reg.exe reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" /v "AutoRun" /f
2528takeown.exe takeown /f C:\Windows\system32\cmd.exe /a
2572cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2620cacls.exe cacls C:\Windows\system32\cmd.exe /g Administrators:f
2656cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2712cacls.exe cacls C:\Windows\system32\cmd.exe /e /g Users:r
2748cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2804cacls.exe cacls C:\Windows\system32\cmd.exe /e /g Administrators:r
2840cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2900cacls.exe cacls C:\Windows\system32\cmd.exe /e /d SERVICE
2936cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2992cacls.exe cacls C:\Windows\system32\cmd.exe /e /d mssqlserver
3028cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2116cacls.exe cacls C:\Windows\system32\cmd.exe /e /d "network service"
1156cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2420cacls.exe cacls C:\Windows\system32\cmd.exe /e /g system:r
2500cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2560cacls.exe cacls C:\Windows\system32\cmd.exe /e /d mssql$sqlexpress
2616takeown.exe takeown /f C:\Windows\SysWOW64\cmd.exe /a
2648cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2704cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /g Administrators:f
2764cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2860cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /g Users:r
2920cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2988cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /g Administrators:r
3048cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
948cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /d SERVICE
2404cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2432cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /d mssqlserver
416cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
748cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /d "network service"
2716cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2892cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /g system:r
1228cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
2132cacls.exe cacls C:\Windows\SysWOW64\cmd.exe /e /d mssql$sqlexpress
2124takeown.exe takeown /f C:\Windows\system32\net.exe /a
2600cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2728cacls.exe cacls C:\Windows\system32\net.exe /g Administrators:f
2832cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2092cacls.exe cacls C:\Windows\system32\net.exe /e /g Users:r
3044cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2556cacls.exe cacls C:\Windows\system32\net.exe /e /g Administrators:r
2660cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
912cacls.exe cacls C:\Windows\system32\net.exe /e /d SERVICE
2612cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2676cacls.exe cacls C:\Windows\system32\net.exe /e /d mssqlserver
1072cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3020cacls.exe cacls C:\Windows\system32\net.exe /e /d "network service"
1044cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3084cacls.exe cacls C:\Windows\system32\net.exe /e /d system
3120cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3176cacls.exe cacls C:\Windows\system32\net.exe /e /d mssql$sqlexpress
3212takeown.exe takeown /f C:\Windows\SysWOW64\net.exe /a
3268cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3312cacls.exe cacls C:\Windows\SysWOW64\net.exe /g Administrators:f
3348cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3404cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /g Users:r
3440cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3496cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /g Administrators:r
3532cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3588cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d SERVICE
3624cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3680cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d mssqlserver
3716cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3772cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d "network service"
3808cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3864cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d system
3900cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3956cacls.exe cacls C:\Windows\SysWOW64\net.exe /e /d mssql$sqlexpress
3992takeown.exe takeown /f C:\Windows\system32\net1.exe /a
4048cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2512cacls.exe cacls C:\Windows\system32\net1.exe /g Administrators:f
3112cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3236cacls.exe cacls C:\Windows\system32\net1.exe /e /g Users:r
3324cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3420cacls.exe cacls C:\Windows\system32\net1.exe /e /g Administrators:r
3484cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3564cacls.exe cacls C:\Windows\system32\net1.exe /e /d SERVICE
3620cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3696cacls.exe cacls C:\Windows\system32\net1.exe /e /d mssqlserver
3684cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3852cacls.exe cacls C:\Windows\system32\net1.exe /e /d "network service"
3892cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3988cacls.exe cacls C:\Windows\system32\net1.exe /e /d system
4044cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3116cacls.exe cacls C:\Windows\system32\net1.exe /e /d mssql$sqlexpress
3188takeown.exe takeown /f C:\Windows\SysWOW64\net1.exe /a
3392cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3444cacls.exe cacls C:\Windows\SysWOW64\net1.exe /g Administrators:f
3408cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
1972cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /g Users:r
3760cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3876cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /g Administrators:r
3972cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3984cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d SERVICE
3008cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3456cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d mssqlserver
3600cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3740cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d "network service"
3812cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3104cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d system
3228cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3656cacls.exe cacls C:\Windows\SysWOW64\net1.exe /e /d mssql$sqlexpress
3536takeown.exe takeown /f C:\Windows\system32\mshta.exe /a
3896cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4088cacls.exe cacls C:\Windows\system32\mshta.exe /g Administrators:f
3828cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3372cacls.exe cacls C:\Windows\system32\mshta.exe /e /g Users:r
3732cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
3568cacls.exe cacls C:\Windows\system32\mshta.exe /e /g Administrators:r
3340cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
2176cacls.exe cacls C:\Windows\system32\mshta.exe /e /d SERVICE
4120cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4176cacls.exe cacls C:\Windows\system32\mshta.exe /e /d mssqlserver
4212cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4268cacls.exe cacls C:\Windows\system32\mshta.exe /e /d "network service"
4304cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4360cacls.exe cacls C:\Windows\system32\mshta.exe /e /d system
4396cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4452cacls.exe cacls C:\Windows\system32\mshta.exe /e /d mssql$sqlexpress
4488takeown.exe takeown /f C:\Windows\SysWOW64\mshta.exe /a
4544cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4588cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /g Administrators:f
4624cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4680cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /g Users:r
4716cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4772cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /g Administrators:r
4808cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4864cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d SERVICE
4900cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4968cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d mssqlserver
5004cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5060cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d "network service"
5096cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4152cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d system
4196cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4280cacls.exe cacls C:\Windows\SysWOW64\mshta.exe /e /d mssql$sqlexpress
4348takeown.exe takeown /f C:\Windows\system32\FTP.exe /a
4432cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4504cacls.exe cacls C:\Windows\system32\FTP.exe /g Administrators:f
4564cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4648cacls.exe cacls C:\Windows\system32\FTP.exe /e /g Users:r
4696cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4792cacls.exe cacls C:\Windows\system32\FTP.exe /e /g Administrators:r
4844cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4936cacls.exe cacls C:\Windows\system32\FTP.exe /e /d SERVICE
4980cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5076cacls.exe cacls C:\Windows\system32\FTP.exe /e /d mssqlserver
4140cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4256cacls.exe cacls C:\Windows\system32\FTP.exe /e /d "network service"
4336cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4400cacls.exe cacls C:\Windows\system32\FTP.exe /e /d system
4492cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4592cacls.exe cacls C:\Windows\system32\FTP.exe /e /d mssql$sqlexpress
4660takeown.exe takeown /f C:\Windows\SysWOW64\FTP.exe /a
4884cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5036cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /g Administrators:f
5112cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5064cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /g Users:r
4420cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4572cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /g Administrators:r
4740cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4852cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d SERVICE
5052cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4320cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d mssqlserver
4532cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
4628cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d "network service"
4932cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4372cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d system
4684cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5080cacls.exe cacls C:\Windows\SysWOW64\FTP.exe /e /d mssql$sqlexpress
4208takeown.exe takeown /f C:\Windows\system32\wscript.exe /a
4668cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
4232cacls.exe cacls C:\Windows\system32\wscript.exe /g Administrators:f
4296cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5164cacls.exe cacls C:\Windows\system32\wscript.exe /e /g Users:r
5200cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5256cacls.exe cacls C:\Windows\system32\wscript.exe /e /g Administrators:r
5292cacls.exe cacls C:\Windows\system32\wscript.exe /e /d SERVICE
5384cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5348cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5440cacls.exe cacls C:\Windows\system32\wscript.exe /e /d mssqlserver
5476cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5532cacls.exe cacls C:\Windows\system32\wscript.exe /e /d "network service"
5568cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5624cacls.exe cacls C:\Windows\system32\wscript.exe /e /d system
5660cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5716cacls.exe cacls C:\Windows\system32\wscript.exe /e /d mssql$sqlexpress
5752takeown.exe takeown /f C:\Windows\SysWOW64\wscript.exe /a
5808cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5852cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /g Administrators:f
5888cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5944cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /g Users:r
5980cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6036cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /g Administrators:r
6072cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6128cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d SERVICE
4116cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5236cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d mssqlserver
5284cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5360cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d "network service"
5388cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5444cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d system
5564cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5652cacls.exe cacls C:\Windows\SysWOW64\wscript.exe /e /d mssql$sqlexpress
5712takeown.exe takeown /f C:\Windows\system32\cscript.exe /a
5796cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5864cacls.exe cacls C:\Windows\system32\cscript.exe /g Administrators:f
5932cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6016cacls.exe cacls C:\Windows\system32\cscript.exe /e /g Users:r
6064cacls.exe cacls C:\Windows\system32\cscript.exe /e /g Administrators:r
5216cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6140cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5168cacls.exe cacls C:\Windows\system32\cscript.exe /e /d SERVICE
5436cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5544cacls.exe cacls C:\Windows\system32\cscript.exe /e /d mssqlserver
5636cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5784cacls.exe cacls C:\Windows\system32\cscript.exe /e /d "network service"
5868cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5996cacls.exe cacls C:\Windows\system32\cscript.exe /e /d system
6108cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5196cacls.exe cacls C:\Windows\system32\cscript.exe /e /d mssql$sqlexpress
5232takeown.exe takeown /f C:\Windows\SysWOW64\cscript.exe /a
5552cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5736cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /g Administrators:f
5788cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6028cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /g Users:r
5160cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5452cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /g Administrators:r
5644cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5976cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d SERVICE
6068cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5328cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d mssqlserver
5252cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
3396cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d "network service"
3180cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
5132cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d system
3284cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
5340cacls.exe cacls C:\Windows\SysWOW64\cscript.exe /e /d mssql$sqlexpress
5812takeown.exe takeown /f C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /a
5480cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6176cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
6212cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6268cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
6304cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6360cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
6396cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6452cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
6488cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6544cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
6580cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6636cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
6672cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6732cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d system
6768cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6824cacls.exe cacls C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
6860takeown.exe takeown /f C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /a
6916cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6960cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
6996cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7052cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
7088cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7144cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
6160cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6244cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
6300cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6372cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
6364cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6532cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
6572cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6668cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d system
6728cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6736cacls.exe cacls C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
6884takeown.exe takeown /f C:\ProgramData /a
6944cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7012cacls.exe cacls C:\ProgramData /g Administrators:f
7064cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7164cacls.exe cacls C:\ProgramData /e /g Users:r
6208cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6356cacls.exe cacls C:\ProgramData /e /g Administrators:r
6412cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6536cacls.exe cacls C:\ProgramData /e /d SERVICE
6648cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6788cacls.exe cacls C:\ProgramData /e /d mssqlserver
6852cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6992cacls.exe cacls C:\ProgramData /e /d "network service"
7112cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6264cacls.exe cacls C:\ProgramData /e /d system
6336cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
6448cacls.exe cacls C:\ProgramData /e /d mssql$sqlexpress
6692takeown.exe takeown /f C:\Users\Public /a
6908cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7040cacls.exe cacls C:\Users\Public /g Administrators:f
2012cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6524cacls.exe cacls C:\Users\Public /e /g Users:r
6700cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6972cacls.exe cacls C:\Users\Public /e /g Administrators:r
6340cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6632cacls.exe cacls C:\Users\Public /e /d SERVICE
6804cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
6600cacls.exe cacls C:\Users\Public /e /d mssqlserver
7048cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
7196cacls.exe cacls C:\Users\Public /e /d "network service"
7232cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo y"
7288cacls.exe cacls C:\Users\Public /e /d system
7324cmd.exe C:\Windows\system32\cmd.exe /S /D /c" echo Y"
7380cacls.exe cacls C:\Users\Public /e /d mssql$sqlexpress
7416AddInProcess32.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
7492