesize
13KB
MD57070b77ed401307d2e9a0f8eaaaa543b
SHA1975d161ded55a339f6d0156647806d817069124d
SHA256225d227abbd45bf54d01dfc9fa6e54208bf5ae452a32cc75b15d86456a669712
SHA5121c2257c9f99cf7f794b30c87ed42e84a23418a74bd86d12795b5175439706417200b0e09e8214c6670ecd22bcbe615fcaa23a218f4ca822f3715116324ad8552
-
Filesize
7KB
MD5b127d9187c6dbb1b948053c7c9a6811f
SHA1b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA51288e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476
-
Filesize
52KB
MD5316999655fef30c52c3854751c663996
SHA1a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA5125555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44
-
Filesize
76KB
MD5e7cd26405293ee866fefdd715fc8b5e5
SHA16326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA5121114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999
-
Filesize
552KB
MD5497fd4a8f5c4fcdaaac1f761a92a366a
SHA181617006e93f8a171b2c47581c1d67fac463dc93
SHA25691cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA51273d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25
-
Filesize
2KB
MD57210d5407a2d2f52e851604666403024
SHA1242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA5121755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68
-
Filesize
4KB
MD54be7661c89897eaa9b28dae290c3922f
SHA14c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA5122035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f
-
Filesize
29KB
MD5c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA14567ea5044a3cef9cb803210a70866d83535ed31
SHA25638ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e
-
Filesize
1.2MB
MD5ed98e67fa8cc190aad0757cd620e6b77
SHA10317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0
-
Filesize
11KB
MD580d09149ca264c93e7d810aac6411d1d
SHA196e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA5128813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9
-
Filesize
2KB
MD50a250bb34cfa851e3dd1804251c93f25
SHA1c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA25685189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA5128e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795
-
Filesize
40KB
MD51587bf2e99abeeae856f33bf98d3512e
SHA1aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA51243161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a
-
Filesize
161B
MD5ea7df060b402326b4305241f21f39736
SHA17d58fb4c58e0edb2ddceef4d21581ff9d512fdc2
SHA256e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793
SHA5123147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0
-
Filesize
46B
MD5f80e36cd406022944558d8a099db0fa7
SHA1fd7e93ca529ed760ff86278fbfa5ba0496e581ce
SHA2567b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7
SHA512436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2
-
Filesize
66KB
MD50bb1be1cee6bc878acbb41b1af7cfc88
SHA1e8769d43088d5800bc169455077329bb8cf973b7
SHA256166960f92a85a33207dad124fea1938740a82809c05dd449fd19f39c2c029038
SHA51291a7c4f634ff2becf934fa04fcaf8e0f27173394428dd08b90050cc0685f1fc403234c09cf3b20308a91e952f2023875ff2fd9d6386c783eb966ec5a71931056
-
Filesize
6KB
MD59dc5bf6e4b2cad053d12ad24260d9327
SHA184b7d911b8d8002ff95edb523d108038b6ea3bf0
SHA256efb22f0b990c4ed4a8d36868c7d9d3793b61f0728343306caeae0ae5f0751447
SHA51225c3b183d96ee5ef9f5fe35ce898e718baf894dcb0a82049dde59b0779a7ede88907f1d1f44ff155cb1ea178c296aaf36975341679f7289920e615d4c01844f9
-
Filesize
822B
MD512ca16a9c8707b7f0a257e6cabbbea3a
SHA1a0b81eb518de7eb4ee4f3ded01fdf781151ff874
SHA256624677996b347cd36593d4a1107b265c903268086f2f548b50c0f329fd649a33
SHA51270c595f65be3bd9d9d2f44b5240b3bf8f9e7b923c59fdf8f07dd3f89bd8731a9cb9abab2fe899b5aac1e402ec33c782974c9554584c088de9e051f99b21c9c78
-
Filesize
822B
MD54ac29de505cfb25bbb88d190ad379d82
SHA1582b2a54ce52a950614ee7dc444e5d1b4c532e54
SHA25693a93ec1f9af7118b2fb05a1abc420781130e5663b92536a23ec6a4b172a0843
SHA512fbfd193b678c5c2fc8a1a1d17dddf832d6aee35ab3f01ddb9f44eb48ce8125cd4efde9f7816161133ec13d477a3aaae842d8ea8ffbd97653eb5bfc96fbe204b6
-
Filesize
3.3MB
MD585d3301503d6b60863e1d97cdacffcc7
SHA1c2c3dabf12bcf035c5cfcf2e2388dec25bbc4548
SHA256d71173d34240f99beda46959dbd5c6a1250bcc851d031e6954ce6040dbd4560e
SHA512045dec8742d82b6db29ca80a1912ca7732d53696c3fadf82db7b4a16b76deeeca9970d704e00ea9e90ce6122c130f2d79b366b3e69a1f46501dffd920e21dc23
-
Filesize
8KB
MD5ac034103aa9dc2906cf08c3bcd437057
SHA111b034db0e6812ea1f2e2b7f3962bb6561f64280
SHA256751b53a4dd30646a3af0a721ddf200486ca1e6851751ab2b5bbad3b804db2edd
SHA51279c956812774748a4c3ed807d59ae0f08aa0c64bb42f15503ae16f037b8ad292efd1fc38e92e2b081f1d164882fba04f26e6b2408f6a9c9c29dd2ab4b3c46282
-
Filesize
10KB
MD5998d27c03788fba3e04a7f4c9d5e58f4
SHA13f9e2525cba814d28d730f2429b34eb79f0dd6d3
SHA256881c7b41eacf2e91cc3e1b5edb1ecdb13b5a6860d1c2f63c16a5503372e803ee
SHA5128f1e95e86bd670801b9160d79d1dcda30034028065fe7f0d71605d65b981bdda97716e8575874bbff02d8a6f3fcdebc32ed39d552f3cf6e58c85b03aa5bd57de
-
Filesize
6.4MB
MD5fba93d8d029e85e0cde3759b7903cee2
SHA1525b1aa549188f4565c75ab69e51f927204ca384
SHA25666f62408dfce7c4a5718d2759f1d35721ca22077398850277d16e1fca87fe764
SHA5127c1441b2e804e925eb5a03e97db620117d3ad4f6981dc020e4e7df4bfc4bd6e414fa3b0ce764481a2cef07eebb2baa87407355bfbe88fab96397d82bd441e6a2
-
Filesize
14KB
MD548ac397b96a30da6d67ffcf5b555e69c
SHA16b509435d7ab375d40231081417a340910da513c
SHA256b6dc96d48ee73fda299a8f8dac2335ed4bf710f5166ce093aa8734256a205569
SHA5124dd6ca7a18b7dceac16a8cec892f658a2389efe3b6a936ac9bf26f20a99a7a65d76dec1a412988e9a5be59276a7f7c0bca08583a474c8a9609799a4bab4ed5f2
-
Filesize
381KB
MD535a27d088cd5be278629fae37d464182
SHA1d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA2564a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
-
Filesize
3.1MB
MD5924dcdda1023e0b5ab770719b2e07235
SHA12c5aad77a9d50060021553c2d59427d04c5eadb4
SHA25632d915fb8d356823d5b6e0fa3265a8f5b47d7501ff7d15f160c040bd9ca20245
SHA512935eb3e7d00a90bb9a58a38f3533363f717193b752e99b221091915f48dd50abe4d9954fba5853b6dadf173bce864a97213a52f2e8c5f829d7f47462cc9c6bae
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
4KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
3.4MB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
5.3MB
-
Filesize
5.3MB
-
Filesize
3.4MB
-
Filesize
5.2MB
-
Filesize
168KB
-
Filesize
5.3MB
-
Filesize
5.3MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
1.1MB
-
Filesize
4KB
-
Filesize
7.1MB
-
Filesize
740KB
-
Filesize
5.3MB
-
Filesize
7.1MB
-
Filesize
5.3MB
-
Filesize
5.1MB
-
Filesize
7.3MB
-
Filesize
5.1MB
-
Filesize
5.3MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
596KB
-
Filesize
6.1MB
-
Filesize
7.3MB
-
Filesize
164KB
-
Filesize
52.8MB
-
Filesize
6.1MB
-
Filesize
164KB
-
Filesize
596KB
-
Filesize
664KB
-
Filesize
664KB
-
Filesize
740KB
-
Filesize
7.3MB
-
Filesize
52.8MB
-
Filesize
740KB
-
Filesize
5.1MB
-
Filesize
7.1MB
-
Filesize
5.1MB
-
Filesize
5.3MB
-
Filesize
5.3MB
-
Filesize
7.1MB
