Process "icacls.exe" with commandline "icacls "%WINDIR%\winsxs\x86_microsoft-windows-whoami_31bf3856ad364e35_.16385_none_ce52d479e329be32\whoami.exe" /grant "everyone":(f)" ( Show Process) Process "icacls.exe" with commandline "icacls "%WINDIR%\winsxs\x86_microsoft-windows-waitfor_31bf3856ad364e35_.16385_none_b63c0c04dc872e59\waitfor.exe" /grant "everyone":(f)" ( Show Process) Process "icacls.exe" with commandline "icacls "%WINDIR%\winsxs\x86_microsoft-windows-w.sition-uicomponents_31bf3856ad364e35_.17514_none_d0fbe940e38daf1f\wiaacmgr.exe" /grant "everyone":(f)" ( Show Process) Process "icacls.exe" with commandline "icacls "%WINDIR%\winsxs\x86_microsoft-windows-w.ommand-line-utility_31bf3856ad364e35_.16385_none_a1802b822e2a878c\WMIC.exe" /grant "everyone":(f)" ( Show Process) Process "icacls.exe" with commandline "icacls "%WINDIR%\winsxs\x86_microsoft-windows-w.ion-twaincomponents_31bf3856ad364e35_.17514_none_8b399e33ba72bed9\twunk_32.exe" /grant "everyone":(f)" ( Show Process) Process "icacls.exe" with commandline "icacls "%WINDIR%\winsxs\x86_microsoft-windows-w.ion-twaincomponents_31bf3856ad364e35_.17514_none_8b399e33ba72bed9\twunk_16.exe" /grant "everyone":(f)" ( Show Process) Process "icacls.exe" with commandline "icacls "%WINDIR%\winsxs\x86_microsoft-windows-vssadmin_31bf3856ad364e35_.16385_none_c453ab9392f73dca\vssadmin.exe" /grant "everyone":(f)" ( Show Process) Process "icacls.exe" with commandline "icacls "%WINDIR%\winsxs\x86_microsoft-windows-verclsid_31bf3856ad364e35_.16385_none_bbbd275974c7e191\verclsid.exe" /grant "everyone":(f)" ( Show Process) Process "icacls.exe" with commandline "icacls %WINDIR%\MsAgent /c /t /grant "everyone":(f)" ( Show Process) Terminates other processes using tskill/taskkill Reads terminal service related keys (often RDP related)Īdversaries may stop or disable services on a system to render those services unavailable to legitimate users.
#Bonzify Download Link software
Reads the registry for installed applicationsĪn adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.Ĭontains ability to read software policiesĪdversaries may use Valid Accounts to log into a computer using the Remote Desktop Protocol (RDP).
Monitors specific registry key for changes Reads information about supported languages
#Bonzify Download Link windows
Installs hooks/patches the running processĪdversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software. Grants permissions using icacls (DACL modification)Īdversaries may hook into Windows application programming interface (API) functions to collect user credentials. Modifies the access control lists of files Windows File and Directory Permissions ModificationĪdversaries may modify file or directory permissions/attributes to evade access control lists (ACLs) and access protected files.
Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution.Īdversaries may abuse the Windows command shell for execution.Īdversaries may abuse command and script interpreters to execute commands, scripts, or binaries.Īdversaries may perform software packing or virtual machine software protection to conceal their code.Īdversaries may delete files left behind by the actions of their intrusion activity.