Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /f /im taskger.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im svchoste.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im lasaa.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im splwow64.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im 8639a.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im svchostt.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im System.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ju.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im tvnbc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im Server.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im hex123.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im apple.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im csrs.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im hexfgf.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im usersrv.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im notepad.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im networkservice.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im https.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im Down.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im s.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im powershell.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im TQQ.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im sysguard.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im lsma12.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im downs.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im svchostl.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im 1433.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im MSSQLS.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im msasc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im WUDFhost.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im lsma*.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ssssssss.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im smsser.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im taskmgzr.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im cmd.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im mshta.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im drwtsn32.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im SQLAGENTSUW.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im rnaphin.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im p.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im TrustedInsteller.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im alger.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im regini.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im windowslsmer.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im wshom.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im postgres.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im smss.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im ali.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im suup.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im asdg.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im tool.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im SvidaPctb.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im msinfo.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im WavesSys.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im WUDFhosts.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im sc.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im SvidaPaun.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im vsjitdebugger.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im cacls.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im iexplore.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im 123.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im hexscvhost.exe
- '%WINDIR%\syswow64\taskkill.exe' /f /im user.exe
- %WINDIR%\syswow64\cmd.exe
- <SYSTEM32>\wudfhost.exe
- iexplore.exe
- ClassName: '' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im taskger.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im rundll32.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im 1.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im 1433.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im a1433.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im cscript.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im msasc.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im steam.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im mm.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im rundlls.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\Do.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %WINDIR%\Cursors\wudfhosts.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\TQP.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\MSSQLS.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\r.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\x.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\https.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\s.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\winsql.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im wuauclt.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im network.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im nmqby.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im wudfhosts.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im TQQ.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im Down.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im svchostl.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im ssssssss.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im https.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im s.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im TQP.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im MSSQLS.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im networkservice.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im downs.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im sysguard.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im sysupdate.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im lsma12.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im lsma*.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im sppextcomobj.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im notepad.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im user.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im ermbi.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im server.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\usersrv.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\expl0rer.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\Down.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\s.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\winsql.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\Do.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\vget.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\usersrv.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\expl0rer.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\Down.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\x.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\https.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\TQQ.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\config.json' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.txt' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.json' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.ini' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\svchostl.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\ssssssss.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\r.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\MSSQLS.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\TQP.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\svchostl.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\ssssssss.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\config.json' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %WINDIR%\inf\aspnet\*' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q c:\backup\*' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\users\public\libraries\*' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q c:\kugou\*' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q d:\kugou\*' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\TQQ.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q e:\kugou\*' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.dll' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.txt' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.bat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.json' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.ini' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\*.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q <Drive name for removable media>:\kugou\*' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im expl0rer.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im dwmer.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im powershell.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im cscript.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im wscript.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im csql.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ping.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im nvtray.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im rnaphin.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im schtasks.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im powershell.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im fpp.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im alger.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im p.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im net.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im cacls.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im regini.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im windowslsmer.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im TrustedInsteller.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im wshom.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im postgres.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im net1.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ftp.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im mshta.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im ftp.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\taskger.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\taskger.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im taskmgzr.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\taskmgzr.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\taskmgzr.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\vget.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\vget.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im cmd.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im fpp.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im secedit.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im p.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\winsql.dat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\winsql.dat' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im SQLAGENTSPW.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im SQLAGENTSUW.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ntvdm.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im drwtsn32.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ws.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ntsd.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im smsser.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im asdg.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im tool.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im csrs.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im 8639a.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im lasaa.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im hexfgf.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\vget.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\taskger.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\8639a.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im System.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im Server.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\ju.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\vget.vbs' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\8639a.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\ju.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\lasaa.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\taskger.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\svchoste.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im mshta.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\lasaa.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\svchoste.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im tvnbc.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im apple.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im svchostt.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im suup.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im sc.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im hexscvhost.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im SvidaPaun.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im SvidaPctb.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im WavesSys.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im msinfo.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im WUDFhosts.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im smss.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im WUDFhost.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im 123.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im hex123.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ali.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im iexplore.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ssssssss.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ju.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im splwow64.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im svchoste.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im vsjitdebugger.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im usersrv.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\*.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im taskger.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im rundll32.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im 1.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im 1433.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im a1433.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im cscript.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im msasc.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im steam.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im mm.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im rundlls.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\Do.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %WINDIR%\Cursors\wudfhosts.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\TQP.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\MSSQLS.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\r.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\x.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\https.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\s.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\winsql.bat
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im wuauclt.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im network.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im nmqby.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im wudfhosts.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im TQQ.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im Down.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im svchostl.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im ssssssss.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im https.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im s.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im TQP.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im MSSQLS.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im networkservice.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im downs.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im sysguard.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im sysupdate.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im lsma12.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im lsma*.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im sppextcomobj.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im notepad.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im user.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im ermbi.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im server.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\usersrv.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\expl0rer.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\Down.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\s.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\winsql.bat
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\Do.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\vget.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\usersrv.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\expl0rer.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\Down.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\x.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\https.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\TQQ.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\config.json
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.dll
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.txt
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.bat
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.json
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.ini
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\svchostl.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\ssssssss.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\r.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\MSSQLS.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\TQP.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\svchostl.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\ssssssss.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\config.json
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %WINDIR%\inf\aspnet\*
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q c:\backup\*
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\users\public\libraries\*
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q c:\kugou\*
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q d:\kugou\*
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\TQQ.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q e:\kugou\*
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.dll
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.txt
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.bat
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.json
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.ini
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\*.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\*.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q <Drive name for removable media>:\kugou\*
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im expl0rer.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\*.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im dwmer.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im powershell.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im cscript.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im wscript.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im csql.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ping.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im nvtray.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im rnaphin.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im schtasks.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im powershell.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im fpp.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im alger.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im p.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im net.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im cacls.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im regini.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im windowslsmer.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im TrustedInsteller.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im wshom.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im postgres.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im net1.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ftp.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im mshta.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im ftp.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\taskger.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\taskger.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im taskmgzr.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\taskmgzr.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\taskmgzr.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\vget.vbs
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\vget.vbs
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im cmd.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im fpp.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im secedit.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im p.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q %PROGRAMDATA%\winsql.dat
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\RECYCLER\winsql.dat
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im SQLAGENTSPW.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im SQLAGENTSUW.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ntvdm.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im drwtsn32.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ws.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ntsd.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im smsser.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im asdg.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im tool.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im csrs.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im 8639a.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im lasaa.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im hexfgf.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\vget.vbs
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\taskger.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\8639a.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im System.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im Server.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\ju.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\vget.vbs
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\8639a.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\ju.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\lasaa.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\taskger.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q C:\RECYCLER\svchoste.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im mshta.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\lasaa.exe
- '%WINDIR%\syswow64\cmd.exe' /cdel /f /a /q %PROGRAMDATA%\svchoste.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im tvnbc.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im apple.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im svchostt.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im suup.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im sc.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im hexscvhost.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im SvidaPaun.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im SvidaPctb.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im WavesSys.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im msinfo.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im WUDFhosts.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im smss.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im WUDFhost.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im 123.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im hex123.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ali.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im iexplore.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ssssssss.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im ju.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im splwow64.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im svchoste.exe
- '%WINDIR%\syswow64\cmd.exe' /ctaskkill /f /im vsjitdebugger.exe
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /f /im usersrv.exe
- '%WINDIR%\syswow64\cmd.exe' /c del /f /a /q C:\*.exe