Analysis
-
max time kernel
644s -
max time network
659s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
01/04/2025, 12:09
Errors
General
-
Target
https://tria.ge/241222-2p3c6a1pen
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 4 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file 2 IoCs
-
Drops file in Drivers directory 4 IoCs
-
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Possible privilege escalation attempt 64 IoCs
-
Checks BIOS information in registry 2 TTPs 10 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 12 IoCs
-
Loads dropped DLL 36 IoCs
-
Modifies file permissions 1 TTPs 64 IoCs
-
System Binary Proxy Execution: Rundll32 1 TTPs 1 IoCs
Abuse Rundll32 to proxy execution of malicious code.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs
-
Power Settings 1 TTPs 6 IoCs
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory 3 IoCs
-
Drops file in Program Files directory 4 IoCs
-
Drops file in Windows directory 64 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Access Token Manipulation: Create Process with Token 1 TTPs 8 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
-
Program crash 6 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 16 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Checks SCSI registry key(s) 3 TTPs 58 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 14 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies Control Panel 7 IoCs
-
Modifies Internet Explorer settings 1 TTPs 14 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 7 IoCs
-
Suspicious behavior: AddClipboardFormatListener 7 IoCs
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 43 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://tria.ge/241222-2p3c6a1pen1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x214,0x2b0,0x7ffce9c7f208,0x7ffce9c7f214,0x7ffce9c7f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1836,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:112⤵
- Blocklisted process makes network request
- Downloads MZ/PE file
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2292,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2216,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=2368 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4128,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4112,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4196,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4368,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=3624,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5468,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=3444 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3600,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3528,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5976,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11443⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6252 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6284,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6612,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6348,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4312,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6960,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=7460 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6600,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=7460 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7200,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7216,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5084,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5072,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=7160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6236,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=4208 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=3984,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6448,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4240,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=3768 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=6456,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6356,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:142⤵
- NTFS ADS
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7648,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=7252 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=7092,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=7580 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=4552,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=4540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7696,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=7688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7988,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=7996 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=7936,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6592,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=8152 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
-
-
C:\Users\Admin\Downloads\winrar-x64-711.exe"C:\Users\Admin\Downloads\winrar-x64-711.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=8152 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7932,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=9100 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8456,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=8844,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:102⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6976,i,2183903439682727239,15691102067731246175,262144 --variations-seed-version --mojo-platform-channel-handle=8988 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\406d872f7a114c8ba2b60869da4514cd /t 4304 /p 60001⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_bonzify.zip\Bonzify.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_bonzify.zip\Bonzify.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\KillAgent.bat"2⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im AgentSvr.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\takeown.exetakeown /r /d y /f C:\Windows\MsAgent3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls C:\Windows\MsAgent /c /t /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentCtl.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDPv.dll"3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\mslwvtts.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentDP2.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentMPx.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentSR.dll"3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Windows\msagent\AgentPsh.dll"3⤵
- Loads dropped DLL
- Modifies registry class
-
-
C:\Windows\msagent\AgentSvr.exe"C:\Windows\msagent\AgentSvr.exe" /regserver3⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..kgroundtransferhost_31bf3856ad364e35_10.0.22000.1_none_e4c8388cb4892f1c\BackgroundTransferHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..pture-wmiv2provider_31bf3856ad364e35_10.0.22000.1_none_3ad96689f86d60ce\NetEvtFwdr.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe"3⤵
- Possible privilege escalation attempt
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\f\NarratorQuickStart.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\NarratorQuickStart.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.22000.120_none_8faca973dc064b74\r\NarratorQuickStart.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\INSTALLER.exeINSTALLER.exe /q2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tv_enua.dll3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s C:\Windows\lhsp\tv\tvenuax.dll3⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\grpconv.exegrpconv.exe -o3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-n..setup-compatibility_31bf3856ad364e35_10.0.22000.1_none_c665d8078332dab6\NetCfgNotifyObjectHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\f\Narrator.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\Narrator.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-narrator_31bf3856ad364e35_10.0.22000.100_none_b998a9a728d6401f\r\Narrator.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nbtstat_31bf3856ad364e35_10.0.22000.1_none_f4542218232805ca\nbtstat.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\f\NcsiUwpApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\NcsiUwpApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-ncsiuwpapp.appxmain_31bf3856ad364e35_10.0.22000.120_none_eb1a21d23daf2030\r\NcsiUwpApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-ndkperf-setup_31bf3856ad364e35_10.0.22000.1_none_408919e06a3c4182\NDKPerfCmd.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-ndkping-setup_31bf3856ad364e35_10.0.22000.1_none_0ea3b62aa1979b9b\NDKPing.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_a875ef267740234b\net.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.1_none_dd1f9117595c3dbe\net1.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\f\net1.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\net1.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_10.0.22000.434_none_823a5b3dd9c522d8\r\net1.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe"3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-netbt_31bf3856ad364e35_10.0.22000.1_none_b6a86607fc0d3ad5\netbtugc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-netcfg_31bf3856ad364e35_10.0.22000.1_none_6672795e56429a85\netcfg.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-netplwiz-exe_31bf3856ad364e35_10.0.22000.1_none_439a526c152afc8c\Netplwiz.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-netsh_31bf3856ad364e35_10.0.22000.1_none_b5e493e3fca1e5c2\netsh.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkbridge_31bf3856ad364e35_10.0.22000.1_none_5e2d8e810adeac97\bridgeunattend.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-networkux-legacyux_31bf3856ad364e35_10.0.22000.1_none_73c734e8920ab338\LegacyNetUXHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\ndadmin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-newdev_31bf3856ad364e35_10.0.22000.1_none_67b9e8fa55722b23\newdev.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\nfsadmin.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\rpcinfo.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_10.0.22000.1_none_0af1ba5c97d13826\showmount.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\mount.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_10.0.22000.1_none_a7a700c8f53b4106\umount.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\f\nfsclnt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\nfsclnt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.282_none_a808d085c7f06d67\r\nfsclnt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\f\nfsclnt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\nfsclnt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_10.0.22000.348_none_a83a13d7c7ca92d4\r\nfsclnt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe"3⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-notepad_31bf3856ad364e35_10.0.22000.1_none_c55e2b2174c8cee3\notepad.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-nslookup_31bf3856ad364e35_10.0.22000.1_none_21c411966b3ba1f5\nslookup.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\f\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ectionflow.appxmain_31bf3856ad364e35_10.0.22000.120_none_285ae36df9fb90ad\r\OOBENetworkConnectionFlow.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\f\ISM.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\ISM.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..eminputhost-process_31bf3856ad364e35_10.0.22000.120_none_842c9d9e843cf6c7\r\ISM.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..onalfeatures-fondue_31bf3856ad364e35_10.0.22000.1_none_9ff8aada90ee79bf\Fondue.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..oreuap-iotuap-tools_31bf3856ad364e35_10.0.22000.1_none_81a7e90e2a244a76\iotstartup.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..ssociationframework_31bf3856ad364e35_10.0.22000.1_none_008a7e7adfc26529\dasHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\f\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-o..tiveportal.appxmain_31bf3856ad364e35_10.0.22000.120_none_3da444c93fbedacf\r\OOBENetworkCaptivePortal.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-office-csp_31bf3856ad364e35_10.0.22000.1_none_13aef8973870f6ff\ofdeploy.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-firstlogonanimexe_31bf3856ad364e35_10.0.22000.1_none_21929eac926a49b0\FirstLogonAnim.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-machine_31bf3856ad364e35_10.0.22000.1_none_63c1e7db07fabcb1\msoobe.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-oobe-user-broker_31bf3856ad364e35_10.0.22000.1_none_da2a87582afb2453\UserOOBEBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-openfiles_31bf3856ad364e35_10.0.22000.1_none_3d6a04a6ef2d3d73\openfiles.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe"3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-openwith_31bf3856ad364e35_10.0.22000.1_none_c3646c52777cf90a\OpenWith.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionalfeatures_31bf3856ad364e35_10.0.22000.1_none_bcaa97eff2780373\OptionalFeatures.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-optionaltsps_31bf3856ad364e35_10.0.22000.1_none_383fdbeacdabdb26\tcmsetup.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\f\ntkrla57.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\ntkrla57.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.318_none_47eee9eaf8f3237f\r\ntkrla57.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\f\ntkrla57.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\ntkrla57.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel-la57_31bf3856ad364e35_10.0.22000.493_none_47936afef938817b\r\ntkrla57.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\f\ntoskrnl.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\ntoskrnl.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.318_none_67a8688739413b45\r\ntoskrnl.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\f\ntoskrnl.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\ntoskrnl.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_10.0.22000.493_none_674ce99b39869941\r\ntoskrnl.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-osk_31bf3856ad364e35_10.0.22000.1_none_010071125eb7c4f1\osk.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..-personalizationcsp_31bf3856ad364e35_10.0.22000.1_none_9735ea8bdf727333\desktopimgdownldr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..-upprinterinstaller_31bf3856ad364e35_10.0.22000.1_none_094f49d32c4abf9f\UPPrinterInstaller.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\f\WpcUapApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\r\WpcUapApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..alcontrols.appxmain_31bf3856ad364e35_10.0.22000.120_none_9ed34dd5b0c53507\WpcUapApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..auncher-cmdlinetool_31bf3856ad364e35_10.0.22000.1_none_4d8388bf67ce9090\pwlauncher.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\f\printui.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\printui.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_10.0.22000.194_none_d171c2327b4ef3a7\r\printui.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ioningsecureprocess_31bf3856ad364e35_10.0.22000.1_none_ed19a89f248a8665\psp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\diskperf.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\logman.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\relog.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\tracerpt.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_10.0.22000.1_none_b7671877039e31c8\typeperf.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe"2⤵
- Power Settings
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe"3⤵
- Power Settings
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..nfiguration-cmdline_31bf3856ad364e35_10.0.22000.1_none_5f9f55dd858837d8\powercfg.exe" /grant "everyone":(f)3⤵
- Power Settings
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_10.0.22000.1_none_f2f2b094636b4172\PrintIsolationHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..nsimulation-service_31bf3856ad364e35_10.0.22000.1_none_2f02b4dfdc90d704\PerceptionSimulationService.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\f\WpcMon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\r\WpcMon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ntalcontrolsmonitor_31bf3856ad364e35_10.0.22000.65_none_2d03a3ca59967a09\WpcMon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_10.0.22000.1_none_81f1372fe02ff0d7\printfilterpipelinesvc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\f\ntprint.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\ntprint.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_10.0.22000.282_none_eb29ce0d02c88de7\r\ntprint.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_10.0.22000.1_none_0a202c45353b204d\plasrv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\f\PeopleExperienceHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\PeopleExperienceHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_dd24c7cd1fc6d4b1\r\PeopleExperienceHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\f\wpnpinst.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\r\wpnpinst.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_10.0.22000.282_none_85f8b97e4dbf9185\wpnpinst.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\lodctr.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..structureexecutable_31bf3856ad364e35_10.0.22000.1_none_4e4c1e255ad155f3\unlodctr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpq.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-lprportmonitor_31bf3856ad364e35_10.0.22000.1_none_0a473f274297ac75\lpr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrm.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmEngine.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_10.0.22000.1_none_d7fdc61a4a1da73a\PrintBrmUi.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\f\PinningConfirmationDialog.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\PinningConfirmationDialog.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tiondialog.appxmain_31bf3856ad364e35_10.0.22000.120_none_0f681b8c9b834caa\r\PinningConfirmationDialog.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\f\PerceptionSimulationInput.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\PerceptionSimulationInput.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsimulationinput_31bf3856ad364e35_10.0.22000.120_none_6698726619b2ab7a\r\PerceptionSimulationInput.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-p..tionsnonwinpeplugin_31bf3856ad364e35_10.0.22000.1_none_fcd54e761151a365\PnPUnattend.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-packageinspector_31bf3856ad364e35_10.0.22000.1_none_c0c5a574c3f8a429\PackageInspector.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\f\PkgMgr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\PkgMgr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-packagemanager_31bf3856ad364e35_10.0.22000.120_none_e83cf4fa7871c56f\r\PkgMgr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\ApproveChildRequest.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\f\ApproveChildRequest.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-parentalcontrols-ots_31bf3856ad364e35_10.0.22000.37_none_7461fc8593f740b9\r\ApproveChildRequest.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_10.0.22000.120_none_f090fec284d5941b\pcwrun.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\perfmon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_10.0.22000.1_none_f24d5bd1a5bd0380\resmon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-pickerhost_31bf3856ad364e35_10.0.22000.1_none_03f10908532480fe\PickerHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PATHPING.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\PING.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE"2⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-ping-utilities_31bf3856ad364e35_10.0.22000.1_none_ff7542ad94a3dbc5\TRACERT.EXE" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.318_none_4f645f5d22dc7176\PktMon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\f\PktMon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\PktMon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-pktmon-setup_31bf3856ad364e35_10.0.22000.434_none_4f4ac04322f04123\r\PktMon.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnphotplugui_31bf3856ad364e35_10.0.22000.1_none_3f24cf2f4f878243\DeviceEject.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-pnputil_31bf3856ad364e35_10.0.22000.1_none_53a76037c15099de\pnputil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_10.0.22000.1_none_bf599c5a06fbb6f4\powershell.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printdialog.appxmain_31bf3856ad364e35_10.0.22000.1_none_db5642aeddf1e2bb\PrintDialog.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-eduprintprov_31bf3856ad364e35_10.0.22000.1_none_0784f33527b40118\EduPrintProv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\splwow64.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\f\spoolsv.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\splwow64.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\r\spoolsv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\splwow64.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.282_none_d171f6f246e51c59\spoolsv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\splwow64.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\f\spoolsv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\splwow64.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\r\spoolsv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\splwow64.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_10.0.22000.376_none_d180c9ec46d962eb\spoolsv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-processmodel-cpt_31bf3856ad364e35_10.0.22000.1_none_011628217859daa6\w3wp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-proquota_31bf3856ad364e35_10.0.22000.1_none_7e0a957d972e3b59\proquota.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\f\provtool.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\provtool.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-core_31bf3856ad364e35_10.0.22000.65_none_99e34b544b7754a7\r\provtool.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-provisioning-platform_31bf3856ad364e35_10.0.22000.1_none_c0cc1dd788bbd3ed\provlaunch.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-proximityuxhost_31bf3856ad364e35_10.0.22000.1_none_eb3f5def5135f996\ProximityUxHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\f\quickassist.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\quickassist.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-quickassist_31bf3856ad364e35_10.0.22000.282_none_f927204bf41f3d61\r\quickassist.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_10.0.22000.1_none_87d7d1a32f788c55\reg.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..ckgroundmediaplayer_31bf3856ad364e35_10.0.22000.282_none_b70c560a2f7b9b2e\Windows.Media.BackgroundPlayback.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_10.0.22000.1_none_b15540a9822b5c00\rdrleakdiag.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\f\raserver.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\r\raserver.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe"2⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_10.0.22000.71_none_123327ab91644184\raserver.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-r..verycenter-platform_31bf3856ad364e35_10.0.22000.1_none_99828a7b9672cc5c\SystemResetPlatform.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_10.0.22000.1_none_661d9c5c6a1c32d3\rasautou.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasdial.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasclienttools_31bf3856ad364e35_10.0.22000.1_none_c58a6d6ead7a5610\rasphone.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmdl32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmmon32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_10.0.22000.1_none_b563dd17654ea05f\cmstp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-recdisc-main_31bf3856ad364e35_10.0.22000.1_none_dabf9817b86a5921\recdisc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\f\RecoveryDrive.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\r\RecoveryDrive.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-recoverydrive_31bf3856ad364e35_10.0.22000.132_none_23ef129810e14356\RecoveryDrive.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-recover_31bf3856ad364e35_10.0.22000.1_none_dc56eb74b96412e2\recover.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.1_none_40fab150342df168\refsutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\f\refsutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\r\refsutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-refsutil_31bf3856ad364e35_10.0.22000.434_none_e6157b76b496d682\refsutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-regini_31bf3856ad364e35_10.0.22000.1_none_6299da14be99f6ee\regini.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedit.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_10.0.22000.1_none_4a72530ae0a1ba07\regedt32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-regsvr32_31bf3856ad364e35_10.0.22000.1_none_ce9abaf7344caba2\regsvr32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-reliability-postboot_31bf3856ad364e35_10.0.22000.1_none_a4046dd80a1bed7d\RelPost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\msra.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\f\sdchange.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\msra.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\msra.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\r\sdchange.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_10.0.22000.120_none_32bd480a87134e0f\sdchange.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-restartmanager_31bf3856ad364e35_10.0.22000.1_none_d679057128e7af90\RmClient.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.1_none_1d4acd26f12d5029\Robocopy.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\explorer.exe"explorer.exe"2⤵
- Loads dropped DLL
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\f\Robocopy.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\r\Robocopy.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-robocopy_31bf3856ad364e35_10.0.22000.469_none_c24a28fb71aa07c9\Robocopy.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-locator_31bf3856ad364e35_10.0.22000.1_none_257830d2f16108b0\Locator.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe"2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rpc-ping_31bf3856ad364e35_10.0.22000.1_none_f3fdabb645819748\RpcPing.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe"2⤵
- Access Token Manipulation: Create Process with Token
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.1_none_b62be6ea62367617\runas.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe"2⤵
- Access Token Manipulation: Create Process with Token
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\f\runas.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe"2⤵
- Access Token Manipulation: Create Process with Token
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\r\runas.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe"2⤵
- Access Token Manipulation: Create Process with Token
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-runas_31bf3856ad364e35_10.0.22000.434_none_5b46b110e29f5b31\runas.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-rundll32_31bf3856ad364e35_10.0.22000.1_none_2e48ef35afb3a654\rundll32.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_10.0.22000.1_none_674facc3fa15e905\RunLegacyCPLElevated.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-runonce_31bf3856ad364e35_10.0.22000.1_none_6bfe7242c3d10570\runonce.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..-diagnosticsmanaged_31bf3856ad364e35_10.0.22000.1_none_bad5c5435d6a2779\stordiag.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..agespaces-spaceutil_31bf3856ad364e35_10.0.22000.1_none_32a80b6fd3f4f093\spaceutil.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\immersivetpmvscmgrsvr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\rmttpmvscmgrsvr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..artcard-tpm-manager_31bf3856ad364e35_10.0.22000.1_none_f159656ce5b94cb8\tpmvscmgrsvr.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\f\RMActivate_ssp_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\r\RMActivate_ssp_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_10.0.22000.120_none_f07c0067839c600d\RMActivate_ssp_isv.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\BioIso.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\f\BioIso.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.318_none_40ba790c85795e91\r\BioIso.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\BioIso.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\f\BioIso.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..biometrics-trustlet_31bf3856ad364e35_10.0.22000.469_none_40856ba085a100c4\r\BioIso.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\f\services.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\r\services.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.22000.51_none_2158495b1874d95c\services.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ces-backgroundagent_31bf3856ad364e35_10.0.22000.1_none_50d9fc50df76c754\SpaceAgent.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..client-ui-wscollect_31bf3856ad364e35_10.0.22000.1_none_5ff70533364eab1d\WSCollect.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_10.0.22000.1_none_70698255615a88a2\sdiagnhost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe"3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..daryauthfactor-task_31bf3856ad364e35_10.0.22000.1_none_2249c58b4a39a50e\DeviceCredentialDeployment.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..e-client-ui-wsreset_31bf3856ad364e35_10.0.22000.1_none_1cbb979e0acb2320\WSReset.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\bdechangepin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\f\bdechangepin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..estartup-change-pin_31bf3856ad364e35_10.0.22000.194_none_ecba39f8d9cbe846\r\bdechangepin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..executionprevention_31bf3856ad364e35_10.0.22000.1_none_20270749296283d2\SystemPropertiesDataExecutionPrevention.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\f\SystemSettingsAdminFlows.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\r\SystemSettingsAdminFlows.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..hreshold-adminflows_31bf3856ad364e35_10.0.22000.100_none_1c26ef58a3003bf2\SystemSettingsAdminFlows.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..line-user-interface_31bf3856ad364e35_10.0.22000.1_none_332b106ae1a116bd\cmdkey.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..llercommandlinetool_31bf3856ad364e35_10.0.22000.1_none_cab1d8bed975c600\sc.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertiesadvanced_31bf3856ad364e35_10.0.22000.1_none_4d8c257de90f7f54\SystemPropertiesAdvanced.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..mpropertieshardware_31bf3856ad364e35_10.0.22000.1_none_973e22e5d7c36df8\SystemPropertiesHardware.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\f\SystemSettingsBroker.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\r\SystemSettingsBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe"3⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.469_none_e574fa2e821169ac\SystemSettingsBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\f\SystemSettingsBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\r\SystemSettingsBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..msettings-datamodel_31bf3856ad364e35_10.0.22000.65_none_cc4646d618bda56e\SystemSettingsBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\f\RMActivate_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\r\RMActivate_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_10.0.22000.120_none_e4b70edd74d735f3\RMActivate_isv.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nsemanager-shellext_31bf3856ad364e35_10.0.22000.1_none_088dcc7439d57210\LicenseManagerShellext.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\f\PinEnrollmentBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\PinEnrollmentBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..nt-enrollmenthelper_31bf3856ad364e35_10.0.22000.41_none_1d0a15319901359b\r\PinEnrollmentBroker.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\f\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.258_none_570e91ed5ac8ebe3\r\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\f\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)3⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..okerplugin.appxmain_31bf3856ad364e35_10.0.22000.469_none_5704c6175ad01b79\r\Microsoft.AAD.BrokerPlugin.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..opertiesperformance_31bf3856ad364e35_10.0.22000.1_none_b11a4ad607a3509e\SystemPropertiesPerformance.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\f\RMActivate_ssp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\r\RMActivate_ssp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_10.0.22000.120_none_6b23f06ce93f4f52\RMActivate_ssp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_10.0.22000.1_none_86b6cff74107116e\SystemPropertiesComputerName.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_10.0.22000.1_none_86b6cff74107116e\SystemPropertiesComputerName.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..pertiescomputername_31bf3856ad364e35_10.0.22000.1_none_86b6cff74107116e\SystemPropertiesComputerName.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..plicationframe-host_31bf3856ad364e35_10.0.22000.1_none_2ff0d0b731c6431b\ApplicationFrameHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..plicationframe-host_31bf3856ad364e35_10.0.22000.1_none_2ff0d0b731c6431b\ApplicationFrameHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..plicationframe-host_31bf3856ad364e35_10.0.22000.1_none_2ff0d0b731c6431b\ApplicationFrameHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..restartup-baaupdate_31bf3856ad364e35_10.0.22000.1_none_8c926432d7f125a8\baaupdate.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..restartup-baaupdate_31bf3856ad364e35_10.0.22000.1_none_8c926432d7f125a8\baaupdate.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..restartup-baaupdate_31bf3856ad364e35_10.0.22000.1_none_8c926432d7f125a8\baaupdate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.22000.1_none_2837defe14ce56f5\repair-bde.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.22000.1_none_2837defe14ce56f5\repair-bde.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_10.0.22000.1_none_2837defe14ce56f5\repair-bde.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\f\StartMenuExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\f\StartMenuExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\f\StartMenuExperienceHost.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\r\StartMenuExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\r\StartMenuExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\r\StartMenuExperienceHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\StartMenuExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\StartMenuExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.120_none_f6a11a34378fa70f\StartMenuExperienceHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\f\ShellExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\f\ShellExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\f\ShellExperienceHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\r\ShellExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\r\ShellExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\r\ShellExperienceHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\ShellExperienceHost.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\ShellExperienceHost.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..riencehost.appxmain_31bf3856ad364e35_10.0.22000.132_none_f836cc528422524b\ShellExperienceHost.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\f\GenValObj.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\f\GenValObj.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\f\GenValObj.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\GenValObj.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\GenValObj.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\GenValObj.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\r\GenValObj.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\r\GenValObj.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..rity-spp-validation_31bf3856ad364e35_10.0.22000.176_none_161fead9a85c45cd\r\GenValObj.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_10.0.22000.1_none_b9f5f474214cc711\SystemPropertiesProtection.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_10.0.22000.1_none_b9f5f474214cc711\SystemPropertiesProtection.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ropertiesprotection_31bf3856ad364e35_10.0.22000.1_none_b9f5f474214cc711\SystemPropertiesProtection.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\f\SearchApp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\f\SearchApp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\f\SearchApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\r\SearchApp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\r\SearchApp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\r\SearchApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\SearchApp.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\SearchApp.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..sktop.appxmain.root_31bf3856ad364e35_10.0.22000.120_none_c4a02f7c0324c157\SearchApp.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\f\RMActivate.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\f\RMActivate.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\f\RMActivate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\r\RMActivate.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\r\RMActivate.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\r\RMActivate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\RMActivate.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\RMActivate.exe"3⤵
- Possible privilege escalation attempt
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_10.0.22000.120_none_9c5aa041b6a59db2\RMActivate.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..spaces-spacemanager_31bf3856ad364e35_10.0.22000.1_none_a061a9a7af162f02\spaceman.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..spaces-spacemanager_31bf3856ad364e35_10.0.22000.1_none_a061a9a7af162f02\spaceman.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..spaces-spacemanager_31bf3856ad364e35_10.0.22000.1_none_a061a9a7af162f02\spaceman.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..ttings-removedevice_31bf3856ad364e35_10.0.22000.1_none_09a4cbc8fa2be0bf\SystemSettingsRemoveDevice.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..ttings-removedevice_31bf3856ad364e35_10.0.22000.1_none_09a4cbc8fa2be0bf\SystemSettingsRemoveDevice.exe"3⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..ttings-removedevice_31bf3856ad364e35_10.0.22000.1_none_09a4cbc8fa2be0bf\SystemSettingsRemoveDevice.exe" /grant "everyone":(f)3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..up-deviceencryption_31bf3856ad364e35_10.0.22000.1_none_30a652d7a8697eb8\BitLockerDeviceEncryption.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..up-deviceencryption_31bf3856ad364e35_10.0.22000.1_none_30a652d7a8697eb8\BitLockerDeviceEncryption.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..up-deviceencryption_31bf3856ad364e35_10.0.22000.1_none_30a652d7a8697eb8\BitLockerDeviceEncryption.exe" /grant "everyone":(f)3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_10.0.22000.1_none_f73525016dc68d1a\BdeHdCfg.exe"2⤵
-
C:\Windows\SysWOW64\takeown.exetakeown /f "C:\Windows\WinSxS\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_10.0.22000.1_none_f73525016dc68d1a\BdeHdCfg.exe"3⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\Windows\WinSxS\amd64_microsoft-windows-s..up-drivepreparation_31bf3856ad364e35_10.0.22000.1_none_f73525016dc68d1a\BdeHdCfg.exe" /grant "everyone":(f)3⤵
- Modifies file permissions
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\TakeOwn.bat "C:\Windows\WinSxS\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_10.0.22000.1_none_7b4d59f26b91a73c\sdclt.exe"2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, RemoveCabinet1⤵
-
C:\Windows\system32\rundll32.exeRunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, RemoveCabinet2⤵
- System Binary Proxy Execution: Rundll32
- Drops file in Windows directory
-
-
C:\Windows\msagent\AgentSvr.exeC:\Windows\msagent\AgentSvr.exe -Embedding1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D01⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Enumerates connected drives
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}1⤵
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Accessibility Features
1AppInit DLLs
1Power Settings
1Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
2Accessibility Features
1AppInit DLLs
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1File and Directory Permissions Modification
1Modify Registry
3Subvert Trust Controls
1SIP and Trust Provider Hijacking
1System Binary Proxy Execution
1Rundll32
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6B
MD59f06243abcb89c70e0c331c61d871fa7
SHA1fde773a18bb29f5ed65e6f0a7aa717fd1fa485d4
SHA256837ccb607e312b170fac7383d7ccfd61fa5072793f19a25e75fbacb56539b86b
SHA512b947b99d1baddd347550c9032e9ab60b6be56551cf92c076b38e4e11f436051a4af51c47e54f8641316a720b043641a3b3c1e1b01ba50445ea1ba60bfd1b7a86
-
Filesize
40B
MD58210f4fc7a882c5a543bc4d0fefe68fa
SHA1e87f97b79fff1950538ac0a6f94bda02150ac6fd
SHA25675a57674df6655b8ed454ed40da67f3ccbc9b406359b52c85a6bf195fdeea28b
SHA512feffbfd0fa6db901b9904354960c4797e0b148876599f781f2d98829cc25976030b09947c99cf152f8cf88cd63abb79a745dfc3ff48fa8d17cc306f641a9b885
-
Filesize
11KB
MD5c898ed03fb69c24b08cd1b283a955b9c
SHA1b2e89fdb51654a71f65d9c7e699a6bd33181f099
SHA2560c3138aefd0aa3131b7aad067ca1a240ff5a549010e34c46ed8e1ac79cefbfae
SHA512906c76f93c4aa725a50753a0b63f40ded6c40233180f7b6fcacf90ea958623b567abda8e950da8eccc7ab8f1af7499824f8073e5aeca86eb778083e20cd73ebf
-
Filesize
649B
MD5e45e7081e02bf13f6405a10dd20b69aa
SHA1ed1597b079adb2455fba6112dd19f29b12633916
SHA2567a54fc212201a89e1e57a3316faa6e953f609ea10a0daeb75f9da4261ca1b289
SHA51233870adcf41f60aabac010393c356240aa8a53763a789b2a5214ed4c351a4d6b5e7c6b682063302d7c273004e0913970ad3f0096d4888aa09d5c49f12daf18c6
-
Filesize
12KB
MD5ea2ce572b48d81c02bde217bfbfaf0fd
SHA19f2e7cae30f65d5c1681598107df8bd8514529e1
SHA256c31c980f674f2041e2668c35652f25aab37681e3204d77ce74f304e90de8605a
SHA5122976cd2b09c27732767192d0e38f4f66b962a9162a2b9e6af2d5d792440ad391dd2be9ea37599467e614e41d11919774f6d559a7da8e252567193f27df570fc3
-
Filesize
72KB
MD50033bf832be534c76312b853abffa0c5
SHA13a082271a2f6395a987835f3bd7ebef1defb3ddb
SHA25605bd0c7e9c14cc267cdf0df33b01df9637e9de1d9adfa0f20f2cd25bf5962c7f
SHA512580996f81871ac86f7df8fe3ab5ee48372e3bfcaa048bf7e0c0f844d454d5ffeff234ac93176585e62a76e970e0b3bb411e0db0e514c482640f8b7c2dcc900ed
-
Filesize
38KB
MD5b8103746b4757c6332fe545f11de8f70
SHA1588965d6333eb015af39c7f44ce71dfac67fb0f7
SHA2564177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd
SHA512c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf
-
Filesize
36KB
MD52661bff6dabf18be9bcd62fc612912d2
SHA16e90a28a20d59b0383f87355b39f05254bfaff20
SHA256d8be88da29a93137d4e69bdb3b486f9b48ffd789a4e54bc0200acd8decb1a6ae
SHA512f210e2c8e29ec830fd6d46e60bf714abc224c5d1465a75395060fa6cecdf4d9b627c1208c40ef4c39e52cc1697c38f22c8f1882b30b3daf7eb4602dfe06efc69
-
Filesize
21KB
MD56bf0a11d94eea9f5dbb2e3878d26a2e2
SHA1591206d03341c1083843a43d6774f66b6b9f171e
SHA256ed3e1c41b0dfcfa1f28020accd8442e28df7ad1ce6f497eb0d070e2b89e16892
SHA51200c277d60f835895069005f594e93ade91b2152c7a6f6f9f3b15916a3bf7a10f15f60b8f0f212930aee7fb86888625cce14f0bd4d8801fa3591423afa2103d59
-
Filesize
21KB
MD5ec0963f084571ccba8609e51d71bf6ec
SHA1b4a93e1b2e235488747b17c212ae14e5551c2db9
SHA25639041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3
SHA51288689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525
-
Filesize
27KB
MD5fa2d7364a6cdbe8144bfc6add239bfe7
SHA12b37b884e7235429a2b4d675cf1d4975f9081d4c
SHA2563624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5
SHA5125a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92
-
Filesize
18KB
MD589ee4d8818e8a732f16be7086b4bf894
SHA12cc00669ddc0f4e33c95a926089cea5c1f7b9371
SHA256f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82
SHA51289cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e
-
Filesize
16KB
MD5db2656b672846f689c00438d029d58b6
SHA143b8d5085f31085a3a1e0c9d703861831dd507ce
SHA256aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763
SHA5124c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab
-
Filesize
59KB
MD5a3d22e12a66339254ec06e1f07b7daec
SHA18ef299ea4de120f62f850317fb7eb347cdf2f207
SHA25674d9939abcca684e3030b645571f9ba559bb333c17d9395f72c82c45f37f3fb5
SHA51271b1a0eb53dd8fc53d3416ba3aa1e7ad14e024f9304e2588dcc6edc7949ee6121c1fbfb96bcd907a4d381bbe473f860c4e39a633c30f7cbdb25e59c57259a559
-
Filesize
45KB
MD5be446adf51e1e2ec8565855652e2aa12
SHA16107bee1993c6bd9fe14de6f011659d0cc2f7429
SHA256f6b290ca330613ecb353e80b63c8aa8e2c3394c56e1fe14649339597d1d08a06
SHA512b433ffc883c97526611f2be567ea56058b5476d9b940bb359f5533f1d046e25465a75ab3c24e5d85bfe2076d5f69d6aa6e7a6e1a2dece45e390c2c70f129bfe2
-
Filesize
109KB
MD5c1ee23d7fed88171020d29143a2b229f
SHA104fdd36f5e374b0392321a99d9fc2d692d168fa3
SHA2563a5020be3f22468a80da6beeb67478a7c51ebdb60a088640434117a33fc84004
SHA5126ffd3d66cd3115a21c7fdbcdb8225c4acf65b00d20fb6869a56b3f04408127c28f1abd8218c3d5fbf9605222e5aaaf0a916489d71f91865b24453a4a2f7f6cfd
-
Filesize
55KB
MD592e42e747b8ca4fc0482f2d337598e72
SHA1671d883f0ea3ead2f8951dc915dacea6ec7b7feb
SHA25618f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733
SHA512d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627
-
Filesize
16KB
MD5dde035d148d344c412bd7ba8016cf9c6
SHA1fb923138d1cde1f7876d03ca9d30d1accbcf6f34
SHA256bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9
SHA51287843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0
-
Filesize
88KB
MD52dfda5e914fd68531522fb7f4a9332a6
SHA148a850d0e9a3822a980155595e5aa548246d0776
SHA2566abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c
SHA512d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2
-
Filesize
16KB
MD5dc491f2e34e1eb5974c0781d49b8cbaf
SHA1b73ca9b5f9c627d49da4ecbc3455192e4b305a3f
SHA256f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8
SHA5125c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645
-
Filesize
25KB
MD564ef6ec481b87bd3b281a3fd8e0483a5
SHA148ae23e88455a10a4fddb7541a599ee55310cf95
SHA2569f44e97732d4a6e996238fa94b9b8f6c3a6a93dd23fba09b93d9ae9487f6a92c
SHA5128fc5d0fa10c2e7bb93d3c3bf39ee8e45c34e68530d6b58c95cb46f265fd58c4f32d0aed52b3d83ab1703705558420bfe8f756f96ce6300abb94f446b08c484fb
-
Filesize
22KB
MD55c1683920f0ca7483463523fb92eb6ab
SHA1679173579d9c445501ce25aa11c07980e0b86fa1
SHA256366bf06c7c450d212537b1c26c95f186cc6100972a367d0519f4dd4fa1978a1b
SHA5120f9537fc971f0becb95b32edd831c69aec63034e8d150d5f38f3fc16b05e1b6a126495445894531d48eec4de6ad70f158a24b13af450299081107e1b4dbc3842
-
Filesize
16KB
MD5226b6f7ca7730570828474cac58661b0
SHA1e7c56aa61d9415b73b552bbebee164bc50872611
SHA256c1011e3ec34c8a4d5155342d2dde5ee7468cab7d465d5fdf8a1c796925e0da13
SHA512a090e838ef4f6b4030252fe88c9757cb68e2c9652d7042f9505e1048316472110d567541512c404bb9bc3e72040329453f1912f7b76fd0b9e4e95110d3fb8b2b
-
Filesize
65KB
MD5fbed90c1df74406ebab1404754520fd4
SHA15e20c27610eee0f38991e1ec76d21fa8be96a0cd
SHA2562e96659d1f7fed769a6a0920313b91b50c27c97ae622130b420438139becb1cb
SHA51202eec3561d872f8e67bcde3c385349821dd42f08d6758854cd71d02b59b9c779836d5505b73fe703d3cee1bfee96b80ee5dc81c00164cb9e794712cd89250037
-
Filesize
4KB
MD583c450945cc7a0692dd07ca1f694acfa
SHA15def3ce4043747b0df947717b818eff8a3f9b980
SHA2568bca6bccd3e039a4922789f7c530f017f6bf8b49951d8bbb0945250ff630941c
SHA512d01e6e2603b5f822b35f00bf8d9d39635b4c888bd0dd7d9454bfc7e8126f702d0c82749808dc5cd45dee41262e818e8804e0670a7ed698537e4ab5d95b71eec3
-
Filesize
1KB
MD5678457cfaa898cdc0d16d6b0791208d4
SHA1f38cbbdd071b63262d5c69a1ee9b584f2d0ebcf8
SHA256a237fc234d9ff7563b4dfddb21dbaee70006ba6a251c4558a5fec1511dddb495
SHA512e97bacef3830514f611646ba88dbc1b95818e0d1c0eb8819706a2e615eef710c98f2ca72040da7801d3ab01de876b4d8d09a457925732306e6cf26e0ae3217cd
-
Filesize
1KB
MD55199d1d3c52b549546fa1c367e06c346
SHA1b594fbb6368ab9a848449d52940ef1fa2822cc4a
SHA25604493927618fc49ec7ac416a6d8be2c2546b2c8b2f9cdc98b657e7fac6ef7dd2
SHA51222a9e22f03bf8bebe8791135e5c787c09bf0027e8b72dd4a10434183b1331bab6188faa5a047b3721c8bd97b3e8f7d182313e479c3852ecddd28d2c9b2462016
-
Filesize
4KB
MD5cffe9909713ddadff5977e815401a633
SHA1957deeb673da42969b3c2b25c7b9f90be8253ee9
SHA256ef65c36bc8a55d66b7fae89eea019063d8eb08276c1c4fc898d88c4c30fed1db
SHA512224d1aadd1a10dc2c363bf23e012ef452392794863d612986b9197c1e0696c37cecd9ac33cfeb4315e491b194d2dd1f356b45a0833434f7178bbf8193750d01b
-
Filesize
851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
Filesize
1KB
MD5578215fbb8c12cb7e6cd73fbd16ec994
SHA19471d71fa6d82ce1863b74e24237ad4fd9477187
SHA256102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1
SHA512e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212
-
Filesize
2KB
MD51048f1f4d861f5c812e5bc268eb68a06
SHA14c9495a3202f63fd0878086f27310db6d3bf5be9
SHA2568b3b5b96a5d6d7c613052b4a751c6632f5f91cb0a912c96e515978999b6f43f5
SHA512158ca9fc4e59568c8d04b8f6ad16fd8216ee10d8869ce1e2dec844e52d3d3b19bd98433665fa003552e8896a2691531141ee11fef212d8d66283d7002ece8c76
-
Filesize
15KB
MD5eeca431c0a8f6c964934f8c82ddd9ebd
SHA1584a45f94f771ee1e4a2e3bc222a58c419c39fe0
SHA2563ad638e284f1dd969f1c8d7694167c58577940ba6592fba591bac5083681ee1b
SHA5122c67b76c1c01684ea8ba524725964096a6959c1bf53b71626760c0fb92d88407b8c786c1779dfd88b8064d8aded4acd4490c086f5614b06b5083dfa8ab748726
-
Filesize
11KB
MD50fcf2f795518948fbae4a1f455c2bc52
SHA11eba80831350640aa259bd88a7a01d51525b12b7
SHA25613f48f58e700c8a4e1d64e997fbd00fe632e7d0cc01e338a851b303725eaf71c
SHA512cc9cdf6ce78660656b537379469e2517b798c254aa4f4903d90c015c5577b8408450c1cda61a98a70811358e2e86da972442225b13c4dabc6e4bda9996b0df3a
-
Filesize
11KB
MD5805ae1ee0eb5931077583d0298743cfb
SHA100db995c12bcd87da59029b46404afe46335a5f7
SHA2560e5d3f440d1c7dea32b133d5c42b1b1de1a459ab8626569bbe3dd3844078c2d0
SHA512ca1635f8ef2725840f22f4e7d25d065e3e6cb25a9a6418e25945e3cdc8015c2abc54cd9f082ad8ab0fd43640c40b4041e1713d10a8801e4be52194a4f8d5efa4
-
Filesize
3KB
MD5d8dcb39c0237c5bccbfb90d212e02da5
SHA17745742ba45b3a776c81e28c85c991b78cc67a56
SHA256e0dca44796967705bab474af1a0b0925eb22b3d67c422b03b3ac082aee6ada2c
SHA51277fe578d153c80cec35aaa5591a85f8d66aa79eb8608740008f2553688b49afb77b70bc62b0262a1b4094696daea88158d956ea003695439ac14034b0e80a05e
-
Filesize
2KB
MD56e5d44f62e4a4d1639121898605a7588
SHA1cd313bbca126ac781218b856d7de52b77e980505
SHA25666b919e42b5c6fb4fa3bb681c4193fb2ec74f673d3f68844ed764d55e763aa3a
SHA512ec9103296df1799bf01c8522f058a5db0fc45b707a27370c88dee928ee1546d86f3890ec1ef26911d2884510618f0cf70de4e5232a9a6bdc3b5cc01155a0aa9a
-
Filesize
12KB
MD58f623719e1f223d6f7d9749d13c6e6d7
SHA12f1d4788b6599006de491737a747b94693b0a74e
SHA2568f62f975152f959f35f0d888b4d437a06f2c105492ce542da64a0a68e3de107c
SHA512fd1aacd53c803ee18660e3505f05e0cd982c345231b6d82063a3b7d574d61d6be0c100fb7ba5f7436bd9cd0885b79948c8bef5b95532ba5b83e2124c6fae16e3
-
Filesize
12KB
MD56f77df32ef9eecd0d7cfc6de53e12560
SHA1ebd8954899ac76d4592e975d580bee1b4e32cff0
SHA25690440069f2f94ded3b984451b2b9c2eb18f737a87f6a8d540aa482d40f0de8d5
SHA512e80b22741e2303b1cfdf1d3dfdad7ca78f62d4a4f5bf0ad191157c9a155ce8651f04e54a6f20da0327a4e84025345e408c5f9d6de62cbff61a75d1904a4f46b9
-
Filesize
12KB
MD56c37c1935d1d4d1824b2b96b60184fa7
SHA1d92947b751c183e5da035e0235d9a2da92853043
SHA256f3d9f9f57d3e9d0c3c83ec4f0d0d1b6200ab08eb17b378f6461bafe6fc8ded6f
SHA51272aefc0ac6f4ff9eeffa8b96bd31434cf156e27a387d789b78d621838b855d84257bcac9833d8776c1ee442b9d2f4e190d20bfd6ea41f65381ad24890fbae7a5
-
Filesize
11KB
MD5f6b5a40b21f64514d1ae5df66261c099
SHA1c8b1c629789b005d8fe48eba8fe139dab71f2411
SHA2564095e20e7f35b06ea7aff8dcabc66d9338ecac79c072aaf9c490b33c1339cee9
SHA51252f7138a06b08131b447d8287a54f29174ce7a1279846c810c69670fba37e06bd9a49ae0b007f0242b678423287ef95faaa818a18544e2512d4b3fc1c305423e
-
Filesize
13KB
MD52bc2e5b8f4ae4195939897bc2d5302ea
SHA15c4af712af4e246f7b22476512dbeee7d4b9210e
SHA256b13b77bd182cfa236c4486de14397a663e740a6b7564a9c3f0eb5dc0125cea3e
SHA512672ba7f38f3bbf33faffd866e3bd87081dbfd4dfbf4367b22b975d19d411a80010e4ad69833d65b9bdd14619d227e043e9ffe86433f56377f1e921f99abebc21
-
Filesize
13KB
MD5f0d1d2f2c289d2a88c80a9dfbdba248e
SHA1cbb77d6688a94f33f82bde7625d5d4c4b521c8b8
SHA256357129ff4df1ec5eb5a58e118b87bae418fdd70d20e551a7be1082adfc71e30f
SHA5121d5ca0e31fc686274262e342d5c54aba360b26490b1b3cf64bf88b7f574259cb941c9f6539e2962f4d06f31163c49e59b99ce060c898287c5ec16ef5cb226f47
-
Filesize
13KB
MD53d4ae3fb6c2decbbd51842fc97e6d70d
SHA19ae7935fd918eeac79ddc9cf66fb2f65b5db1ca5
SHA256b7a92bcd5d395a67370260ea39ce7fb62194c4b479a43bd4698acb9de4e66920
SHA5122fd3d5ee518a36768449a13d91ba204a6d6148b2097014fec4e3a6b7f08bf6b69e46716cf054b422a3dfcdb57c79cd7380aac7cec2d448d80af9c2850f0a6e9c
-
Filesize
13KB
MD5f176bd865b0fe3001be276b52dfec059
SHA1bc6a4c964f7c41c984bcd1c994b4464d2acad863
SHA25626963f5c00a9f543a64a90acbaed94594032f79070dd0606c76dc0786f4f1f4f
SHA512a3bd5f5311876ed9353e57e3fdaaf4fbd8b3567d98de7895ec437835dfa29461e560408712593a19c2c0df899907f1751a9ef2cfb28bf93087dfe539ff7a209d
-
Filesize
13KB
MD59c704fd7baea71134f9bda53e0cb0d0c
SHA1946f98b26d8f86262a69daf2b1176026a24d13c8
SHA25636217938315cce3c5be0799dd737795e67e427a268f9788336a6cba7ab6cf412
SHA51289d6f8cdf1e42caed151a92d39c56039505589ad905729d6bc5ee783d66bb2b5583c7c4e6ce34e2053643733b1188877ff3cdb554da2e159aea5faea4473b771
-
Filesize
11KB
MD5920380f517bd76aa7fb77f19c4276667
SHA14adf1259ddc07f6a0bb298f11c5577f9b804c744
SHA2565d58e1dfca180291ac04ae49c65b859cf0ce366e1d6f2ec79683480045f3e4c4
SHA5121308bb183e6f6aee47bad217681fe3fbc0c75509b88de671e03e82b40660bc0409a26316f41ef51cf093baa74bd452559c2e75e0c90514729be2e9bebe683814
-
Filesize
13KB
MD54ff28d1bba4b93c3ba4eb9edba8af389
SHA1bc303aa73fe5e23c22e4e82a52cc7b647f4f2932
SHA2569392488d990bfe350506b7acfd25441d3f2a27268f939f0def9973fbd3dd0dd4
SHA512bfffbb01d7ad238e8d3e5333320322fa160623b4ecba5be1f4db22e7a11eb584c0176cc31c37f53534ee27cf2b6cbf2872089186eddf952f0aa417b5031b41ee
-
Filesize
13KB
MD56a55a57ae1d92728e0b8fd86762d9aee
SHA111878b0c75a8ed83cafa99692a2cb9b2b384f522
SHA25629a4620d94c19ecd1e5f6dec84be5a627fd543a7f61c72834cd7b442b017e348
SHA5128ab4c135aac376c807dc3dc6f81a97604f6e88c3b7c11c148ada44dbe5706146a99c2fa9c7d152b98f6a01aabb6b680516b6ba621b60f57dd0642b1ea325bfe9
-
Filesize
12KB
MD5371db732c8123a2a77b016ff0149d33e
SHA1a36aec94c19c779c5ff1141fa08336d88891761a
SHA256ae91386a70fcf327a7b73605de6b82636d747c4e1c474c1b4bae43339e3db881
SHA512a44c32a1ff4f1e3c562eba9a5934c3c70cac22b77c489c0e12a9c00eb987eaa9103165320fb2d2a8ee38ed64b3090244653d68d8ff4e99a0ec716e3396c38b8f
-
Filesize
13KB
MD54a48f296fdf2ff4d96594d06463b30b8
SHA1ccd5d7b0f676816fd7bd28c6ad5601c20c65c80d
SHA256a6ed1dba52e761f782e96620755c1eafb658bb8ca2b0c45c62f1ed4870916eb2
SHA512f8537600a381744411987e12abfa3f5ea980e70c93f9c88931bc903dde87b10057f4ff38e350a2ba549383bd1c5a42550f31be43500d0f0e24d0b05de05df6d3
-
Filesize
13KB
MD55b139c540890a9a181f299735ed19895
SHA17afc731da9a688b5abc37949c3ef34d46fd9b411
SHA2561dc8586d34076018cdac138a14f1232b8a0d47840a811f5df4e9dc1bf4db6b19
SHA512805f83ad6ae9cc7d8272663652397560465d2f13d7b6b1b66c2df27f8ebabdf71ee69f9cdf6fdb335021f6c7861313d02138870f05920f9131cb387599f05c79
-
Filesize
18KB
MD5b5b9ea8e0372ee0a5a0c2f7a588b76a7
SHA1e8d861c290bd955e6450887e066f60d9079dbbe4
SHA256d4ec224a887cc3b6158acdaf313ef30c6340e0fde1082387e2fca4452ffd698e
SHA512fc0db3440eae52b1ffa7ee431aee18c84058b0686cd2a6500de260753248aa8cf92ffaca69051fd028ba9aa74c495a303e0040f29935886a83c23a9d4a0d9e8f
-
Filesize
15KB
MD5c6d79d35cfda5526fc648de3bed85ce1
SHA1e08bab3ccb8ee952bd19626ba0eb20046a12cdcc
SHA25680e11c00942010eab93f2443ae2c0433f6816a38ca0f31ae414a0946ca1188a6
SHA512f0c42a4a18413156c78fa7b91cdae8254e556c66d263841547b3db4eba11e43a194c67d985860f0211440fc12c6cfe3fb476fd1b5f16eacdde995d4df0ff496d
-
Filesize
96B
MD55db6a5800c58b5d9a19ccc8a27487c71
SHA1233b932e167b6ef3a1ed28ee4b917c5aa163e032
SHA256c0134411344053115493d13bf514cf9f758759482c82430aca2263d4eb1b4d32
SHA512bdb9fa908ec334a9689166b182b2daaaef673a92ed8dad27d065c1c67002cdae34e1e1df773416b54118d82ea7c1004116d320d8c27d7fe4f720141eb2acdb99
-
Filesize
96B
MD52cf3440e236dbca5e93496b0c978eb43
SHA1fdcd4aa9bb48dacab13d7f52ae5a97ceb5055799
SHA256a5c89918a911b0adefb828cc186a2de0506b0cc1ed3c5693feaf0b76419d34b7
SHA512f91c00c6db93e64de83d097a5b511f9c72d0f1dfc1559e35df3b712dba0556e1d1f63ecb6c4978d7a3ddf49f058d2ac1b6b636833ad17f1fec28456115fbbc6f
-
Filesize
48B
MD58b78fdca70b2016f0783f59cb99444e1
SHA10cb9908aad2bf15c744c6f2fe824000ef1ed6b4a
SHA256a5974cb75ab97586f2f56a75de577589d6a51c6141657492b23bf8def6bc2169
SHA5129c074d1d1050193d8413162e7b4b968b9b4735e3af40786c4e4abd801fafe917f554b9be230f3b32adbc47f3956740c57c550bd5c47a0114df2385781f93712c
-
Filesize
76B
MD546cb7641be727eb4f17aff2342ae9017
SHA1683a8d93c63cfa0ccbf444a20b42ae06e2c4b54d
SHA256944fff1dd6764143550534f747243ef7d84fdac0642c94135ab40f584520f63e
SHA512dc1b5f363e90abff5c1663a82764296922c842820d2819805e87da6da1081f1b5f2d8debc83ac34a26ce289b7b22588b022433686b19b039074ae184968b9fda
-
Filesize
140B
MD5d3349a092d897f58a7fa3af14ebcaf3e
SHA167686d94bbb05d613cf3175cb28ddb70919a525e
SHA2561c752229234e2a869f8e26648c529ef060c432c39c068a1851f91aa221941aa0
SHA512b8cc4d83996597c2b040f525a62ecad5bb19856318bd28655c08b7a5b8b4ea7d0ab4fe955206ce142607cf3d9adce78608b33f954f9b28565a26f0cf04f49317
-
Filesize
153KB
MD5fc955e89614bb7a8856e933757f399b3
SHA1ac297eebf4ec603589b8c9847eab3bd68e085f39
SHA25615053556a89a259df002c162beae3cdfbbc9c47e80c6625008b7bdd579dc4cea
SHA512b3e8672af270520d6f7805f06c1fb134015d96735e7d361f366021cfa113c0bd992cfe29a79d475823feeabf420e2b6770d05f9b978d0922cce4bfd35b06fd32
-
Filesize
153KB
MD5f0b13079ce2f7941c32c16c59ef194e4
SHA17b3409da69b0e50001ed1ed76cb341c651cc936e
SHA25639f181462be76f02cd5b95136685020a45d218269c9ffe1c9f7f5ca39f092489
SHA512b864a6a9f64ce4d8432faa1a9bd3dfc9de15d68c260771e9d8d5aa2a3875517bbba2351e9a611b194a7097368b9abeaf72abd5842a0d7627701172810cc0d0e1
-
Filesize
152KB
MD521d4c0d41b253745302eb160c0bf33b2
SHA1bc2e99385701a916eab78d65414d0006b9d0b64b
SHA256fa3992a21b0adb7defa442d1382af6978457a64939c04d64233844ea16748df9
SHA512ff2a149aaccf46887eec7b7e296c05efe82a98354cf2358431f0b56fbb42d6fd61c0b6742106d1f660bf58b7fa0de1100df212ceaa19cc4c4d740d0af2be801f
-
Filesize
79KB
MD5b9719400bb93edd92aad74b48975daf6
SHA1aa07fa08ac4d4b3859c47c82a3feabb2177ee217
SHA2563e61438c2b75eeaccd61b18514224602a212016a4c364822345f2a5cc09dffec
SHA512192040987e2927cc031d9601f53499fa4f7bf10325e67765165639af55e6a7f78150ab92951d0112fd98c714c6beda8ddb90b3279602a301e8d50e5aa75fd50c
-
Filesize
153KB
MD53187294f4be64909e08ce8a8def71535
SHA1888e734af0d4fbb399a8909c5c5354fbb9c7958c
SHA256f10d7549b598cce2c58c6cdc9f65a802ff91fbaccc676228eae81e4efbf98044
SHA512f16f3651f6585f033c49d123974317b487db09a9fb2a3c969989c7dd3dfb8392348c2b4f5c1674b64e65c65e538abccb32f472061c49a2977b41af1e9e33b53b
-
Filesize
44KB
MD5789e249d7b067ff0332435e400a3c803
SHA1ec1be032ce4175a08ba38a58942ca8fc022c2935
SHA25660a7c778684ffca6f3facc7f89350a421f3a9951c8509925c11fe63d61249c14
SHA512458aef992df4bf5a92a32f08983fce153838c20f3d39453fe4b55ff83f91fc01d02edc77a5172bd4ce6afe200a96b133f4b6216ed4cab92cab3feeadfa0df555
-
Filesize
264KB
MD56ae3787c479eab6c9f5e64a6be349535
SHA1116d9df77d72407a73c06ebd4c81bd71bea8f93d
SHA2567b1cd6b14be766a2deacefc5ed9dbb3b4b553775782d01ccd84b99cf70fd6f6e
SHA512fd2188120d1bba126e7f40599effe60f54b8653fa87dede6cbf611dbd618bff1a8d9ce80f672f69235961df850e3fb3ceecb8271ebc20d8ec507e14070413b3e
-
Filesize
152KB
MD57cb60a19e2b47e44d2e314f62d838e35
SHA1061b42f180eb586a26050b1070f06628e65c694d
SHA25666483bb585d8f466ab8a36b84f2d9cdd489104b28e6242a19fe44465c7e769c1
SHA512d466f65778d859139d745a5846bd41a729b56dded71444bd44fa134456f68d9830f405bfd16988945f5780da131454750abef25c60edcd3e149a19096ba05036
-
Filesize
3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5ecf610ffadb6b05b729f1fb747c925ce
SHA1552e136d3b35f6554388dbf3de27cc3f13aac1aa
SHA256e60d57b0c686fee38e691bd9736e26c41a31f3f058f68c1176c0a71f8108abdd
SHA512ac191b7ef1e260e052031443b9e97b79824c03ae79dc76639317c4f3c70c33ab7b3239cfcf38ae5ed803adf4bb011bb9a9973cb9ba1787b91de2c171cba803b5
-
Filesize
280B
MD55871c7a894fabf1c9345839fccb91305
SHA1bf8ed44edabc6f6610df4b1d09e52d58860776a6
SHA2566b8fafeabd0b0b62dc95a31276cbf14518e1f89e6332f153f6392f56527a51bb
SHA512792b18089400095490f91c4c5f033ba9487917a010f9a424875b1ae8a4b82509b055e88c3798ef63236f65b37fd77656bc25e506cbbf3f093d57ac739a084462
-
Filesize
280B
MD5d078e361e0ed3a9230b38d7f87140520
SHA1235c905284ee451b6d19054ce804e8e02a4dceaa
SHA256c568a7aab912809de985c73e6f662c91cf29ef7e6d91ef6a2ff03989f0894338
SHA51279eac09b34e1b2274901e9114c16212b608d4ba2c8875e000b77b6cab80578e25ad5c8020ff0f32c4b57884c7bc41cc494b936b4154f5d922ebba3e6457ac9e7
-
Filesize
280B
MD58f1f880a1230c38d5c047b145e314596
SHA141e5955295a8a7aa6747004e6efa56d5d7346692
SHA25642ec0f36cb33d6ac803bfd926e1cb3f445790f9cd1887a7fb6c29891b9adf1a0
SHA512576a83a4f78562b9cf9a0601383a822fb0d5d37931a55e11681dbfa2b9764b7089a32215acb4586692cd7962fcb433ca4063d36f663d11330d375e45fbbba5c8
-
Filesize
280B
MD5c8e91aa33c6389ca0bafb0a363b03c15
SHA1f0fad9f6143b90b0426e1921ef83cff8ebfd6173
SHA25692bb647ccf28cc44555b815a8151fea4dd5ac67ff37553e02550e08f280879f6
SHA51288cab46b7eeb5aab466eccc656cd98b0097f246711487ef998b9829a00bd556cabd4761d1a7308a316b9f4e8d07a8da3d847a3e945e7d0e721cd2c1235cc1c7d
-
Filesize
17KB
MD5914ad37eed212d37f176596d1102df6e
SHA1bfc2da63df55dd1b35d80e5bb6b4d43a604478e1
SHA256396730163b1874b248098cd8a27f8517e2419e8baafd2556b0cdb025217c900a
SHA5122281c7abf9501813103c7d2ede741d5e5496e79c1969206bba3119ccc8d382195ce6e649499ff791e1b07696378df021a6bb1d05bda0716b775463f2e6e9688d
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
100KB
MD580b5b90c4f3c45f46d57b5e1bce1e629
SHA1367e3928b8c501a0827fd1b56083824932e9dfce
SHA256f8f5766093e3c09b37b085fe81a7d8307c69b34710794143efe460ae62bafb2b
SHA512395fe714443f48f04896aaabb79d852a79e6ae948fbdf1678505be724c0efd172043b36feb8716d9882585a47d23746f2dfb1cfbb18149ab9e71310ba0b055e9
-
Filesize
110KB
MD5856a44c7e5f305d914f73151e46348f1
SHA1ef7198fffde31f348f41c1fce450f7c83f2724d4
SHA256f576eb2ecc60fe36e8222e836af2b7a7fc0e2f757159e970631eb2e496b0411d
SHA512c429e91a2cc420bede1768600604b9e3695d0f29640da2880ba9c2cd528fad536b63e40e142c48275b21c3607ea3e5677eee2c2c4332c894ff70687069dafbe7
-
Filesize
355KB
MD5b7af32f2358aa5d8a0ec3a1a841ac326
SHA13e28e126c7b138d935cdf4bcab3a0f0e1b0b3edc
SHA2566fff462a7a169eecd2227483dda79626a5cdf83d2dc12a02bf6a19e79d570a8e
SHA51250de9fc5adb05ec3eb9e6447fc435c9c20b31b75e02163130a714c46e6a143d121a6ece7ec96bdee901dd35637793614a9892b4e5c5f767f36aa59e0365226a0
-
Filesize
19KB
MD53b25fbd9be0594e7d5dd630003ef4194
SHA173d1b16b7b95ec2907407f06c3f353497e29a362
SHA2560ab699ef1483cd423e0880e48701eb0f38d8d250a4f7e63262a5a10e587f6df1
SHA512137ca7a8f12319721e9ad5a729c14c14cd560abad62366fe47d2742ed30e9dcf5f3a3c1c5607deee579ba9407ce5b5c1c737bc74e07e64dee65e1fc2ab8b0615
-
Filesize
76KB
MD5c99f966767a99c2971aaad4890f0d323
SHA1d6dd4e0199e653bd6663c5203dc3889e9b6c0baa
SHA256ad5f0de938a628df6b0de66005e92497bb39c09fb8491ea7fc4d5afd600262e2
SHA51202475dacf307541c4e2801b2e849585d4210990fff97bf5afe9f44f5ee46ae8ba21152295cd8baeeecba3005250d81e7d280007f0b8f57f77247a3e2588b7c1a
-
Filesize
162KB
MD54c30097ee68f382d4efb48676ada82f9
SHA17082348b0a418d7fb4991c401ada2885ba81adc0
SHA256c4d041b5988bb4871fcd5b880ae697f6d19aa8bf5c863064ac7a85f14ff077d6
SHA512f4498b5dd8e0d25a51988f71f21cd4a3b59c31c8e13e4f52f5b85fc1643805c7298a43f744efcb7f8886a45e8f66761f86a3d8ecce98bf944fd3155527f50c9d
-
Filesize
128KB
MD529e7cfa3e5de55d603a211bc5561e684
SHA14f3af2524b97a5f4e5f9d765e9f9f792efc3cb02
SHA25660ef8879a9fbd2419b58c1f614abb7019dd677ce45ba9f092c14760c8c7dce65
SHA512175af94d1aaeea119f8b02344a5ae5b1a1abd5328a17b8ec8b9159e6346b00d5ee38bb34a36f67567b80a0c98a59b66a69a7f868057b3f4dd444720287c4285a
-
Filesize
256KB
MD5f61c96a65b60f7e4c018e2850f5a4880
SHA1f36d693611e6e167e20ad40b143ca01454c0898b
SHA25674fb5e0934e2b922fffd0d9d91a870d851cf834fae52d6c80fba17dc052dcbf2
SHA512f87c2170e5c6274f56ee645d441cc793a14426b5f487ca31a3a2722c7ff337ade99cb030be030fbcd92f8d5b00261fce06753ce98a77cecb3665b7a712596a51
-
Filesize
128KB
MD5e729e8699547cb5bfb4f424406b8f551
SHA15ab8f998ba9fc47a60c1af131c29bc9f6b656b53
SHA2568b584c48779d727e3638c8922aa47b1413d8906130bd3c480dbe0774186d2915
SHA512027438641482b3deb4c3ef779542f0ea5c1a97fa90a24523b645b9d53ff13e03da89a102f6edff4752d0a0b517cb131f3a8c7a4f54fe20f23ead8d357ad970bc
-
Filesize
37KB
MD544dff952b1289d581ef21dfc7f960edd
SHA1fe666befed4e8a0e465a48c8e5b350485a9c5129
SHA2569573d1460a8f83ba6ae7d05b9f2d8d7b4f2487f23a478023e2d191274c872f39
SHA5126f8ff7e3dea48ccb655a3b1bc7576cd6e3c8164d710438d677ad790b308408821da1ca1ae8827d2a14a8f4d9628c9ed56475af2cf89a45a71b66257c96e93ef0
-
Filesize
16KB
MD5b4c8755ec992b18434d6146bc3beb21b
SHA10f5fa4ad54d8540afc21ec5b13fef8a51a54d046
SHA256f7528531175c45be140009f5dc15e90cbf5a4bef11ebba8de1303b1582af5b70
SHA512997cfb5bc9001e54bbf11f6853de01df9d723d592bf191f60206c1c8588cb1279cc68bddcd7b4ef69772154b6468373c7bf873c892665343e396b4fc45b8c071
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD5cc63ec5f8962041727f3a20d6a278329
SHA16cbeee84f8f648f6c2484e8934b189ba76eaeb81
SHA25689a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1
SHA512107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
9KB
MD5104aee756cb1b7afc6b4db26b699a552
SHA19616e18766e11283a5409561d32c4ded454a8f44
SHA256708b89ecc0eb7b6de72e7797a0ce427f9b5a0ba55968499bcace4f4c1ffccaac
SHA51272429ccaa126eded63924d94ff55d83af27943e0b4adeb4a39f02c27797a2aa66d57a2fc7d5562968c45820cb642ade210a013fca6e3a9c0808b923ac8c6f9e1
-
Filesize
10KB
MD5117a5523ccb2f1c12b2d92d4f9bd044c
SHA1d89d5aa6c6dd26f015807f48087dbc2835a422e3
SHA25688c329972bbba393145a513ff7a58664aeeddfebe85993811d27d78d04a2548a
SHA512ef6df691525ca707ff0185ff5fe263ff5e497c4b6f3a308897c977b38d95a91f223eeec06ab7dbdf91df0e9001991bee5a15c6d69095c8c75e7473e648146ca9
-
Filesize
3KB
MD5751b3baeeaa5806d7a21833fea443d82
SHA113c881147db930c6925b374582a6beb53cc09b9b
SHA2561bc5cd43625395c8c73dbc2af360ef13802a73d2e95972e8684a8551b5022224
SHA512416fda08c5ff102a183527064bed3ff9d7898e9b34144e24d0679b8d145c1bf280771bfa7020dd057086f137a035ea15653829f49f0f5b8685bf9952230bbeb5
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
22KB
MD500f82279c7d2e512e5fd29c44cc4b58e
SHA126a2fba1714147f46cbbcc228406853b220e54f2
SHA25683bef501f4ff6bb77b392229a316f2ba1241c5e6b776b76bb52a4e1ae43900cc
SHA512675075081026f107240c758974ff72b63ffc8bb88937f1c934fc84281ae0528e3b4b7128eff83a643b84697bc7f5b3d83611234d5ed861761836aa5ef09c4aa4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
6KB
MD5bc0701c92c32aed05c57bb029906daf8
SHA1911dc57a51d9ff0202251e07d20f51513ec08204
SHA256424b9b506d9bf39b9e4ea8ecf37cff840a5b4ea8240cfa478bb8a3376c250a6a
SHA512837722d8e2225ee1f9a946f27837e0ac0bfc2e146b0c61b01d2581c293af9cce03b81b25bc018ebc3c1bc86666730c02c132a9054dc4e95642c31b5178e5f29c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5f84961db7931443c4b54f8c59453b478
SHA1f484140ec135096606e1489d92edf4c0ae3bc039
SHA256fe88cf6ad4872bd18178588afef09d6332643ae952afdb42da3e98c4e8b9da34
SHA5126d9fc94de8ece0282a6399573224e11b4dcc36bf57c93f6935193bc6e703bb143e8f59e10495706b671faca802e3dab331dfde2609e357903ebb6bd2ced8c32e
-
Filesize
5KB
MD516ca74e24b1c45dc1efa3bece056acd8
SHA1cc9dabc9e35f270c7b851db2941cdd9a94ab9efe
SHA256c33c32adb144406689caed571cf2a77af5d69116a1324d6f9586c1765c7b82fa
SHA51271b1cf62bc7ef858d63772bf188c2e1ce53afbe5dc21d2263b7e86a58ffa4a8bf7fa4036e876fa75bc58aa9919b687541057cebb7ba5bc99fa633a0f884e27d8
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
211B
MD54eb1708ffe7a635acd77a91ce60b2eeb
SHA1e5ae3f93bda722d751717b7ac2950399432fbeab
SHA256a82f6031aebbc1973012f990af5449c1fc36d53caf2476c36076c7bfa224df31
SHA5127311c563494b30c3a1a3b8b84c03a2a0617a3b6f86c6970f30eab78fb865c3d6dbfd664d8a9548f1659f4aab5cfcc96a119bc369ee06988df11c2f7a0ab82d88
-
Filesize
211B
MD5ccfd9417308c88602559b24132262a9c
SHA182c81a42c37f90fd7e204b6148a367ad1f3673a0
SHA256d1349a183efffcd9426c43b0030aea4ff1e6e266ba35d4081ca37d759c77cf48
SHA512af81b4e6f059c3cd26e9e3edecba910c4c52ffd67f11af6196f4c87111c1f83501c2a8d0bda492c479b196ae65005f7a97d510737e4aa9204976e16319a447f6
-
Filesize
211B
MD5d5ca244b853a5499070756f5c7ab3d1c
SHA1f4ad7cc98cf4dd04fc9c955298d11abf1505585f
SHA25658c0325f888028cc47024b0b37236f065fc7526e678284a2b2590c9d4e73607d
SHA5123b1834bf66af355d7d0b1bd362cd03bdd2e39bab31773373308f802140c4b7c27cc384f88630225027360d38e559b19ac57bc2c52542f9560c6a0e939a5566a6
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
19KB
MD51d73ec04b7c3ce0832904f6410f246d9
SHA1d528929da28ccd078cb1f12593e3e88b704ff403
SHA2568fe1585420abfbecc51049d6e6652a5673850a60f00ef3029214db999486f699
SHA51276188c59966bedb4d030b984f065f0b75b0543b3cba557e271a5d5aadfaccc1bf90c37ad99f974234fd34b67be8582fe758235687641003b7374685ac705ddf8
-
Filesize
16KB
MD50512ef4ab5bd0c77fce7d6586bfc1455
SHA1c321465ae28206a91f6e15a66b48f40ca74a8fa5
SHA256b014af40339ffc190f7db9496a1a5756ee927007b9d29dd56c35399010f6a182
SHA512066f9d43ff46d9d784e131180c6d5c270f1dea785941190230d698bbdc938c3968289cefc5b06c6fdd417e8b203b0e9f4047bc643ff565692640e81a6e87c22b
-
Filesize
19KB
MD58ea7eaa5c6255f8cec3b778b472d03d0
SHA17d6edd317c7eb22d15b477e7e3ee2aca845f7b86
SHA256e5689327302996bdf6db4711faa3c1d07a27a7695e7adc569c84e3fec651fb8e
SHA5127297687a892f85129e51d96f9d7b3291d58ce9b204854afaea5276702ed899c165cb06c636d84a9bd49fe472a642ee4a93c6c65c7b98fbbf0d82bb686233695a
-
Filesize
14KB
MD50182dfda1bbe18c0fe6e9da24e1b1e92
SHA19039a20a9536aedb72c4fa6d953da8449745f477
SHA256d0a5468ef1ae6500545459a14afc161d8dfdc5ee7263fbad6849fc01ad72472e
SHA51259e4e4368e2fcd8372a54f40501128d8d3609398543651d3ef9d9fa6a98c00e95c24e715d9a47e86f10bf949d36a9cdc08507b237ded02b2f2dac67ea67c827b
-
Filesize
16KB
MD537fbd2d5dbe030e3001893359503897a
SHA11c15daab0a33ff295d9525e41fe4b7990e18f745
SHA2566659d0befef6737616cb95c75444d3cdaa908f2c193bf383548011fdaccc258b
SHA512f54f8c351c1e69346f041a1eb9a6950d9a3184e42de6a6ad881b1a8adc5747b12b303cc43489b7d6c69a29e392f5518edfdabfb0b7fc520a633ea926b5784d75
-
Filesize
19KB
MD51fc0276f31e2fb1d1419e30b63dd285b
SHA123d8a934a8c97b12ddb37640d9715f39c7a75de7
SHA2565ce447457747f9d8a78a9ebf611a9fef9cee5f03ee407538b4dabb4f3b679f31
SHA512e2531d15dbc4c7656a9e893811e5f9d00bc09e9f90749a6d5f71591d889ebddb0010c092ea48a10a65c76656135ebf24e558600916e0cbc857980b18fccbdfaf
-
Filesize
19KB
MD52694907ccf83b767b444da8abf936e6f
SHA1193738e47b0793a388d2eaaae9cad78f0c926835
SHA2560cc774ce51bd24811af4afb9d5cf077b7fa94fde49e985f69bd946c0f8eab0fd
SHA5124ecdbe6f6e9fce6f21f38162d8502aa4ae0cb7859679c857dbbcac7b858c474ef12df41c5e3c3484310fc264812ce8f63e8d2faa1594e5d2796c968d29467100
-
Filesize
18KB
MD54cc1271672cef53a4ba1a6bed65e15f0
SHA1a43878b92b4a90c2a8a68483cfee4a2078cf4fb4
SHA256d999229a4c153934d3df35008b786370801f7c7c20129a016837f83b099cc036
SHA51225ca9d4e9a31dbfb2be2a75d2215afdb43a2e723c9f3f92a765a95ef73ae15c567ff7e1be73bd5c482a70b17f547341512da020267f8dd2ea06085bfb10bb0ad
-
Filesize
34KB
MD51242ef41b147740afa558d1c3298ddb4
SHA1a8478b2e22641a5f7e792425721202c133de566b
SHA25668193db165de60d0956f04d1669d47607d5a52c1d0e991ff07f956516daffb33
SHA512425ea0678818a05e98033a7edb61c4dd667ecdb4d7badd0b4b1e65bb423d8a2006cfbfc34d07793943b5838c58cbcd5e9666afb95bcc010835a9db71b3b53633
-
Filesize
56KB
MD50753e45b1fdf016ad1ceeb668ac17e0e
SHA14ab6cd57caab1f4ac73a9e35528b9a99a4dea5c3
SHA2568b4381d6352d4614a1f38e60bad7083c3c0b3f7dda1ed5f8b1504cb6d2df8f6c
SHA512096fbfca7e9fc1dcb5cb658170658cbc1b3dd0b077313e695dbea72c890a69a74afc41e366750e0db9666bff56676de028b0ac59551becb22b0d521c5d4ed516
-
Filesize
72B
MD5094c0665dfc47b6a0812bb8ec0c53aec
SHA1577820b76609c1794a1850d17ac51c45133e6a10
SHA25679b7b5866fabf9c53cb098717fa663dacb91ffa62b8cc78fb1bb505fff9bcda6
SHA51234af8ba7db08b5b9eee00c3c0d1dce580e22117100eb6cb0b3d725e2265112ef2c84c4f5f054a5cf5f814217f81ef15aa269cc4b641ced8671fa5535a419c174
-
Filesize
72B
MD54e82e5f3f2bb16de848f3b1ecb6ab64b
SHA14d83f48af4356c70a92970dc56c2c408b01ab70d
SHA2568088d1b0755b7c8aa4f807007403c200ad99949c239291bfc34e6ff8bc4503a7
SHA51254a22533dc94349a7f21cd9310f73bd7b73c646f612ac186a08ecf0c494486d1ff063cc57fabef597979003829ff70f52792bce43aedf9ec93aec287530377df
-
Filesize
72B
MD506a006a55d4cd75a010d2dff56ce41db
SHA1f215ffc80520bf07a30518227a8f1e70510d454f
SHA2565b9cfe48e61f6f51ce8ab3423548453e4c83a831ae72355e889b58b9e249dfcc
SHA512e8f0ae70130d7ab6f5f4cf29b627e34c3ef357500b78f95e6a74936fe21d79ba5e67f3aac124b107c964dc1dc9d78ca56a975e0bea05db290cd5d897560622c0
-
Filesize
72B
MD5777aca00e8a8d52fe494981c5581f2e3
SHA18cd67b466647cf2999e9c0e43bf0b3d320411e10
SHA25621563362f52864434825549403525f7e2437d76e23a12fd0d4c6895754a0b63a
SHA512a3b62b99da7375df8a757ca102d9f7322c9d712956909e8777fbb0c449c6532c2dccbc845e4c9f14fa4386a388f82eb69f4c01942337e21df851d8ef8c76d591
-
Filesize
72B
MD54ec7eccc46a9224c4feb2ac7c424f1ff
SHA14b7ed7ea6eeb33b03ef4309db2cf343482296b5b
SHA2564b64e9915d5b3f3160cf62fd764cd76b58212b48df34320131c34c6ac0f9152d
SHA512178fa0e8617dfce40f727e3afcb38f570e55761d090e573db498b06add3ecb01f6b4d95c6a60119806fdae10f34b8aaf151aa2d65f06ee36186b3187ea225c34
-
Filesize
72B
MD5cc3d8cb6cfec51b9475e577017f122bd
SHA1d72eaaaba97d7a555598fde8aa3d9c5906552980
SHA256ff7d382f3cffd9e2f20d3242c41e810b29db2492722dc5949572bf28b847f51f
SHA512d24c094ebe618a0a009d1a34a530753c346156082bb8071757f1aa1b6be302cddf4a1725c1e43761d18e5d246900006bfaff3a23857efce24b6c6bdcaf38b6a7
-
Filesize
2KB
MD5a1899b941479add26fda98eaefffdf4b
SHA1f7d8f66ac3e46ef4d413f1349ff853e654e4e6cf
SHA2569744a52d2f2e79d5b5e68643c18a7744eb8ebe7ef0c834f8c9defe71a466978c
SHA512fef90837db0e0c5c199f7fbed2dcf54f5c10124e6ec9d6a7467cdf0087b3d652447b539ecd3fc9fa684b711565d97a706c8bab2be913dfb66f3482aaa226bdd0
-
Filesize
2KB
MD58d15e1e557d0a121cb677063241e4e95
SHA13ca0a017a637589902c6da246446f0aa06e91306
SHA256ca0d4e4a88cbbbfc514b976dc5414f4b34c0db9ea8a447b8067076d2f41603a2
SHA51282033d93b5d894caf9540d3f5553207812723fd2b20a8b6f7e9f1030ab6e028350685244ace81c7e01eb013743a93be15bab3435d214ea3f3235aab5802cb5c0
-
Filesize
552B
MD51e6d9814fa7f170e071cbb040863eae0
SHA198274332a15b0aa7096e1a4c6e8b2421d07447e3
SHA25675d32905e164fbf38a4abc8be83b36f081f05ea875ed824e54ffcd5a330e679c
SHA512129535b341207759abe00bc2477bf78476fd87b0a4ec5f16421439cc80f7c45714cdbeb229c3fab54b670b9185452656b14c7b696217888bbe293a1e0b600042
-
Filesize
552B
MD53e91cd38d9d824a6d6e191f3e231d192
SHA1105c2ae2ac0348a4cd0ead7b34abc61b9e2cbf41
SHA256f66513ea47eaf693e2dd4fbb6db73b4991bfbe5387d30386b180424fd3dd7919
SHA512aed8d159f52dbe47aff1d6601a73188e08f790af54a74d09599573e4f25c848101e4de76dec0e25d826410436b0c0b06386e2a075ca282ba29a75ea4f55440c6
-
Filesize
72B
MD56540431232fbec2e2954c3162787b827
SHA1479a565b8f68fc718e330e19703140cac9687f03
SHA256844f74165a04547c068eebb8296f4c2124eb801f1a15de1e41e53757feb4ca11
SHA5126ad6f2e4896669e68517d3c61865d603810d29f705fb74e99e53c38dcf3dcf7baddb5bf6307e3d7064e56a80326981ff995af4285fb4263866046d1d9b6a8ac1
-
Filesize
72B
MD59d46dc7231b48e0cae45e50608b9a27a
SHA1f904576e19e262e12b93ab5041caad1ed24f0e84
SHA256c4dd11feef87e775d80f4886818d1f59238ea48565a8698fdf2fc381f89a3538
SHA512d1aae5c9dee1b5ae57224ca5de5a29cccd49ef0f25fdfb8c4b62db4a3b2a47e5795ad4a4ab6be345a15da23f652f30a5698022c20868204cb28f642068fdaefe
-
Filesize
48B
MD549ba3964b80bef7d1fca37da97798fb2
SHA12c40a62dd80d356f5b30425736a2882673a9e25f
SHA256a2c7ae7b7776c496d3ce5e40703b3ffc4f0068be7374be2bf94469909958b92d
SHA5126eb432f30bb0846575d779993242732b2f600503893db0f5b36138c4f5c702530def450801a2aad709b8b33910ef1922f8e0ef0849a772456bb54202273aebd4
-
Filesize
322B
MD5e50d0743d41e85822110f159490ea9e8
SHA1a0781fb60d0befd13c33799026b1f184e2f88670
SHA25681fadd0aa5a935c5833d0206dd774c18113df380fdbae73a9f43f4ebf0ece3f6
SHA512c7a9d18b1340d14b5760df3d5d59d4292e414f73e4cfeb0acab066a5041b6fd6d0dc3cae5f95119df8fd1cec729293015ae252ca7d799aadad9d0c2ff770b4ef
-
Filesize
327B
MD57803d00b0da50f0472349f70f172c290
SHA198c138f9b51739256c8ee2d4c98536061070deec
SHA256dce76bb378c9f7a910957684e5d24390befed42945e54f4a3952c1371abc0cb7
SHA51287e59cf1acd458e6eb01d9e259588f0ddde81c22914d44364095a2a4d0b89487c298462847f35de72cc421d0a290a20aa2979c7064f222cbc47c96095da9cfa6
-
Filesize
322B
MD5618b7bcf5deca02d09328754536cf389
SHA138377300c532b50bece39b85931eb4f640c40844
SHA2568a66de4c208c23073996bc668f927f4b9ba25b6af72acb20c8abcf7ef2a3ecd6
SHA5122cf0d881ad4aa8c141b53b47571156590f2900931768ad266d117665dfba7df51b173dbc140bbbc9503dc5127f6f7ec91acca41c92e13bcd098ab222023380ed
-
Filesize
253B
MD5515b8d4a6c8007584c2d9e8d9b8ab994
SHA1615083942b024f94bfb9153c81004356f67daeb8
SHA256ab3be867204f5e21dc18d48ad4b41cdc521065418a9aa87b40b184fd7acd09ee
SHA512ae62dc2b8cce5a69857c5f0e61f48159b59e1b2029d48e4eb62903e35a9e73392726c0874e5f570bbf3a002c7da6ebe91ea4c79aa34ec03f593925856fe18850
-
Filesize
72B
MD58861622bfc3880a98b5de9296895941c
SHA13d8127e8207be88f20096962f765164fc22e3745
SHA25631971cadc1d7f27f05c8fc6f11323068499cb4b7c918edfa9ae7debd64ba73ca
SHA5129e2b0c6f16885b9e02ea6c1f0c162f6c20538c0cc14e7131922dfaeb9271b4196e80ace411f6c79dfb9dc17de9089a4acb18eae3bfcc354f3dcd033682c81462
-
Filesize
48B
MD54ea65e1377a4140e67f52f89cd3bd6bc
SHA18e503022d4276afc20c0cfea4f12b8b6170af518
SHA256d2859b79bb521426480e53b2d1bd72def12193861e1844fc00c5b05bcb49ed8e
SHA512017fb65e25e4728e49ccd3dccf48fb759d86dc4cf34afef23c75be0f3cc3b489a395934e050a4f0dd82fbd7f609de4d11da91823548d6b43da640554b3b2385b
-
Filesize
4KB
MD52167151ffe4ac17d1be87636a80d7f6b
SHA16ecf87fe8ffa7a4be0f7d47b14b0b737b98d1f9e
SHA25656364440a890df3373165925382a20e28ff55920e7be2f33ea6a13eddeeb1ce1
SHA512be45f3e3489533e9af6d2125751ec2c24ac0b1352fdec4c5293a1bb75f99e748ad869f27ad7690b91e7405c2deb341e8ac86d721e91c60190f60eb986b4f7314
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
1KB
MD5ba54c6482e77834febf824f4781ae69d
SHA1254aa81c2690c68b5ff72af369b05ff594ee7b0d
SHA25604d06fd72d03fa9748f30028f5b6bcaf046d8de8a0633493a96cc5b8cab03cfe
SHA51236816f0bec041ca935373ac255de2bb66dc647daecc980c7a71e4d2b8c0361ab54b5982dace18c18d4f21eff0749de2d5cf9443f4d6a69bcdb5497905ebd13b2
-
Filesize
22KB
MD5650e9334c4c2b1df2a30de8b71135993
SHA10559643b218c43fcce2183a814ac12385b9a80b7
SHA256a072d79625d42e80c5e634610800f68f8413b2560bef8f2716d3d63cd5841de0
SHA51247be63d7fe283458928e15ba43df9c18a908dd84be5ebb379db9434004ccceca8aa589f506fbecbe16b1f6840f3d45ca54fc78f087dc32f9b5feea8508ecbdba
-
Filesize
23KB
MD5d7bbc6947f74cff637b7dfb1886e29d6
SHA14f8b91a1d675b1d6cadfd1ef8f2d7dad2fea3dbe
SHA25655ab15e4062ddde6e76b2baae1462cff606eb18f8f0aae89e367987fd44399c7
SHA512f974cb6ce468958e2005cd734c5a04391fe37a683f0f47cd9a4acf99d875c0d2460994febabdbf39d5d8807bc8fc35651101f29d8c5beac812ca6f048f68e2d2
-
Filesize
876B
MD55c36041c63d290fb7a72fe48d37873be
SHA17a43406c312ec064c032afb8b943163df11b2580
SHA256c55b206b3728203dd495c7cfc1351f877c2c6e66e99cef3cae7844d55d503cf1
SHA512bcc695b54c2a85fe1cedf6e50792c40e28d7db4b15f0aa98d4ec38f572adeb92f26e66bd530b1e262689e478b6c367becd68918612454f6f2853ae45a232f8eb
-
Filesize
462B
MD5100c7c358df9a0fff46595a9f89fa341
SHA100f122d8375395e8966c9b6b9cae2183ea85b341
SHA25657764152d9aafd5ad8ad9f016e69b152fffbf69aa663ce93c5ca33f125efef56
SHA51283de395e648c1245785c0bf45c3eb32ceea916e22f132de8d4187fce0c0a64781da335e42eb588417a7d2ea1a2cd482cebf842a4fe77eb961596d5021bf8590b
-
Filesize
467B
MD555fa9ad713eefbafe6cbb0d042ed1f61
SHA1a89067bffd495ed8fc4f5aaf945b03c211917592
SHA2563d497ca0dbe5762420e521079c1d1b2c04f67d5d9f61a9b73aae5c78296edc72
SHA512bcce5c0a7960bb858a646a3b1c03f81be18606a0bc67b31e5be091eb1f596c6909ed01699d2da0760fad078704dfc3a28cc4a9d8bffb57a9476879aa82891e7a
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
264KB
MD586bb49ca8c23452231a210d129cb1938
SHA1876fadb331fcd32c146d2ba8245dcde424e4ed7a
SHA25624f2f9c74d3a815080ff43c85b3f2c02eca7ba10cf70b46026125c8d203a4027
SHA512a6dda0c839866daaddbd2bf90072ffb9707d6f6dda0a5a967bb63a2e67d13c33639779838b35f42c25edbaa1cf52aae0dc91ab63a0a6728c5729be41794e1d61
-
Filesize
48KB
MD51ea4cb40cdb036a5b2b8760e56b7040b
SHA166a4dfc5dab623347786beca193cc71004fc7f32
SHA2565c2fc344857806ab34d1c60b50eb45af25c9fe4ce9300bbbc86ab6186d1e7d2a
SHA51212f16977868b065b12b44f5e45da4d8aa661e933693cfe07cab0a2973aa7b93de1cad6d10ef94f3296351d629245a79b4c4f2f8884e74f1deed6bd93b9d7cba0
-
Filesize
44KB
MD5eef22936fe0f0ab057f732b3c4ad4e4e
SHA114cc3059cc443f6ee4efbb257e5798795f13e15a
SHA256545def74efd59b456098f3c4e9e089f901602bdbdb4d224fef7aeda82617354f
SHA512cfcec5f54aca276abbca2739d4d8e9ef5bb1da9084db5ac0aae6a239ad938480999f9352612f4574720502c124c113d1d91205dd91406fa62c88a7703ce47160
-
Filesize
6KB
MD58192fad6366affb13e03690499c774ee
SHA1f730d7f3625b2cf2244ab8ad8d31b08e77f9ddfa
SHA256e5d1b3ed524f0b3b9b2d0522e10d789d10d8cebc1e038293b423645543cb7163
SHA5127eb71bc4ce3a148c42d558f119409e64c8c0ec7f7ade5d1aa2f3db86d6f9cd9a6b76eec75fd3520870f756d90f9cd819e5d5d898088a1d1328ac6a4be9e055da
-
Filesize
30KB
MD53c376ac98e5dac417cd909135b72565a
SHA1f2240954c8e2fbedc759a88cf056c053167f50b8
SHA25638d0f7fb481a14f0b68e889aaf9e9885f6cf4a5fa3725034051f12faccb1d15f
SHA512c658df11238fea4f25e17dd5af4dc8ecb5e7ace9654a9f2e90094fd335bf4f44d13b9ddc943dec486bff4ed2a619d0ec5963cbc56a45b7137fa4f59693dc8091
-
Filesize
44KB
MD5f67a47423af8c92a537977be2a621aa2
SHA111ee0c87ca0b890cc5b3d1875aca55fc368c42b2
SHA256a7144048e4bb761c2a78f9577dc957cff9e29658eea6005fba5b32d8758528b9
SHA512bd27ea0f0dff3f59839ed0f9948aa9065a35c47ddcf562c2ffc43e1ca9168d3684e243adc17e48887326d63e9709e271e35cceb0e59ed16518d3b69e36fd8773
-
Filesize
39KB
MD59a2b82678089d1a919f0932548f31ae2
SHA1bbaec5ba6d3c6b16a1525871abb6c23ea4c72654
SHA256dd5273465f03838abe76f23a593e4c6ea5aa6b520a1817e88020a1bc93417ec6
SHA512620d94ce4f97a48b759f361a0d07b329ec0f7f7ab33bb6267fe6f238f31af89f9addc6e7bbd1c7aee177024a5b6ae015cafb1560f0fcc70f660431ae6c893ff0
-
Filesize
7KB
MD599f07684e1a44b7882e8c644a870154f
SHA1c557dbb7705da07a47701390133d55dc5b1666ba
SHA256d5c2496b9af14f40888dd3474a668fcc8b8b3dc71352d93d53a5cd65920cae47
SHA512bdaf0e5a1140e90c39f7de80fce2be0c9ce7bb9e6095c86132c81239a04b2507cb5089eded8250b85e6d1c1d5299d7385b77dce194a65374a9bd41c5af44fdf1
-
Filesize
40KB
MD50380dcb3b92e21086b3f05fd5ed12309
SHA12e773dd292b59cb463738a1a7988f867c3d74f14
SHA2564221b7312501c43bc7e221511da9287be67e42cb3caafa33691f3e3252d631a1
SHA51207ef5a8044aae312b43a3b2bf449e0c010cb416dcfd59bf6984c328c9117b123ddee8e0cbf1b02059d79d659fa7a1943850a5c555c8468123d2e24d81ee50c18
-
Filesize
392B
MD50feb7ef5f269570f471e974c22058748
SHA186b764343cfe9f13a64ec2c53c4547ae1771d980
SHA256aaa5653b5058aa962d90ec596d78eccfb713c2a15cd4be0d5d77c5f379edeb87
SHA5128a01282695f04717e9205624ec9f0c8bc3ceba393e51a652dc88c1b0f0ba84ebcacbea25695abe4625902d92c868649b18f7a8859a97487b93f248c0bce32891
-
Filesize
392B
MD500132be01c8ace4ae0459abdb5042fc1
SHA12c04c58144c23d54c4699f68304b12187dc47e56
SHA2567479ef2480f36ad816b0fbda3f82c08a584afb722ff291884a1b59604d945bf2
SHA512f1136267bc97d6018dae3d6a8180f6922d3519363e975d837857b5c39a3323a6af00ab201bc8c760b09b745a4549a31cf8ed9d315e7cc1ffdc21131c0c628dd5
-
Filesize
392B
MD5c3bef7f9907e10fb22de8995e992246a
SHA16442d7a4cc08c0f11dd232999a9a1f62a69e86c4
SHA256cd87d726046438d62f96d7171b5b7cad31334d51b6455da542dd059a362c2fbe
SHA512d990e1cb5ac68aa47130085da209440a30ac84d1d34b1cbb875500d74d990a9666554a4f2f16364fd0f1a8363c3634ac179cc6119f4ecd7ba5a4e6e70a703209
-
Filesize
392B
MD5ce317a32e3cc759036c85f6db9f9200e
SHA1389307a5f7ad3a1d06dfd1e9e1185cb846a8ff30
SHA25643cb6702c0c5fae8bb09cd61639a01c8bf0546f9e4bd66d14614b2bd992ef446
SHA512bbec2570092c26f99ab58a6b6c8b1c96a39e667ba57e1bb2d8ebf2c1a69d9522d74d91ec9ce09296343b31e44d4b1dbc825b75d87b48c90f3f746f6337cb30fe
-
Filesize
392B
MD51fe7d6d976cec901bde00fd345fe15e8
SHA1702743224f4d4b150e9a01c5c91d31e00c410c42
SHA2567e4a008d0d5cd52c79806f89d072a59fe6c599147b53d55dc4292a50e9bd22a4
SHA5128d5130a1662c256d045337f23180ccf591176e50e817f06ba7a709787e1f744bd86ba7793e1a5a16295d9509b83b6986571dbc5bd570e0cf682ee7cc51e69dd1
-
Filesize
392B
MD5403d9f0b78cc517ac891b78d31f8245e
SHA110b7130ac3a1482e4c8a6bd5aab9b8a241631459
SHA2567eac62d3243d5531294277edf763a188621ed1c017df7fa0571f989d37323353
SHA512988d0b650c48a5e09805fd9ea6978b59a0cbdf28f13d859e598aed6e4795b8d9122be71f1ce071b5bafcc23da15942d9a8e9a777da7fffe652f3edcd5f10fee0
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
392B
MD54ef35b9420aa5b287e1cdba85878854c
SHA15df34a712c92b3274602c997a5ecd4ded124b4ca
SHA2569e5e2f7ecbafdbe82fb35506690c968ccd5acef8a1c6b90305b832c414677b91
SHA512aaa1e010f5927ba738eb65a66a943b804b0e786afd981e9550937bdbaaa4b0bd101b77d2ebb7a4e9c3d3a3a5f62fe0fc8cc1495f8a6d1612b7b6a823994a95d2
-
Filesize
28KB
MD56a43cd166f9ab85800f4b54b3f060bd6
SHA1511ca90c4e7240821f18d792948d75a3871b4b31
SHA256f1c89d1af288337ca0b2087f1df57c9b1a89bbab0f9f2300f6c1e31367ae19d5
SHA5124312010bdf82d09243964063dde5a807cd85dd1f77f3af5fa2133a9ffb529a33c41df7a2ab26c3e3d9c60aff8b7064a6150b7db01d82a091bffcf2d9ae1af494
-
Filesize
327B
MD5c56bd7de4bfbf0e472e2f7c8a7a9ccf1
SHA1cdb4431e18bbd2109f6880e0da9d68d2c3b3bc97
SHA2562c1f943fc136a2b3ef411dd72e64de1e7827c716894d5a8af2ce14f4652f35a1
SHA5129750680d87e1395e341d9d43752459a428836bcb165399b0f428d279f7152d01be206b115fed6b90cce221d929b643e063405fb19b9e07713b9f732143fe8a0a
-
Filesize
15KB
MD5e6c00369989cae998c5d79f96e45cd56
SHA1c3ae7189680435be2324856d59a4252c0d56f7f7
SHA256ed2d62e6405f9a154d5cdf28fc98cae2fef300410eb749be65b29f8013c9873e
SHA51287959b32f16efee47811667336ccbd9bbf35b5c1ef22b1d6f26eb47c2c6c005366908792a514916f3963901227447b1836035ff4718e620caf57e7ee91bdf928
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
391KB
MD566996a076065ebdcdac85ff9637ceae0
SHA14a25632b66a9d30239a1a77c7e7ba81bb3aee9ce
SHA25616ca09ad70561f413376ad72550ae5664c89c6a76c85c872ffe2cb1e7f49e2aa
SHA512e42050e799cbee5aa4f60d4e2f42aae656ff98af0548308c8d7f0d681474a9da3ad7e89694670449cdfde30ebe2c47006fbdc57cfb6b357c82731aeebc50901c
-
Filesize
73KB
MD581e5c8596a7e4e98117f5c5143293020
SHA145b7fe0989e2df1b4dfd227f8f3b73b6b7df9081
SHA2567d126ed85df9705ec4f38bd52a73b621cf64dd87a3e8f9429a569f3f82f74004
SHA51205b1e9eef13f7c140eb21f6dcb705ee3aaafabe94857aa86252afa4844de231815078a72e63d43725f6074aa5fefe765feb93a6b9cd510ee067291526bb95ec6
-
Filesize
40KB
MD548c00a7493b28139cbf197ccc8d1f9ed
SHA1a25243b06d4bb83f66b7cd738e79fccf9a02b33b
SHA256905cb1a15eccaa9b79926ee7cfe3629a6f1c6b24bdd6cea9ccb9ebc9eaa92ff7
SHA512c0b0a410ded92adc24c0f347a57d37e7465e50310011a9d636c5224d91fbc5d103920ab5ef86f29168e325b189d2f74659f153595df10eef3a9d348bb595d830
-
Filesize
160KB
MD5237e13b95ab37d0141cf0bc585b8db94
SHA1102c6164c21de1f3e0b7d487dd5dc4c5249e0994
SHA256d19b6b7c57bcee7239526339e683f62d9c2f9690947d0a446001377f0b56103a
SHA5129d0a68a806be25d2eeedba8be1acc2542d44ecd8ba4d9d123543d0f7c4732e1e490bad31cad830f788c81395f6b21d5a277c0bed251c9854440a662ac36ac4cb
-
Filesize
60KB
MD5a334bbf5f5a19b3bdb5b7f1703363981
SHA16cb50b15c0e7d9401364c0fafeef65774f5d1a2c
SHA256c33beaba130f8b740dddb9980fe9012f9322ac6e94f36a6aa6086851c51b98de
SHA5121fa170f643054c0957ed1257c4d7778976c59748670afa877d625aaa006325404bc17c41b47be2906dd3f1e229870d54eb7aba4a412de5adedbd5387e24abf46
-
Filesize
64KB
MD57c5aefb11e797129c9e90f279fbdf71b
SHA1cb9d9cbfbebb5aed6810a4e424a295c27520576e
SHA256394a17150b8774e507b8f368c2c248c10fce50fc43184b744e771f0e79ecafed
SHA512df59a30704d62fa2d598a5824aa04b4b4298f6192a01d93d437b46c4f907c90a1bad357199c51a62beb87cd724a30af55a619baef9ecf2cba032c5290938022a
-
Filesize
60KB
MD54fbbaac42cf2ecb83543f262973d07c0
SHA1ab1b302d7cce10443dfc14a2eba528a0431e1718
SHA2566550582e41fc53b8a7ccdf9ac603216937c6ff2a28e9538610adb7e67d782ab5
SHA5124146999b4bec85bcd2774ac242cb50797134e5180a3b3df627106cdfa28f61aeea75a7530094a9b408bc9699572cae8cf998108bde51b57a6690d44f0b34b69e
-
Filesize
36KB
MD5b4ac608ebf5a8fdefa2d635e83b7c0e8
SHA1d92a2861d5d1eb67ab434ff2bd0a11029b3bd9a9
SHA2568414dfe399813b7426c235ba1e625bd2b5635c8140da0d0cfc947f6565fe415f
SHA5122c42daade24c3ff01c551a223ee183301518357990a9cb2cc2dd7bf411b7059ff8e0bf1d1aee2d268eca58db25902a8048050bdb3cb48ae8be1e4c2631e3d9b4
-
Filesize
60KB
MD59fafb9d0591f2be4c2a846f63d82d301
SHA11df97aa4f3722b6695eac457e207a76a6b7457be
SHA256e78e74c24d468284639faf9dcfdba855f3e4f00b2f26db6b2c491fa51da8916d
SHA512ac0d97833beec2010f79cb1fbdb370d3a812042957f4643657e15eed714b9117c18339c737d3fd95011f873cda46ae195a5a67ae40ff2a5bcbee54d1007f110a
-
Filesize
268KB
MD55c91bf20fe3594b81052d131db798575
SHA1eab3a7a678528b5b2c60d65b61e475f1b2f45baa
SHA256e8ce546196b6878a8c34da863a6c8a7e34af18fb9b509d4d36763734efa2d175
SHA512face50db7025e0eb2e67c4f8ec272413d13491f7438287664593636e3c7e3accaef76c3003a299a1c5873d388b618da9eaede5a675c91f4c1f570b640ac605d6
-
Filesize
28KB
MD50cbf0f4c9e54d12d34cd1a772ba799e1
SHA140e55eb54394d17d2d11ca0089b84e97c19634a7
SHA2566b0b57e5b27d901f4f106b236c58d0b2551b384531a8f3dad6c06ed4261424b1
SHA512bfdb6e8387ffbba3b07869cb3e1c8ca0b2d3336aa474bd19a35e4e3a3a90427e49b4b45c09d8873d9954d0f42b525ed18070b949c6047f4e4cdb096f9c5ae5d5
-
Filesize
8KB
MD5466d35e6a22924dd846a043bc7dd94b8
SHA135e5b7439e3d49cb9dc57e7ef895a3cd8d80fb10
SHA256e4ccf06706e68621bb69add3dd88fed82d30ad8778a55907d33f6d093ac16801
SHA51223b64ed68a8f1df4d942b5a08a6b6296ec5499a13bb48536e8426d9795771dbcef253be738bf6dc7158a5815f8dcc65feb92fadf89ea8054544bb54fc83aa247
-
Filesize
2KB
MD5e4a499b9e1fe33991dbcfb4e926c8821
SHA1951d4750b05ea6a63951a7667566467d01cb2d42
SHA25649e6b848f5a708d161f795157333d7e1c7103455a2f47f50895683ef6a1abe4d
SHA512a291bb986293197a16f75b2473297286525ac5674c08a92c87b5cc1f0f2e62254ea27d626b30898e7857281bdb502f188c365311c99bda5c2dd76da0c82c554a
-
Filesize
7KB
MD5b127d9187c6dbb1b948053c7c9a6811f
SHA1b3073c8cad22c87dd9b8f76b6ffd0c4d0a2010d9
SHA256bd1295d19d010d4866c9d6d87877913eee69e279d4d089e5756ba285f3424e00
SHA51288e447dd4db40e852d77016cfd24e09063490456c1426a779d33d8a06124569e26597bb1e46a3a2bbf78d9bffee46402c41f0ceb44970d92c69002880ddc0476
-
Filesize
52KB
MD5316999655fef30c52c3854751c663996
SHA1a7862202c3b075bdeb91c5e04fe5ff71907dae59
SHA256ea4ca740cd60d2c88280ff8115bf354876478ef27e9e676d8b66601b4e900ba0
SHA5125555673e9863127749fc240f09cf3fb46e2019b459ad198ba1dc356ba321c41e4295b6b2e2d67079421d7e6d2fb33542b81b0c7dae812fe8e1a87ded044edd44
-
Filesize
76KB
MD5e7cd26405293ee866fefdd715fc8b5e5
SHA16326412d0ea86add8355c76f09dfc5e7942f9c11
SHA256647f7534aaaedffa93534e4cb9b24bfcf91524828ff0364d88973be58139e255
SHA5121114c5f275ecebd5be330aa53ba24d2e7d38fc20bb3bdfa1b872288783ea87a7464d2ab032b542989dee6263499e4e93ca378f9a7d2260aebccbba7fe7f53999
-
Filesize
552KB
MD5497fd4a8f5c4fcdaaac1f761a92a366a
SHA181617006e93f8a171b2c47581c1d67fac463dc93
SHA25691cd76f9fa3b25008decb12c005c194bdf66c8d6526a954de7051bec9aae462a
SHA51273d11a309d8f1a6624520a0bf56d539cb07adee6d46f2049a86919f5ce3556dc031437f797e3296311fe780a8a11a1a37b4a404de337d009e9ed961f75664a25
-
Filesize
2KB
MD57210d5407a2d2f52e851604666403024
SHA1242fde2a7c6a3eff245f06813a2e1bdcaa9f16d9
SHA256337d2fb5252fc532b7bf67476b5979d158ca2ac589e49c6810e2e1afebe296af
SHA5121755a26fa018429aea00ebcc786bb41b0d6c4d26d56cd3b88d886b0c0773d863094797334e72d770635ed29b98d4c8c7f0ec717a23a22adef705a1ccf46b3f68
-
Filesize
4KB
MD54be7661c89897eaa9b28dae290c3922f
SHA14c9d25195093fea7c139167f0c5a40e13f3000f2
SHA256e5e9f7c8dbd47134815e155ed1c7b261805eda6fddea6fa4ea78e0e4fb4f7fb5
SHA5122035b0d35a5b72f5ea5d5d0d959e8c36fc7ac37def40fa8653c45a49434cbe5e1c73aaf144cbfbefc5f832e362b63d00fc3157ca8a1627c3c1494c13a308fc7f
-
Filesize
29KB
MD5c3e8aeabd1b692a9a6c5246f8dcaa7c9
SHA14567ea5044a3cef9cb803210a70866d83535ed31
SHA25638ae07eeb7909bda291d302848b8fe5f11849cf0d597f0e5b300bfed465aed4e
SHA512f74218681bd9d526b68876331b22080f30507898b6a6ebdf173490ca84b696f06f4c97f894cb6052e926b1eee4b28264db1ead28f3bc9f627b4569c1ddcd2d3e
-
Filesize
1.2MB
MD5ed98e67fa8cc190aad0757cd620e6b77
SHA10317b10cdb8ac080ba2919e2c04058f1b6f2f94d
SHA256e0beb19c3536561f603474e3d5e3c3dff341745d317bc4d1463e2abf182bb18d
SHA512ec9c3a71ca9324644d4a2d458e9ba86f90deb9137d0a35793e0932c2aa297877ed7f1ab75729fda96690914e047f1336f100b6809cbc7a33baa1391ed588d7f0
-
Filesize
11KB
MD580d09149ca264c93e7d810aac6411d1d
SHA196e8ddc1d257097991f9cc9aaf38c77add3d6118
SHA256382d745e10944b507a8d9c69ae2e4affd4acf045729a19ac143fa8d9613ccb42
SHA5128813303cd6559e2cc726921838293377e84f9b5902603dac69d93e217ff3153b82b241d51d15808641b5c4fb99613b83912e9deda9d787b4c8ccfbd6afa56bc9
-
Filesize
2KB
MD50a250bb34cfa851e3dd1804251c93f25
SHA1c10e47a593c37dbb7226f65ad490ff65d9c73a34
SHA25685189df1c141ef5d86c93b1142e65bf03db126d12d24e18b93dd4cc9f3e438ae
SHA5128e056f4aa718221afab91c4307ff87db611faa51149310d990db296f979842d57c0653cb23d53fea54a69c99c4e5087a2eb37daa794ba62e6f08a8da41255795
-
Filesize
40KB
MD51587bf2e99abeeae856f33bf98d3512e
SHA1aa0f2a25fa5fc9edb4124e9aa906a52eb787bea9
SHA256c9106198ecbd3a9cab8c2feff07f16d6bb1adfa19550148fc96076f0f28a37b0
SHA51243161c65f2838aa0e8a9be5f3f73d4a6c78ad8605a6503aae16147a73f63fe985b17c17aedc3a4d0010d5216e04800d749b2625182acc84b905c344f0409765a
-
Filesize
161B
MD5ea7df060b402326b4305241f21f39736
SHA17d58fb4c58e0edb2ddceef4d21581ff9d512fdc2
SHA256e4edc2cb6317ab19ee1a6327993e9332af35cfbebaff2ac7c3f71d43cfcbe793
SHA5123147615add5608d0dce7a8b6efbfb19263c51a2e495df72abb67c6db34f5995a27fde55b5af78bbd5a6468b4065942cad4a4d3cb28ab932aad9b0f835aafe4d0
-
Filesize
46B
MD5f80e36cd406022944558d8a099db0fa7
SHA1fd7e93ca529ed760ff86278fbfa5ba0496e581ce
SHA2567b41e5a6c2dd92f60c38cb4fe09dcbe378c3e99443f7baf079ece3608497bdc7
SHA512436e711ede85a02cd87ea312652ddbf927cf8df776448326b1e974d0a3719a9535952f4d3cc0d3cd4e3551b57231d7e916f317b119ab670e5f47284a90ab59a2
-
Filesize
254KB
MD5e3b7d39be5e821b59636d0fe7c2944cc
SHA100479a97e415e9b6a5dfb5d04f5d9244bc8fbe88
SHA256389a7d395492c2da6f8abf5a8a7c49c3482f7844f77fe681808c71e961bcae97
SHA5128f977c60658063051968049245512b6aea68dd89005d0eefde26e4b2757210e9e95aabcef9aee173f57614b52cfbac924d36516b7bc7d3a5cc67daae4dee3ad5
-
Filesize
78B
MD5f6f150a09e36ae33d1f1b3958b605f82
SHA1f3d1ea66be79c5f54eac286c84d61b72f9447fac
SHA256adbd5542c549b8d2f46a87e4c55cc50a988af7c497ed0d18723dbbd3030125f9
SHA512acf76d4635cc4819b38d191288d0297613496da52a1c7fe02d95d323b7d38c5c09175667ce5938e3e494e01559f6acc73f6bd2cc22fd7d2c43be11fd903a92eb
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
1KB
MD564eaeb92cb15bf128429c2354ef22977
SHA145ec549acaa1fda7c664d3906835ced6295ee752
SHA2564f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c
SHA512f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def
-
Filesize
854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
1KB
MD52a738ca67be8dd698c70974c9d4bb21b
SHA145a4086c876d276954ffce187af2ebe3dc667b5f
SHA256b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e
SHA512f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
45KB
MD57bf87143a96bc688026d7be1e2fdcd86
SHA1f31fa030e4c409874bb5a3f3265f07265a913b39
SHA2560d5f08eb7f9c86c47ba5b04e21039cf8a1f82d5ed92075498cbbdde849df6f2a
SHA5127b497cddd2d2e97301549b24babf278a2f472631e4a46366cd0967e88561f6d476da54248182702aedd24af514de8726db219c2cef74a2f847a360a0acb492bb
-
Filesize
2.7MB
MD509e0e68fc7650ca68899739080709f91
SHA1a665ac359ef3f782b78484a71a266e50a71567ad
SHA256bf83bce7085b016b5dbd65308c92efa9b87b17da561f490a1a17ef96c3d93dac
SHA51288697e3c474c75cfe7d46e8e092f826e2cc9149d797d0fda250fdeb66b9a8926ece65c13a7880acbf3e410c003181340a60dda1133a90dcd5f6a2b47a6afa3ff
-
Filesize
5.6MB
MD55a273d563a46a285b5e6852ed76f0cf1
SHA19b55757bb1dacda899aaebd291e24f82e5ef39f0
SHA2566fc9ea10d0b13d28e3518f9fea1ff2d3f65ebedc4a38b16fc68ac935c4647a10
SHA5121c38b1df28d6ec9afd03730b8f28c015cf464f1d64d1cb37f35a87c42530f8bd517ddbe7fb62a880b0365d7d88ee866d6c333ddd0818d38fe95ef52f5b9808f0
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
323KB
MD5fc9a825f9d890c48a1680ba6edb404b6
SHA1187ad9c4164e57674f770b05a22d62a12eb86c6f
SHA25624e74afd2f0d567fb433a84af7065770ba4f75825bf071dc5862eee78009bdd1
SHA5122b7f1b102ebc42eb5524a1e689254ed31540c53f2e268e8506315aacf1ec103eecd36d7c3462011bd424ce664f348f2ae1c52345d071942c68bfa8cd62f7ab79
-
Filesize
3.6MB
MD512e64891469fce7d79caab048bdbb0e2
SHA19578b45d5a9e99cae95be7845681644ae391c836
SHA2569a266e4fcc51599d067973e962a077972339cd5cdf97ba2b6b8f8da93697905c
SHA512ea20aadf0ffdbf24f5c3e1f63b00bdf67d5e8d369fd63dd5c5e131ab288f6dc5e68fbcf7a19eafb57dea641cd5aaed58625d7323a7bfdb6b6b1e972b413d6247
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
28KB
MD5f1656b80eaae5e5201dcbfbcd3523691
SHA16f93d71c210eb59416e31f12e4cc6a0da48de85b
SHA2563f8adc1e332dd5c252bbcf92bf6079b38a74d360d94979169206db34e6a24cd2
SHA512e9c216b9725bd419414155cfdd917f998aa41c463bc46a39e0c025aa030bc02a60c28ac00d03643c24472ffe20b8bbb5447c1a55ff07db3a41d6118b647a0003
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
1024KB
-
Filesize
128KB
-
Filesize
764KB
-
Filesize
764KB
-
Filesize
1.1MB
-
Filesize
296KB
-
Filesize
764KB
-
Filesize
6.0MB
-
Filesize
1.3MB
-
Filesize
576KB
-
Filesize
776KB
-
Filesize
64KB
-
Filesize
1.4MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
96KB
-
Filesize
576KB
-
Filesize
6.0MB
-
Filesize
1.3MB
-
Filesize
6.0MB
-
Filesize
1.4MB
-
Filesize
6.0MB